From 8e119c73d272e31b548f9bc047e88082a93eac07 Mon Sep 17 00:00:00 2001 From: sefidel Date: Mon, 19 Feb 2024 20:26:18 +0900 Subject: feat(systems/cobalt): configure OAuth for akkoma --- systems/cobalt/default.nix | 4 ++++ systems/cobalt/secrets/secrets.yaml | 5 +++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/systems/cobalt/default.nix b/systems/cobalt/default.nix index a877064..036e459 100644 --- a/systems/cobalt/default.nix +++ b/systems/cobalt/default.nix @@ -156,6 +156,7 @@ in # }; sops.secrets.searx-env = { }; sops.secrets.freshrss-admin-pass = { owner = "freshrss"; }; + sops.secrets.akkoma-envs = { }; services.openssh.knownHosts."hk-s020.rsync.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcPl9x9JfRFwsn09NnDw/xBZbAN80ZQck+h6AqlVqPH"; @@ -323,6 +324,9 @@ in domain = "exotic.sh"; realHost = "social.exotic.sh"; instanceName = "exotic.sh social"; + + oauthBaseUrl = "https://auth.exotic.sh"; + secrets.akkoma-envs = config.sops.secrets.akkoma-envs.path; }; services.soju = { enable = true; diff --git a/systems/cobalt/secrets/secrets.yaml b/systems/cobalt/secrets/secrets.yaml index 0b8acf0..28d9b64 100644 --- a/systems/cobalt/secrets/secrets.yaml +++ b/systems/cobalt/secrets/secrets.yaml @@ -24,6 +24,7 @@ internal-imap-pass: ENC[AES256_GCM,data:2+Bk1hxM+veEXvSpqSZw1I9NaNBjE79CpJmLi2WH grafana-admin-pass: ENC[AES256_GCM,data:88z+mLcZ5s1u/8LWYcnOOhWTkff8sv1NIhQ=,iv:YdGaKCaq1bCCLsuYIug6NFO2rhqX/Xyt5yQ/hgWOfko=,tag:D+xWcN2bC2Q1Q2mjtpWqLg==,type:str] searx-env: ENC[AES256_GCM,data:FX5CpcDqkpUH2bsS00gFCzPFcInNMbf1Z0mBmoHXk2BJ54AVOVVM1aiVwXDyWnX2wN4gO8nHFypAY451R6UiSt7FAWlkYbBdlv7EsLyaLUR+,iv:c9B+tkipD3IbWTNCzOTvV1MtwJJsOonhxSM+31CHoXg=,tag:hP/BX6TahGqecTtUO3LorQ==,type:str] freshrss-admin-pass: ENC[AES256_GCM,data:xfDBsL9OWmOJy7wCKSJPobsk33pwT+E6ylGfjsZDbPozClT6I5nXtQ==,iv:c8au21XjXE97g3SS5JFwVk45NrsnO8aCHWpWP5o0bfY=,tag:Q65jkxymo/VMHOScFq8hPw==,type:str] +akkoma-envs: ENC[AES256_GCM,data:xiJ64weh7aGrDP2AdwACu4CjGD/7qPs5gT7+ApBscRWrsZKwh7vqayMe38zVk9cV3UWQxBvLFqQDAJsGYWxq7t8161b7l5iPiRTSuxTojQFNBT0aBOuSN1dSez/7IIkuVGU/bRUCyPPhqAmU8D2UU1XZYQdCEzGhA3mWuGWZe9DpShDx0GsFqBLuhIrmis950tL7Rpy7A0iUp3XYmwFUPfRrIPb3bRpsHZU5RtbjpFgRserk7Jwidars+QzeWbcfZaeKBJgYGtYE5ULze/ZrRycNwjLPFQ==,iv:N/PztwJjBmOaKgX7XKa6+BOc1SWXBnYXpAM+Qszb1+Q=,tag:hyxTI82kQ0V3Kh7+fScTQg==,type:str] sops: kms: [] gcp_kms: [] @@ -48,8 +49,8 @@ sops: cUpBZ01CMEFjNnNuWjlYejVKajkwcGMKehqYCZP0zZHDTfJrC/5LYiE/3doa0OiM OKXhOuUX8HF8RfkyiOSMpntxuNX2jSvd9sQRYnHkUvgm793+IuQjrg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-16T21:36:26Z" - mac: ENC[AES256_GCM,data:ygl2FsfRgl/hfEujFEIT7K5e5oTWafr89wVApEmRwgOqYodHXRglsYu7ZkCrKHXbmHqwK+evuI5RhjwO8ASOcggB1PJexkQoUfCmaPFYBQNDoja21Kw3ImRi1ezYeUqoSAqZ2U349oVlj5du5aFGCa+bctoSNFpBh3CwTGYXih0=,iv:EYsDIZiM6Z/QLoVR5MzsH2PPUXqXnXPNQZP7wGU3tz8=,tag:Xeq3zwYyVlM2QVlFU4ipSw==,type:str] + lastmodified: "2024-02-18T12:27:37Z" + mac: ENC[AES256_GCM,data:TC9TZtHNSKxe6+4dcJZy/Pjb+7++DppfMhTSM0BRoaT0cV+KNjC84Up50Wvt/+d7rQ6m6JuQ5Cx4gX7ypDDUsBNW9dISk411kHbisO8x8tG/9L5sAzBeAzZ7I5I8BC00Z9QmP1FsGG74HLcXr/ogp/zFGvjLprW7brxJ1fG3i5E=,iv:wf9+u0J1UPdTX59hTQ0mqPbonMYXq6s7K/qIPmFmssc=,tag:8jMCC9auxTJeoqbykghkYw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 -- cgit 1.4.1