From a4d1681c386be47713a8560a32a3de80f42629b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Numbus?= Date: Sun, 4 Jan 2026 09:42:18 +0100 Subject: [PATCH] Secrets now working. Try to get disks to mount correctly. --- templates/nix-config/disks/content.nix | 1 + templates/nix-config/disks/parity.nix | 1 + templates/nix-config/podman/frigate.nix | 4 +- templates/nix-config/podman/gitea.nix | 4 +- .../nix-config/podman/home-assistant.nix | 4 +- templates/nix-config/podman/immich.nix | 4 +- templates/nix-config/podman/it-tools.nix | 4 +- templates/nix-config/podman/nextcloud.nix | 4 +- templates/nix-config/podman/passbolt.nix | 4 +- templates/nix-config/podman/pi-hole.nix | 4 +- templates/nix-config/podman/traefik.nix | 4 +- templates/nix-config/sops-nix/secrets.yaml | 108 +++++++++--------- 12 files changed, 74 insertions(+), 72 deletions(-) diff --git a/templates/nix-config/disks/content.nix b/templates/nix-config/disks/content.nix index 08036bd..098bebe 100644 --- a/templates/nix-config/disks/content.nix +++ b/templates/nix-config/disks/content.nix @@ -13,6 +13,7 @@ settings = { keyFile = "/etc/secrets/disks/content-${j}"; allowDiscards = ${ALLOW_DISCARDS:-false}; + options = [ "noauto" ]; }; content = { type = "filesystem"; diff --git a/templates/nix-config/disks/parity.nix b/templates/nix-config/disks/parity.nix index 6831500..f5ab044 100644 --- a/templates/nix-config/disks/parity.nix +++ b/templates/nix-config/disks/parity.nix @@ -13,6 +13,7 @@ settings = { keyFile = "/etc/secrets/disks/parity-${j}"; allowDiscards = ${ALLOW_DISCARDS:-false}; + options = [ "noauto" ]; }; content = { type = "filesystem"; diff --git a/templates/nix-config/podman/frigate.nix b/templates/nix-config/podman/frigate.nix index c74b33e..579314d 100644 --- a/templates/nix-config/podman/frigate.nix +++ b/templates/nix-config/podman/frigate.nix @@ -55,8 +55,8 @@ in systemd.services.frigate = { description = "Podman container : ${container_name}"; - after = [ "network.target" "traefik.service" ]; - requires = [ "network.target" ]; + requires = [ "podman.socket" ]; + after = [ "network.target" "traefik.service" "podman.socket" ]; wantedBy = ["multi-user.target"]; path = [ pkgs.podman-compose ]; diff --git a/templates/nix-config/podman/gitea.nix b/templates/nix-config/podman/gitea.nix index dc0665a..28bb456 100644 --- a/templates/nix-config/podman/gitea.nix +++ b/templates/nix-config/podman/gitea.nix @@ -69,8 +69,8 @@ in systemd.services.gitea = { description = "Podman container : ${container_name}"; - after = [ "network.target" "traefik.service" ]; - requires = [ "network.target" ]; + requires = [ "podman.socket" ]; + after = [ "network.target" "traefik.service" "podman.socket" ]; wantedBy = ["multi-user.target"]; path = [ pkgs.podman-compose ]; diff --git a/templates/nix-config/podman/home-assistant.nix b/templates/nix-config/podman/home-assistant.nix index 5b4723d..2acd256 100644 --- a/templates/nix-config/podman/home-assistant.nix +++ b/templates/nix-config/podman/home-assistant.nix @@ -55,8 +55,8 @@ in systemd.services.hass = { description = "Podman container : ${container_name}"; - after = [ "network.target" "traefik.service" ]; - requires = [ "network.target" ]; + requires = [ "podman.socket" ]; + after = [ "network.target" "traefik.service" "podman.socket" ]; wantedBy = ["multi-user.target"]; path = [ pkgs.podman-compose ]; diff --git a/templates/nix-config/podman/immich.nix b/templates/nix-config/podman/immich.nix index 4284666..50ddf35 100644 --- a/templates/nix-config/podman/immich.nix +++ b/templates/nix-config/podman/immich.nix @@ -91,8 +91,8 @@ in systemd.services.immich = { description = "Podman container : ${container_name}"; - after = [ "network.target" "traefik.service" ]; - requires = [ "network.target" ]; + requires = [ "podman.socket" ]; + after = [ "network.target" "traefik.service" "podman.socket" ]; wantedBy = ["multi-user.target"]; path = [ pkgs.podman-compose ]; diff --git a/templates/nix-config/podman/it-tools.nix b/templates/nix-config/podman/it-tools.nix index 00d1f52..9147124 100644 --- a/templates/nix-config/podman/it-tools.nix +++ b/templates/nix-config/podman/it-tools.nix @@ -34,8 +34,8 @@ in systemd.services.it-tools = { description = "Podman container : ${container_name}"; - after = [ "network.target" "traefik.service" ]; - requires = [ "network.target" ]; + requires = [ "podman.socket" ]; + after = [ "network.target" "traefik.service" "podman.socket" ]; wantedBy = ["multi-user.target"]; path = [ pkgs.podman-compose ]; diff --git a/templates/nix-config/podman/nextcloud.nix b/templates/nix-config/podman/nextcloud.nix index f6fc546..dbbae55 100644 --- a/templates/nix-config/podman/nextcloud.nix +++ b/templates/nix-config/podman/nextcloud.nix @@ -57,8 +57,8 @@ in systemd.services.nextcloud = { description = "Podman container : ${container_name}"; - after = [ "network.target" "traefik.service" ]; - requires = [ "network.target" ]; + requires = [ "podman.socket" ]; + after = [ "network.target" "traefik.service" "podman.socket" ]; wantedBy = ["multi-user.target"]; path = [ pkgs.podman-compose ]; diff --git a/templates/nix-config/podman/passbolt.nix b/templates/nix-config/podman/passbolt.nix index 413ecee..6382d76 100644 --- a/templates/nix-config/podman/passbolt.nix +++ b/templates/nix-config/podman/passbolt.nix @@ -86,8 +86,8 @@ in systemd.services.passbolt = { description = "Podman container : ${container_name}"; - after = [ "network.target" "traefik.service" ]; - requires = [ "network.target" ]; + requires = [ "podman.socket" ]; + after = [ "network.target" "traefik.service" "podman.socket" ]; wantedBy = ["multi-user.target"]; path = [ pkgs.podman-compose ]; diff --git a/templates/nix-config/podman/pi-hole.nix b/templates/nix-config/podman/pi-hole.nix index f691529..75ed228 100644 --- a/templates/nix-config/podman/pi-hole.nix +++ b/templates/nix-config/podman/pi-hole.nix @@ -63,8 +63,8 @@ in systemd.services.pihole = { description = "Podman container : ${container_name}"; - after = [ "network.target" "traefik.service" ]; - requires = [ "network.target" ]; + requires = [ "podman.socket" ]; + after = [ "network.target" "traefik.service" "podman.socket" ]; wantedBy = ["multi-user.target"]; path = [ pkgs.podman-compose ]; diff --git a/templates/nix-config/podman/traefik.nix b/templates/nix-config/podman/traefik.nix index dc80704..d1ca820 100644 --- a/templates/nix-config/podman/traefik.nix +++ b/templates/nix-config/podman/traefik.nix @@ -133,8 +133,8 @@ in systemd.services.traefik = { description = "Podman container : ${container_name}"; - after = [ "network.target" "docker.socket" ]; - requires = [ "network.target" ]; + requires = [ "podman.socket" ]; + after = [ "network.target" "podman.socket" ]; wantedBy = [ "multi-user.target" ]; path = [ pkgs.podman-compose ]; diff --git a/templates/nix-config/sops-nix/secrets.yaml b/templates/nix-config/sops-nix/secrets.yaml index deab7ac..6e0c5fe 100644 --- a/templates/nix-config/sops-nix/secrets.yaml +++ b/templates/nix-config/sops-nix/secrets.yaml @@ -1,68 +1,68 @@ -ssh_public_keys: "$SSH_PUBLIC_KEY" -sender_email_address_password: "$SENDER_EMAIL_ADDRESS_PASSWORD" +ssh_public_keys: $SSH_PUBLIC_KEY +sender_email_address_password: $SENDER_EMAIL_ADDRESS_PASSWORD podman: frigate: | - DOMAIN_NAME="$DOMAIN_NAME" - FRIGATE_MQTT_USER="$HOME_ASSISTANT_MQTT_USER" - FRIGATE_MQTT_PASSWORD="$HOME_ASSISTANT_MQTT_PASSWORD" + DOMAIN_NAME=$DOMAIN_NAME + FRIGATE_MQTT_USER=$HOME_ASSISTANT_MQTT_USER + FRIGATE_MQTT_PASSWORD=$HOME_ASSISTANT_MQTT_PASSWORD gitea: | - DOMAIN_NAME="$DOMAIN_NAME" - DB_NAME="$GITEA_DB_NAME" - DB_USERNAME="$GITEA_DB_USERNAME" - DB_PASSWORD="$GITEA_DB_PASSWORD" - POSTGRES_HOST="gitea-database" - POSTGRES_PORT="5432" + DOMAIN_NAME=$DOMAIN_NAME + DB_NAME=$GITEA_DB_NAME + DB_USERNAME=$GITEA_DB_USERNAME + DB_PASSWORD=$GITEA_DB_PASSWORD + POSTGRES_HOST=gitea-database + POSTGRES_PORT=5432 home_assistant: | - DOMAIN_NAME="$DOMAIN_NAME" - HOME_ASSISTANT_MQTT_USER="$HOME_ASSISTANT_MQTT_USER" - HOME_ASSISTANT_MQTT_PASSWORD="$HOME_ASSISTANT_MQTT_PASSWORD" + DOMAIN_NAME=$DOMAIN_NAME + HOME_ASSISTANT_MQTT_USER=$HOME_ASSISTANT_MQTT_USER + HOME_ASSISTANT_MQTT_PASSWORD=$HOME_ASSISTANT_MQTT_PASSWORD immich: | - DOMAIN_NAME="$DOMAIN_NAME" - DB_DATABASE_NAME="$IMMICH_DB_NAME" - DB_USERNAME="$IMMICH_DB_USERNAME" - DB_PASSWORD="$IMMICH_DB_PASSWORD" - IMMICH_VERSION="release" - IMMICH_TRUSTED_PROXIES="172.16.50.253" - REDIS_HOSTNAME="immich-redis" - DB_HOSTNAME="immich-database" - UPLOAD_LOCATION="/mnt/data/immich" - DB_DATA_LOCATION="/mnt/config/immich/database" - TZ="Europe/Paris" + DOMAIN_NAME=$DOMAIN_NAME + DB_DATABASE_NAME=$IMMICH_DB_NAME + DB_USERNAME=$IMMICH_DB_USERNAME + DB_PASSWORD=$IMMICH_DB_PASSWORD + IMMICH_VERSION=release + IMMICH_TRUSTED_PROXIES=172.16.50.253 + REDIS_HOSTNAME=immich-redis + DB_HOSTNAME=immich-database + UPLOAD_LOCATION=/mnt/data/immich + DB_DATA_LOCATION=/mnt/config/immich/database + TZ=Europe/Paris it_tools: | - DOMAIN_NAME="$DOMAIN_NAME" + DOMAIN_NAME=$DOMAIN_NAME nextcloud: | - DOMAIN_NAME="$DOMAIN_NAME" - NEXTCLOUD_ENABLE_DRI_DEVICE="$TARGET_GRAPHICS" + DOMAIN_NAME=$DOMAIN_NAME + NEXTCLOUD_ENABLE_DRI_DEVICE=$TARGET_GRAPHICS passbolt: | - DOMAIN_NAME="$DOMAIN_NAME" - PASSBOLT_MYSQL_DATABASE="$PASSBOLT_DB_NAME" - PASSBOLT_MYSQL_USER="$PASSBOLT_DB_USERNAME" - PASSBOLT_MYSQL_PASSWORD="$PASSBOLT_DB_PASSWORD" - SENDER_EMAIL_ADDRESS="$SENDER_EMAIL_ADDRESS" - SENDER_EMAIL_ADDRESS_PASSWORD="$SENDER_EMAIL_ADDRESS_PASSWORD" - SENDER_EMAIL_DOMAIN="$SENDER_EMAIL_DOMAIN" - SENDER_EMAIL_PORT="$SENDER_EMAIL_PORT" - EMAIL_ADDRESS="$EMAIL_ADDRESS" - TZ="Europe/Paris" + DOMAIN_NAME=$DOMAIN_NAME + PASSBOLT_MYSQL_DATABASE=$PASSBOLT_DB_NAME + PASSBOLT_MYSQL_USER=$PASSBOLT_DB_USERNAME + PASSBOLT_MYSQL_PASSWORD=$PASSBOLT_DB_PASSWORD + SENDER_EMAIL_ADDRESS=$SENDER_EMAIL_ADDRESS + SENDER_EMAIL_ADDRESS_PASSWORD=$SENDER_EMAIL_ADDRESS_PASSWORD + SENDER_EMAIL_DOMAIN=$SENDER_EMAIL_DOMAIN + SENDER_EMAIL_PORT=$SENDER_EMAIL_PORT + EMAIL_ADDRESS=$EMAIL_ADDRESS + TZ=Europe/Paris pi_hole: | - DOMAIN_NAME="$DOMAIN_NAME" - HOME_ROUTER_SUBNET="$HOME_ROUTER_SUBNET" - HOME_ROUTER_IP="$HOME_ROUTER_IP" - HOME_SERVER_IP="$HOME_SERVER_IP" + DOMAIN_NAME=$DOMAIN_NAME + HOME_ROUTER_SUBNET=$HOME_ROUTER_SUBNET + HOME_ROUTER_IP=$HOME_ROUTER_IP + HOME_SERVER_IP=$HOME_SERVER_IP FTLCONF_webserver_api_password=$FTLCONF_WEBSERVER_PASSWORD - TZ="Europe/Paris" + TZ=Europe/Paris traefik: | - DOMAIN_NAME="$DOMAIN_NAME" - CF_DNS_API_TOKEN="$CF_DNS_API_TOKEN" + DOMAIN_NAME=$DOMAIN_NAME + CF_DNS_API_TOKEN=$CF_DNS_API_TOKEN disks: - content-disk-1: "$CONTENT_DISK_1_KEY" - content-disk-2: "$CONTENT_DISK_2_KEY" - content-disk-3: "$CONTENT_DISK_3_KEY" - content-disk-4: "$CONTENT_DISK_4_KEY" - content-disk-5: "$CONTENT_DISK_5_KEY" - content-disk-6: "$CONTENT_DISK_6_KEY" - parity-disk-1: "$PARITY_DISK_1_KEY" - parity-disk-2: "$PARITY_DISK_2_KEY" - parity-disk-3: "$PARITY_DISK_3_KEY" + content-disk-1: $CONTENT_DISK_1_KEY + content-disk-2: $CONTENT_DISK_2_KEY + content-disk-3: $CONTENT_DISK_3_KEY + content-disk-4: $CONTENT_DISK_4_KEY + content-disk-5: $CONTENT_DISK_5_KEY + content-disk-6: $CONTENT_DISK_6_KEY + parity-disk-1: $PARITY_DISK_1_KEY + parity-disk-2: $PARITY_DISK_2_KEY + parity-disk-3: $PARITY_DISK_3_KEY