Sovran_Systems/Sovran_SystemsOS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

updated the Agenix sub-systems

Browse Source
This commit is contained in:
naturallaw77 2024-12-16 17:31:07 -08:00
parent b841623665
commit 424e75c3e4
2 changed files with 43 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
configuration.nix
View File

@ -293,6 +293,46 @@ in
}; };
###### AGENIX #######
age.identityPaths = [ "/root/.ssh/agenix/agenix-secret-keys" ];
age.secrets.matrix_reg_secret = {
file = /var/lib/agenix-secrets/matrix_reg_secret.age;
mode = "770";
owner = "matrix-synapse";
group = "matrix-synapse";
};
age.secrets.matrixdb = {
file = /var/lib/agenix-secrets/matrixdb.age;
mode = "770";
owner = "postgres";
group = "postgres";
};
age.secrets.nexclouddb = {
file = /var/lib/agenix-secrets/nextclouddb.age;
mode = "770";
owner = "postgres";
group = "postgres";
};
age.secrets.wordpress = {
file = /var/lib/agenix-secrets/wordpress.age;
mode = "770";
owner = "mysql";
group = "mysql";
};
###### CREATE DATABASE (WORDPRESS, MATRIX_SYNAPSE, AND NEXTCLOUD) ####### ###### CREATE DATABASE (WORDPRESS, MATRIX_SYNAPSE, AND NEXTCLOUD) #######
services.postgresql = { services.postgresql = {
enable = true; enable = true;
@ -315,14 +355,14 @@ in
services.postgresql.initialScript = pkgs.writeText "begin-init.sql" '' services.postgresql.initialScript = pkgs.writeText "begin-init.sql" ''
CREATE ROLE "ncusr" WITH LOGIN PASSWORD '${personalization.age.secrets.nextclouddb.file}'; CREATE ROLE "ncusr" WITH LOGIN PASSWORD '${config.age.secrets.nextclouddb.path}';
CREATE DATABASE "nextclouddb" WITH OWNER "ncusr" CREATE DATABASE "nextclouddb" WITH OWNER "ncusr"
TEMPLATE template0 TEMPLATE template0
LC_COLLATE = "C" LC_COLLATE = "C"
LC_CTYPE = "C"; LC_CTYPE = "C";
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${personalization.age.secrets.matrixdb.file}'; CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${config.age.secrets.matrixdb.path}';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0 TEMPLATE template0
LC_COLLATE = "C" LC_COLLATE = "C"
@ -333,7 +373,7 @@ in
services.mysql.initialScript = pkgs.writeText "wordpress-init.sql" '' services.mysql.initialScript = pkgs.writeText "wordpress-init.sql" ''
CREATE DATABASE wordpressdb; CREATE DATABASE wordpressdb;
GRANT ALL ON *.* TO 'wpusr'@'localhost' IDENTIFIED BY '${personalization.age.secrets.wordpressdb.file}'; GRANT ALL ON *.* TO 'wpusr'@'localhost' IDENTIFIED BY '${config.age.secrets.wordpressdb.path}';
FLUSH PRIVILEGES; FLUSH PRIVILEGES;
'' ''
; ;

11
modules/personalization.nix
View File

@ -9,17 +9,6 @@ vaultwarden_url = builtins.readFile /var/lib/domains/vaultwarden;
## ##
age.identityPaths = [ "/root/.ssh/agenix/agenix-secret-keys" ];
##
age.secrets.matrix_reg_secret.file = /var/lib/agenix-secrets/matrix_reg_secret.age;
age.secrets.matrixdb.file = /var/lib/agenix-secrets/matrixdb.age;
age.secrets.nextclouddb.file = /var/lib/agenix-secrets/nextclouddb.age;
age.secrets.wordpressdb.file = /var/lib/agenix-secrets/wordpressdb.age;
##
external_ip_secret = builtins.readFile /var/lib/secrets/external_ip; external_ip_secret = builtins.readFile /var/lib/secrets/external_ip;
coturn_static_auth_secret = builtins.readFile /var/lib/secrets/turn; coturn_static_auth_secret = builtins.readFile /var/lib/secrets/turn;