Made secrets variables more reliable 2.
This commit is contained in:
Raphaël Billet
@@ -1,46 +1,46 @@
|
||||
ssh_public_keys: "${SSH_PUBLIC_KEY}"
|
||||
ssh_public_keys: $SSH_PUBLIC_KEY
|
||||
|
||||
docker:
|
||||
nextcloud: |
|
||||
DOMAIN_NAME="${DOMAIN_NAME}"
|
||||
NEXTCLOUD_ENABLE_DRI_DEVICE="${TARGET_GRAPHICS}"
|
||||
DOMAIN_NAME=$DOMAIN_NAME
|
||||
NEXTCLOUD_ENABLE_DRI_DEVICE=$TARGET_GRAPHICS
|
||||
frigate: |
|
||||
DOMAIN_NAME="${DOMAIN_NAME}"
|
||||
FRIGATE_MQTT_USER="${HOME_ASSISTANT_MQTT_USER}"
|
||||
FRIGATE_MQTT_PASSWORD="${HOME_ASSISTANT_MQTT_PASSWORD}"
|
||||
DOMAIN_NAME=$DOMAIN_NAME
|
||||
FRIGATE_MQTT_USER=$HOME_ASSISTANT_MQTT_USER
|
||||
FRIGATE_MQTT_PASSWORD=$HOME_ASSISTANT_MQTT_PASSWORD
|
||||
traefik: |
|
||||
DOMAIN_NAME="${DOMAIN_NAME}"
|
||||
CF_DNS_API_TOKEN="${CF_DNS_API_TOKEN}"
|
||||
DOMAIN_NAME=$DOMAIN_NAME
|
||||
CF_DNS_API_TOKEN=$CF_DNS_API_TOKEN
|
||||
hass: |
|
||||
DOMAIN_NAME="${DOMAIN_NAME}"
|
||||
HOME_ASSISTANT_MQTT_USER="${HOME_ASSISTANT_MQTT_USER}"
|
||||
HOME_ASSISTANT_MQTT_PASSWORD="${HOME_ASSISTANT_MQTT_PASSWORD}"
|
||||
DOMAIN_NAME=$DOMAIN_NAME
|
||||
HOME_ASSISTANT_MQTT_USER=$HOME_ASSISTANT_MQTT_USER
|
||||
HOME_ASSISTANT_MQTT_PASSWORD=$HOME_ASSISTANT_MQTT_PASSWORD
|
||||
passbolt: |
|
||||
DOMAIN_NAME="${DOMAIN_NAME}"
|
||||
TZ="Europe/Paris"
|
||||
PASSBOLT_MYSQL_DATABASE="${PASSBOLT_MYSQL_DATABASE}"
|
||||
PASSBOLT_MYSQL_USER="${PASSBOLT_MYSQL_USER}"
|
||||
PASSBOLT_MYSQL_PASSWORD="${PASSBOLT_MYSQL_PASSWORD}"
|
||||
SENDER_EMAIL_ADDRESS="${SENDER_EMAIL_ADDRESS}"
|
||||
SENDER_EMAIL_ADDRESS_PASSWORD="${SENDER_EMAIL_ADDRESS_PASSWORD}"
|
||||
SENDER_EMAIL_DOMAIN="${SENDER_EMAIL_DOMAIN}"
|
||||
SENDER_EMAIL_PORT="${SENDER_EMAIL_PORT}"
|
||||
EMAIL_ADDRESS="${EMAIL_ADDRESS}"
|
||||
DOMAIN_NAME=$DOMAIN_NAME
|
||||
TZ=Europe/Paris
|
||||
PASSBOLT_MYSQL_DATABASE=$PASSBOLT_MYSQL_DATABASE
|
||||
PASSBOLT_MYSQL_USER=$PASSBOLT_MYSQL_USER
|
||||
PASSBOLT_MYSQL_PASSWORD=$PASSBOLT_MYSQL_PASSWORD
|
||||
SENDER_EMAIL_ADDRESS=$SENDER_EMAIL_ADDRESS
|
||||
SENDER_EMAIL_ADDRESS_PASSWORD=$SENDER_EMAIL_ADDRESS_PASSWORD
|
||||
SENDER_EMAIL_DOMAIN=$SENDER_EMAIL_DOMAIN
|
||||
SENDER_EMAIL_PORT=$SENDER_EMAIL_PORT
|
||||
EMAIL_ADDRESS=$EMAIL_ADDRESS
|
||||
pihole: |
|
||||
DOMAIN_NAME="${DOMAIN_NAME}"
|
||||
TZ="Europe/Paris"
|
||||
HOME_ROUTER_SUBNET="${HOME_ROUTER_SUBNET}"
|
||||
HOME_ROUTER_IP="${HOME_ROUTER_IP}"
|
||||
HOME_SERVER_IP="${HOME_SERVER_IP}"
|
||||
FTLCONF_webserver_api_password="${FTLCONF_WEBSERVER_PASSWORD}"
|
||||
DOMAIN_NAME=$DOMAIN_NAME
|
||||
TZ=Europe/Paris
|
||||
HOME_ROUTER_SUBNET=$HOME_ROUTER_SUBNET
|
||||
HOME_ROUTER_IP=$HOME_ROUTER_IP
|
||||
HOME_SERVER_IP=$HOME_SERVER_IP
|
||||
FTLCONF_webserver_api_password=$FTLCONF_WEBSERVER_PASSWORD
|
||||
|
||||
disks:
|
||||
data_disk_1: "${DATA_DISK_1}"
|
||||
data_disk_2: "${DATA_DISK_2}"
|
||||
data_disk_3: "${DATA_DISK_3}"
|
||||
data_disk_4: "${DATA_DISK_4}"
|
||||
data_disk_5: "${DATA_DISK_5}"
|
||||
data_disk_6: "${DATA_DISK_6}"
|
||||
parity_disk_1: "${PARITY_DISK_1}"
|
||||
parity_disk_2: "${PARITY_DISK_2}"
|
||||
parity_disk_3: "${PARITY_DISK_3}"
|
||||
data_disk_1: $DATA_DISK_1
|
||||
data_disk_2: $DATA_DISK_2
|
||||
data_disk_3: $DATA_DISK_3
|
||||
data_disk_4: $DATA_DISK_4
|
||||
data_disk_5: $DATA_DISK_5
|
||||
data_disk_6: $DATA_DISK_6
|
||||
parity_disk_1: $PARITY_DISK_1
|
||||
parity_disk_2: $PARITY_DISK_2
|
||||
parity_disk_3: $PARITY_DISK_3
|
||||
|
||||
@@ -175,21 +175,21 @@ files_generation() {
|
||||
envsubst < config-files/sops-nix/.sops.yaml > extra-files/etc/nixos/.sops.yaml
|
||||
|
||||
echo -e "\n ✅ Generating secure random database passwords..."
|
||||
HOME_ASSISTANT_MQTT_USER=$(openssl rand -base64 29 | tr -d "\123456789=+/" | cut -c1-10)
|
||||
HOME_ASSISTANT_MQTT_PASSWORD=$(openssl rand -base64 29 | tr -d "\=+/" | cut -c1-64)
|
||||
PASSBOLT_MYSQL_DATABASE=$(openssl rand -base64 29 | tr -d "\123456789=+/" | cut -c1-10)
|
||||
PASSBOLT_MYSQL_USER=$(openssl rand -base64 29 | tr -d "\123456789=+/" | cut -c1-10)
|
||||
PASSBOLT_MYSQL_PASSWORD=$(openssl rand -base64 29 | tr -d "\=+/" | cut -c1-64)
|
||||
FTLCONF_WEBSERVER_PASSWORD=$(openssl rand -base64 29 | tr -d "\=+/" | cut -c1-64)
|
||||
DATA_DISK_1=$(openssl rand -base64 300 | tr -d "\=+/" | cut -c1-300)
|
||||
DATA_DISK_2=$(openssl rand -base64 300 | tr -d "\=+/" | cut -c1-300)
|
||||
DATA_DISK_3=$(openssl rand -base64 300 | tr -d "\=+/" | cut -c1-300)
|
||||
DATA_DISK_4=$(openssl rand -base64 300 | tr -d "\=+/" | cut -c1-300)
|
||||
DATA_DISK_5=$(openssl rand -base64 300 | tr -d "\=+/" | cut -c1-300)
|
||||
DATA_DISK_6=$(openssl rand -base64 300 | tr -d "\=+/" | cut -c1-300)
|
||||
PARITY_DISK_1=$(openssl rand -base64 300 | tr -d "\=+/" | cut -c1-300)
|
||||
PARITY_DISK_2=$(openssl rand -base64 300 | tr -d "\=+/" | cut -c1-300)
|
||||
PARITY_DISK_3=$(openssl rand -base64 300 | tr -d "\=+/" | cut -c1-300)
|
||||
HOME_ASSISTANT_MQTT_USER="$(openssl rand -hex 10)"
|
||||
HOME_ASSISTANT_MQTT_PASSWORD="$(openssl rand -base64 32 | tr -d '\=+/')"
|
||||
PASSBOLT_MYSQL_DATABASE="$(openssl rand -hex 10)"
|
||||
PASSBOLT_MYSQL_USER="$(openssl rand -hex 10)"
|
||||
PASSBOLT_MYSQL_PASSWORD="$(openssl rand -base64 32 | tr -d '\=+/')"
|
||||
FTLCONF_WEBSERVER_PASSWORD="$(openssl rand -base64 32 | tr -d '\=+/')"
|
||||
DATA_DISK_1="$(openssl rand -base64 32 | tr -d '\=+/')"
|
||||
DATA_DISK_2="$(openssl rand -base64 32 | tr -d '\=+/')"
|
||||
DATA_DISK_3="$(openssl rand -base64 32 | tr -d '\=+/')"
|
||||
DATA_DISK_4="$(openssl rand -base64 32 | tr -d '\=+/')"
|
||||
DATA_DISK_5="$(openssl rand -base64 32 | tr -d '\=+/')"
|
||||
DATA_DISK_6="$(openssl rand -base64 32 | tr -d '\=+/')"
|
||||
PARITY_DISK_1="$(openssl rand -base64 32 | tr -d '\=+/ ')"
|
||||
PARITY_DISK_2="$(openssl rand -base64 32 | tr -d '\=+/ ')"
|
||||
PARITY_DISK_3="$(openssl rand -base64 32 | tr -d '\=+/ ')"
|
||||
|
||||
echo -e "\n ✅ Encrypting secrets in the correct file..."
|
||||
envsubst < "config-files/sops-nix/secrets.yaml" | sops encrypt --filename-override secrets.yaml \
|
||||
|
||||
Reference in New Issue
Block a user