numbus/numbus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added secrets management for data and parity disks

Browse Source
This commit is contained in:
Raphaël Billet
2025-11-26 21:58:13 +01:00
parent ffbf0bcbe9
commit d4c2de55f3
3 changed files with 29 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config-files/sops-nix/secrets.yaml
+11 -1
View File
@@ -32,4 +32,14 @@ docker:
HOME_ROUTER_SUBNET=$HOME_ROUTER_SUBNET HOME_ROUTER_SUBNET=$HOME_ROUTER_SUBNET
HOME_ROUTER_IP=$HOME_ROUTER_IP HOME_ROUTER_IP=$HOME_ROUTER_IP
HOME_SERVER_IP=$HOME_SERVER_IP HOME_SERVER_IP=$HOME_SERVER_IP
FTLCONF_webserver_api_password=$FTLCONF_WEBSERVER_PASSWORD FTLCONF_webserver_api_password=$FTLCONF_WEBSERVER_PASSWORD
disks:
data-disk-1=$DATA-DISK-1
data-disk-2=$DATA-DISK-2
data-disk-3=$DATA-DISK-3
data-disk-4=$DATA-DISK-4
data-disk-5=$DATA-DISK-5
data-disk-6=$DATA-DISK-6
parity-disk-1=$PARITY-DISK-1
parity-disk-2=$PARITY-DISK-2
parity-disk-3=$PARITY-DISK-3
configuration.nix
+9
View File
@@ -37,6 +37,15 @@ in
sops.secrets."docker/passbolt" = { owner = "numbus-admin"; path = "/etc/docker-compose/passbolt/.env"; }; sops.secrets."docker/passbolt" = { owner = "numbus-admin"; path = "/etc/docker-compose/passbolt/.env"; };
sops.secrets."docker/hass" = { owner = "numbus-admin"; path = "/etc/docker-compose/hass/.env"; }; sops.secrets."docker/hass" = { owner = "numbus-admin"; path = "/etc/docker-compose/hass/.env"; };
sops.secrets."docker/pihole" = { owner = "numbus-admin"; path = "/etc/docker-compose/pihole/.env"; }; sops.secrets."docker/pihole" = { owner = "numbus-admin"; path = "/etc/docker-compose/pihole/.env"; };
sops.secrets."disks/data-disk-1" = { owner = "root"; };
sops.secrets."disks/data-disk-2" = { owner = "root"; };
sops.secrets."disks/data-disk-3" = { owner = "root"; };
sops.secrets."disks/data-disk-4" = { owner = "root"; };
sops.secrets."disks/data-disk-5" = { owner = "root"; };
sops.secrets."disks/data-disk-6" = { owner = "root"; };
sops.secrets."disks/parity-disk-1" = { owner = "root"; };
sops.secrets."disks/parity-disk-2" = { owner = "root"; };
sops.secrets."disks/parity-disk-3" = { owner = "root"; };
# Bootloader options # Bootloader options
boot.initrd.systemd.enable = true; boot.initrd.systemd.enable = true;
deploy.sh
+9
View File
@@ -180,6 +180,15 @@ files_generation() {
PASSBOLT_MYSQL_USER=$(openssl rand -base64 29 | tr -d "123456789=+/" | cut -c1-10) PASSBOLT_MYSQL_USER=$(openssl rand -base64 29 | tr -d "123456789=+/" | cut -c1-10)
PASSBOLT_MYSQL_PASSWORD=$(openssl rand -base64 29 | tr -d "=+/" | cut -c1-64) PASSBOLT_MYSQL_PASSWORD=$(openssl rand -base64 29 | tr -d "=+/" | cut -c1-64)
FTLCONF_WEBSERVER_PASSWORD=$(openssl rand -base64 29 | tr -d "=+/" | cut -c1-64) FTLCONF_WEBSERVER_PASSWORD=$(openssl rand -base64 29 | tr -d "=+/" | cut -c1-64)
DATA-DISK-1=$(openssl rand -base64 300 | tr -d "=+/" | cut -c1-256)
DATA-DISK-2=$(openssl rand -base64 300 | tr -d "=+/" | cut -c1-256)
DATA-DISK-3=$(openssl rand -base64 300 | tr -d "=+/" | cut -c1-256)
DATA-DISK-4=$(openssl rand -base64 300 | tr -d "=+/" | cut -c1-256)
DATA-DISK-5=$(openssl rand -base64 300 | tr -d "=+/" | cut -c1-256)
DATA-DISK-6=$(openssl rand -base64 300 | tr -d "=+/" | cut -c1-256)
PARITY-DISK-1=$(openssl rand -base64 300 | tr -d "=+/" | cut -c1-256)
PARITY-DISK-2=$(openssl rand -base64 300 | tr -d "=+/" | cut -c1-256)
PARITY-DISK-3=$(openssl rand -base64 300 | tr -d "=+/" | cut -c1-256)
echo -e "\n\n ✅ Encrypting secrets in the correct file..." echo -e "\n\n ✅ Encrypting secrets in the correct file..."
envsubst < "config-files/sops-nix/secrets.yaml" | sops encrypt --filename-override secrets.yaml \ envsubst < "config-files/sops-nix/secrets.yaml" | sops encrypt --filename-override secrets.yaml \