harry123/nix-config
1
0
Fork 0
mirror of https://github.com/harryssecret/homelab-nix.git synced 2025-02-23 06:43:57 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

used environment variables for managing secrets

Browse source
This commit is contained in:
Harry 2024-07-18 18:45:52 +02:00
parent 221dd9d481
commit bff50b7249
3 changed files with 37 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
features/homelab-dashboard.nix
View file

@ -32,23 +32,14 @@ in
#TODO: add Radarr/Sonarr/... api key support #TODO: add Radarr/Sonarr/... api key support
config = { config = {
sops.defaultSopsFile = ../secrets/service-key.json; sops.secrets."homepage" = {
sops.defaultSopsFormat = "json"; sopsFile = ../secrets/homepage.env;
sops.secrets = { format = "dotenv";
sonarr = { };
radarr = { };
jellyfin = { };
jellyseerr = { };
pihole = { };
transmission = { };
prowlarr = { };
proxmoxPassword = { };
proxmoxUsername = { };
uptimekuma = { };
}; };
services.homepage-dashboard = { services.homepage-dashboard = {
enable = true; enable = true;
environmentFile = config.sops.secrets."homepage".path;
settings = { settings = {
headerStyle = "boxed"; headerStyle = "boxed";
"language" = "fr"; "language" = "fr";
@ -76,6 +67,8 @@ in
} }
]; ];
bookmarks = [ { code = [ { "Github" = [ { href = "https://github.com"; } ]; } ]; } ];
services = [ services = [
{ {
"Divertissement" = [ "Divertissement" = [
@ -128,7 +121,7 @@ in
type = "jellyfin"; type = "jellyfin";
url = "http://${ip}:8096"; url = "http://${ip}:8096";
enableBlocks = true; enableBlocks = true;
key = config.sops.secrets.jellyfin; key = "{{HOMEPAGE_VAR_JELLYFIN}}";
}; };
}; };
} }
@ -141,7 +134,7 @@ in
widget = { widget = {
type = "jellyseerr"; type = "jellyseerr";
url = "http://${ip}:5055"; url = "http://${ip}:5055";
key = config.sops.secrets.jellyseerr; key = "{{HOMEPAGE_VAR_JELLYSEERR}}";
}; };
}; };
} }
@ -159,13 +152,12 @@ in
href = "http://${ip}:9696/"; href = "http://${ip}:9696/";
widget = { widget = {
type = "prowlarr"; type = "prowlarr";
key = config.sops.secrets.prowlarr; key = "{{HOMEPAGE_VAR_PROWLARR}}";
url = "http://${ip}:9696"; url = "http://${ip}:9696";
}; };
}; };
} }
{ {
"Sonarr" = { "Sonarr" = {
icon = "sonarr"; icon = "sonarr";
description = "Moteur de recherche pour les séries"; description = "Moteur de recherche pour les séries";
@ -173,7 +165,7 @@ in
widget = { widget = {
type = "sonarr"; type = "sonarr";
url = "http://${ip}:9696"; url = "http://${ip}:9696";
key = config.sops.secrets.sonarr; key = "{{HOMEPAGE_VAR_SONARR}}";
}; };
}; };
} }
@ -184,7 +176,7 @@ in
href = "http://${ip}:7878"; href = "http://${ip}:7878";
widget = { widget = {
type = "radarr"; type = "radarr";
key = config.sops.secrets.radarr; key = "{{HOMEPAGE_VAR_RADARR}}";
url = "http://${ip}:7878"; url = "http://${ip}:7878";
}; };
}; };
@ -210,6 +202,9 @@ in
href = "http://${ip}:9091"; href = "http://${ip}:9091";
widget = { widget = {
type = "transmission"; type = "transmission";
url = "http://${ip}:9091";
username = "{{HOMEPAGE_VAR_TRANSMISSIONUSERNAME}}";
password = "{{HOMEPAGE_VAR_TRANSMISSIONPASSWORD}}";
}; };
}; };
} }
@ -252,8 +247,8 @@ in
href = "https://${cfg.proxmoxVEIp}:8006"; href = "https://${cfg.proxmoxVEIp}:8006";
widget = { widget = {
type = "proxmox"; type = "proxmox";
username = config.sops.secrets.proxmoxUsername; username = "{{HOMEPAGE_VAR_PROXMOXUSERNAME}}";
key = config.sops.secrets.proxmoxPassword; password = "{{HOMEPAGE_VAR_PROXMOXPASSWORD}}";
url = "https://${cfg.proxmoxVEIp}:8006"; url = "https://${cfg.proxmoxVEIp}:8006";
node = "pve"; node = "pve";
}; };
@ -266,7 +261,7 @@ in
href = "http://${cfg.piholeURL}/admin"; href = "http://${cfg.piholeURL}/admin";
widget = { widget = {
type = "pihole"; type = "pihole";
key = config.sops.secrets.pihole; key = "{{HOMEPAGE_VAR_PIHOLE}}";
url = "http://${cfg.piholeURL}"; url = "http://${cfg.piholeURL}";
}; };
}; };
@ -299,7 +294,7 @@ in
widget = { widget = {
type = "uptimerobot"; type = "uptimerobot";
url = "https://api.uptimerobot.com"; url = "https://api.uptimerobot.com";
key = config.sops.secrets.uptimekuma; key = "{{HOMEPAGE_VAR_UPTIMEROBOT}}";
}; };
}; };
} }

19
secrets/homepage.env Normal file
View file

@ -0,0 +1,19 @@
HOMEPAGE_VAR_SONARR=ENC[AES256_GCM,data:yhwW5qAE2L9zbaFiHWxXB+gj+kxBeO3zqTdltX+WaHQ=,iv:MnBoJ7qJOfqOXXMtl2d6bxKNg05jMi6+SPRdzk6H5DU=,tag:NOptIVMdCVzlsbNpEmtWNA==,type:str]
HOMEPAGE_VAR_PROWLARR=ENC[AES256_GCM,data:rRJy+eBiMDam6YTsa0Di9DQY/+hTb4LoTiOK5ealLZ4=,iv:kvj5AI8lYChIhXY/CJ+CLiGChDW5REqaG9SvwcIu4OM=,tag:WFXOp0mWftLbKsjFIXcEJw==,type:str]
HOMEPAGE_VAR_JELLYFIN=ENC[AES256_GCM,data:Qm0u9aQ3zae6Ksw5sZrQg+oyYLpi47Mn/9J7NH9n0RY=,iv:uNnIUzZddbhhVYvUHc0dOEVHC8BlAcAYQeEagwV2bTs=,tag:HQHcSucWRks/7lDDKPNv/w==,type:str]
HOMEPAGE_VAR_TRANSMISSIONUSERNAME=ENC[AES256_GCM,data:bEGrDAzz,iv:lxfmzkgSwLuTYG6lwowldljzG/+nyFS1T+D6ikqGKMc=,tag:/gaQjYr+mhFwp8+QrxUNMQ==,type:str]
HOMEPAGE_VAR_TRANSMISSIONPASSWORD=ENC[AES256_GCM,data:k2NVt94Z+6Vt4hNY3Z0UvhHpP3oOjRVEaPcZjQgDZenAnQ==,iv:Xo9i/6w8seI0Qk/ZHoTa3wsfTAcWKbRCTgQDOf9EPk8=,tag:2JmdC0RcwwveFGrV0TLVsQ==,type:str]
HOMEPAGE_VAR_JELLYSEERR=ENC[AES256_GCM,data:Hxs1yAZpu1sWfV733P3I2oL9aecyq3LLUw/YG8PW/rA7aE5v30wS9sLXKWrdHeiT0Mj/b64sHRaPnBmczSb8HBdG1Wo=,iv:oeIEIt308GZd5n8lE204ebnXC48Ra56oKVR76JGrCLk=,tag:NdhMqBRwe8XS3q+Pzw6AbA==,type:str]
HOMEPAGE_VAR_PROXMOXUSERNAME=ENC[AES256_GCM,data:nE/fK5Bc16e3wceoOaVmOg==,iv:d8Wa/BxpMzHaAQ8rEz4Ubva4UXxi3ETCaCUx1ZcuplY=,tag:6K8OnOEohCrxHMkvnyeP9Q==,type:str]
HOMEPAGE_VAR_PROXMOXPASSWORD=ENC[AES256_GCM,data:fq7uMnkypQ1I5PtW7l59cRQZe5/VhQu8elRg/kUgSmdNFc9g,iv:XPjAuoqA+S30wPC/HU9EEqHSCkekWAGOBfrRGIq+XA0=,tag:851/krrh60hPnY/Nxlbkxg==,type:str]
HOMEPAGE_VAR_RADARR=ENC[AES256_GCM,data:aXCWKXTQJgyG7kyaRUsTpOWk8vFnhlEo0YgvjwSnQkc=,iv:3+ULcw4R4Ko85H0azva/sHkT6Gyev7tWAwzrW9EoHIQ=,tag:xZn3XwD53qF0y2O3Kylifw==,type:str]
HOMEPAGE_VAR_PIHOLE=ENC[AES256_GCM,data:yLYh4pHT6tJ61A/hTVQ5w1wG0rl7DFuYhX1MOgLWdTIw4cvqXx/6IWkYZPHSYyU1mgJBf5tAIduss12cRqEnrg==,iv:5jevBeemEr7WCL7LlHiB1/Z/ewIDgTyiFUQhpJ4P3lo=,tag:UujH6+nLOerI4N6CqBY/gg==,type:str]
HOMEPAGE_VAR_UPTIMEROBOT=ENC[AES256_GCM,data:slWhhjU28fWDct8uiPzMuPEF4UjXsdHlelCCf02vdL386EA=,iv:ow9io30DDZFP97ibnhtuOj5Cf8SeIlBwEXevKRw9bj0=,tag:OslEPMwKx8Cc3Sti7ImkSA==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhRDZvSnVRbjVIbkN2cmVH\nY2hSU3k4VllQa2UwWjJyRzQ5VjJzZ21xdVhRCjlDb1k3QjVhV2laaW1qdlljNEt1\nZmZpaGVCYWpCUTRQWld4YWNiajRvWFUKLS0tIEszamxTeFJRb1pFVVp5S3Vac1lS\nV1FoR0syNzBUelVpMDZBTlE4dXVzUzgKw2l8yB78bceQmbrPZ3pSPRKRxum1iyjz\nRugu8MamsZL8PWs2i4dh8o2FUnXixfs8zudmd77OST7AqEiUd/Yt4A==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1c8kr95dc7cqq34qyjgpnsgfgyntqnt5rlrq2c025ehp32f8h3sjqkf8k3s
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCRCtrSFVBTVBFeVJZVlIr\nVHJqY2k4WGFlZERYQzR6ZUpaais2dEZxSVZBCkhPdjlLb2d1ZXQzcHlscDVQaUpS\na05FM003dFlsbmRJd3IxN1I1R2dTWU0KLS0tIGhGemN6d1dBM3Y3YUNvdEloVytK\nWFpWTkpwZ2d6V3JzWitNQ3E3ajhnclkK4pYiF8kMxnoDXHmHjk1RJD/k5A0/k8de\nMD2wAv7irB5S8023ALH+81FwNSbC+hQZwKBSSa1GkxK1wc7cNsVDgA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age17pq9xyrcv6tlms9sznnhql6pejue33r0aukn72hzpcn4jykrg33q4u0a3m
sops_lastmodified=2024-07-18T16:32:41Z
sops_mac=ENC[AES256_GCM,data:ErOakkzbQIjLiTzLMDtm4n8uLlOuAwNs6gGTnr/fwAj6w6hU7OCOVl2Yu5P70tJbi3n7OSyoaQKYBItT26qLats34rjdw9meOnEuCtufiE8nCvvgyDZAfg2cJwi1ZTJGjqQvnKJqNLuqGNbczjEi0CJ6VI/W4DwMGK7ZvDVDsB4=,iv:12YOAQC1028tPVOei0YwZJTi/pQpOWDPpDa83PvN6Ik=,tag:N0R+7maLGpH1Cxn2XAhuig==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.9.0

33
secrets/service-key.json
View file

@ -1,33 +0,0 @@
{
"sonarr": "ENC[AES256_GCM,data:JonhgfSiU81GTFl4TIBY7VaXSf1QtLcwZ/9XS2xQEDI=,iv:KsHuZO2GqJ/43fhcAh4r5l9n9kNxJ7Hb9DgJrc5h22w=,tag:f/j4lsfied71HgLvJ5JyKA==,type:str]",
"prowlarr": "ENC[AES256_GCM,data:CH1HZJr/C5Sf04G+8iuOtFXlgeyBHcEFc56sSaec2cU=,iv:2CLP9QM/fvM2qxZHwUlcWlPT3jtNa7Ago25mKXBN1T4=,tag:+baq6TVq3TgQMTnLFhHnvw==,type:str]",
"jellyfin": "ENC[AES256_GCM,data:A6pt3B3LqzoktxuQc/v0Id82/0kiHKrldyjfVBwzeEQ=,iv:ezHB0YWcWkVIkyi10woyfwHiuvWYV5/2OXVHPLNcNCQ=,tag:UIEnI6Rz9clwsrGMDuImHQ==,type:str]",
"transmission": "",
"jellyseerr": "ENC[AES256_GCM,data:tsUvQPMWSGqtZo5P6KC6gNB5TUxRhogwF59MF55WUvKiR8SxPaBG6oczaxktipK/9QNvcysQ3A7mFOXut0lkIG6AnXU=,iv:fOtQjEpYiP+XuVMtYgwIvL6W4HK0nQAcfCvaMhBp4XI=,tag:CTXI9tLzUwW3jSgvJOyHcg==,type:str]",
"proxmoxUsername": "ENC[AES256_GCM,data:VOf86yDYNw5r71663rR6+A==,iv:S648rPpWbgJgbiJJJ1I2z1RzmzsJu4QTQoxULsVtaIQ=,tag:XhK/aLymkTNwj98+E3hGzA==,type:str]",
"proxmoxPassword": "ENC[AES256_GCM,data:qD/Su3AUAfclyYFBvs2wHP4RUdV2exyqw66lqQQBxvzYx5Sg,iv:tmszOdTihDbBXMjJ+h6W04tSGXtdg/s5WgGD2S8Dtxs=,tag:ip5fhEt3shy+FfhbwsxTDQ==,type:str]",
"radarr": "ENC[AES256_GCM,data:njeeGbkK8uII+EyfppJ69Nxw8ioBE9WX890WuE3KhZY=,iv:bft6e9fAsywILDnXtBRvme99C4sSf1vF6s6W9n8Sw2g=,tag:LL3TUaW5uRspBs/Ngix/uw==,type:str]",
"pihole": "ENC[AES256_GCM,data:Bqptls/d6aKe753+uMwozYNLkF0ZJ7y1QY9qjm3KaPyIoWyCeJ7nh/o8bIUdv3aZA/0+SPVFLPy8r/b0gA7ncA==,iv:mxr1IQ8um7n8FdLBVGtCLfbiKha91+mZqkIhhZO5cwA=,tag:88A0eLL+CkmSlIFf299Oxg==,type:str]",
"uptimerobot": "ENC[AES256_GCM,data:OFeM8ZP7ZdkptLkn/UD+eJfTEx0GQhqHcOEGNJjX+H6s60I=,iv:1vQRhPJgZmZwgXdXPXmlh/NRu/2GiJFtVQwjhsxC9uE=,tag:zxTig37FR23Ktb/1ZNpisg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1c8kr95dc7cqq34qyjgpnsgfgyntqnt5rlrq2c025ehp32f8h3sjqkf8k3s",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXckh1UmRZMmVWSTVJSVJ5\naUFVd1NuaGg3Q2haZ3U0WGdiZFVINFhwR3o0CmJzQ2I0dnR6d0FkdUp1Z2NVR3V0\nVVNMendxYS9OZnpSVnRaL200NHlWRWMKLS0tIDhhL2FFUHo2eUVIWlZmNmdvTjE1\nSVUzZ3ZGTk1qb1phR2tuOUNMT0JxWVkKT15uwSv1+Fs59jMremsTOMRJpuJCjvPr\nzif4HFYNkygimvq3NgjWYnX8JGD3M9S+Yet3lnF0w5XzStJe6zIemQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age17pq9xyrcv6tlms9sznnhql6pejue33r0aukn72hzpcn4jykrg33q4u0a3m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIWStBcnBiU0dRbnZ1TnZ3\nT2NNRllHL0VwbTlyQnRYUFFHeGdZM0JtVmdrCkszVkdxVW1CTWk4V3RYUGlzOGhP\nOUw4WEFZVmlTTTVwTWN3OUtlN0lQR00KLS0tIHp1SmxJQUo5UDRBYnRzbGpUK283\nNGtUMzBhTjk1TjF5TS9XUzJweXRUcG8KZPQOfD5+z13mlBgRqJ+T2Zpz0y+dlVX3\nCVC1VmHwgOUfSnB0wblrvCvFgb5c6amId7X0zaeTezmYbl/U7QU71A==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-07-17T17:36:57Z",
"mac": "ENC[AES256_GCM,data:feJKJ1JFklbUrCoM4Zh6aD6G+/jzUqS7UWExa2U2j93g6W4QBq8h0g1/4CVKQ/ZwsJoRtWXpoBPQ4spqf2q3BwHZ3YhqIO+ulyYPU2Hl5Gr3eGBlQZ08zr8NcZ/V1zdJ+ZgnApyQ4IuFeD++NoCxzHbLokBP+b/HFvrnsubCkPY=,iv:URLSMtDh5mNWM959SYjPQewMCX4dq1Do7ivCKzLcKCg=,tag:wbwKOleuXKAPZ6SjnBlJHw==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.0"
}
}