secret 2
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
{...}: {
|
||||
sops.secrets.litestream = {
|
||||
sopsFile = ../../secrets/michael-litestream;
|
||||
sops.secrets.gitea-litestream = {
|
||||
sopsFile = ../../secrets/michael-gitea-litestream;
|
||||
format = "binary";
|
||||
};
|
||||
|
||||
|
||||
@@ -53,7 +53,7 @@
|
||||
|
||||
services.litestream = {
|
||||
enable = true;
|
||||
environmentFile = "/run/secrets/litestream";
|
||||
environmentFile = "/run/secrets/gitea-litestream";
|
||||
settings = {
|
||||
dbs = [
|
||||
{
|
||||
@@ -61,7 +61,7 @@
|
||||
replicas = [
|
||||
{
|
||||
type = "s3";
|
||||
bucket = "gitea-litestream";
|
||||
bucket = "michael-gitea-litestream";
|
||||
path = "gitea";
|
||||
endpoint = "s3.eu-central-003.backblazeb2.com";
|
||||
}
|
||||
@@ -92,15 +92,13 @@
|
||||
};
|
||||
|
||||
services.restic.backups.gitea = {
|
||||
repository = "s3:s3.eu-central-003.backblazeb2.com/gitea-restic";
|
||||
repository = "s3:s3.eu-central-003.backblazeb2.com/michael-gitea-repositories";
|
||||
paths = ["/var/lib/gitea"];
|
||||
exclude = [
|
||||
# Database is backed up via Litestream
|
||||
"/var/lib/gitea/log"
|
||||
"/var/lib/gitea/data/gitea.db"
|
||||
"/var/lib/gitea/data/gitea.db-shm"
|
||||
"/var/lib/gitea/data/gitea.db-wal"
|
||||
# Logs aren't needed in backups
|
||||
"/var/lib/gitea/log"
|
||||
];
|
||||
passwordFile = "/run/secrets/restic-gitea-password";
|
||||
environmentFile = "/run/secrets/restic-gitea-env";
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:YrqKBq2eIlYQcXZJ660/IPDULjudhjuBVYY9y7rIIFLwuL2n7ZxgdyRu/tBuK6RpAjZJKvXLC3dCMzhFfopUUxLXYrG6PTTfdnax2snSD8x7Ph4IRPbOKqM+iyP5nREs4G6hEWe7Pl9VT4oTWQ255g==,iv:sswA9TNXE+8X53xHMwQ6Kq1tl1LAccsyxe22D8sYOUc=,tag:Tu0m6pkn1DFDuDoYfrHxsQ==,type:str]",
|
||||
"data": "ENC[AES256_GCM,data:NuyR/Nu6sYO28qWso5veT4cSwC/ZLVNS0qUvaqrj0ubB2gkUV1hM1vAxk5HQco8BEi6x4CIiFKXlxsVEvzk7VE3DaXj4WU9xCvG6qLmN3zcdxRtjbdh8nctCfhY2s7RPa+GWYceydGhyqm7CkaoyCw==,iv:bSI6I5zZQ5wJqMi5AMG2kCsZqmgUkcR2zxhBIfg5284=,tag:A4xqVmu0qx/Da9cM7QzK7A==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
@@ -23,8 +23,8 @@
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbisrSmNMYzBnSUdHbWRr\nUzBJbVp4TEc4V20yVWRnMnkxNEloVE5BaUUwCnlwQzljd2hDMm5lR3BQMllaaGNk\nWEhDYklFRkRzdXRSR3MyVFlzNFV3bzgKLS0tIEtKU2p1TXJ0V21hQVM1VDgzOHo5\nNGVzTHVxYmg4WGFDZU9XOFl3ckhmRFEKIUelcIV6U+wpWie3rurg4LnpEjHIsaEG\nNiN9nILQGdD0pyDuA3zAybuakKK0ou/yTiXTP2uuLGujPlFD9BaCAA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-12-17T16:09:07Z",
|
||||
"mac": "ENC[AES256_GCM,data:iH1rpteK1WaO1OREm5Ze1Gy00u67KFKIQZwqjIJFhmy8CHOsG45ExltkIb41kM+zPE8ofxy3PGBvrqbMTtAh5rM676VMpRPQtTSt5uRHBJ+5uJBlIY/CRcOPkuT3TZRj2/zoNM0nzBsuOjuM7vpp0FDOlR6OaaB73HopfMemlh4=,iv:Uvw1UQtIHMq4mm5I62p23pt20D9kRfYe8ixBbXYAK0k=,tag:Vpdlr7PZZRPNiLVqGRZQpA==,type:str]",
|
||||
"lastmodified": "2026-01-04T19:45:21Z",
|
||||
"mac": "ENC[AES256_GCM,data:iiqkI0oXgsKuFabmYKj/45/Oau88TOOdhcfkwb3thfh/UgXE5wLo/9NbWlpvyG+d9BXP4iP9uy7LRfjoIDh1Snv+u5g1mkwiW/Ke0phC2II6zFRpdPmrXEU4DLijJsWL7lGGs42XTW/9CbJ394HY0g1dOf1BfWn0kXF2iLcUP94=,iv:0MDy65aTN2bYjeOGzcA38uFqrUQjrxJfsYs39jmOKg4=,tag:wQ0NT66oLy4rHHoUZdNyPA==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.11.0"
|
||||
}
|
||||
31
secrets/michael-restic-gitea-env
Normal file
31
secrets/michael-restic-gitea-env
Normal file
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:NfUvXTZiegMiJdLNvcc6rvQYc5Y0yMrkWbg2e96fhI8Cxvpt2Wf7IMm9hHJJmZi0Uec5dik4hkwXk7cB0RcoQjHc2qQ7cr+12mGyGBxZawlgGdYpBwj/TrPN5nEZFbBb3bg=,iv:tQ/1d2SZKZXOiQrRSR6L5sG+cdGk3jKTLvSTy+v3Kfk=,tag:GHrLtX6IokXJbMPwIJ7juA==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1njjegjjdqzfnrr54f536yl4lduqgna3wuv7ef6vtl9jw5cju0grsgy62tm",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvWkpuSGlremFoTS91amxa\nV3FaVW9LN3haSjZkbWZWUDI3ZkhVaFQ3K1VjCnhINERWTldNYm5FelZKZTk0eTFq\nUEkrV1Q1ME1IVENmYlMyZjBlTGd3eVkKLS0tIG9XbXdWR3dMNVJ4cXV4N0lhUGRQ\nWEJaZlBJMmxPRG9ianMxc29uWXlKWG8Kaa4EBDyJDKu+ijvDlAf3OmQwN5j1K6ZP\ng15r1BhCB0SzFTXbtC7eQo1QP5x578Dxa1ygFqprC9HeExeXVv7OWg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age187jl7e4k9n4guygkmpuqzeh0wenefwrfkpvuyhvwjrjwxqpzassqq3x67j",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLR0xLT1dvaXBsNzVNdmp4\nVWxPckZlc3lwZVZxMHpRQ1FFajNlUnNGN0NjCnhQVE1WSDB3STd0VytobUJQNWsr\nTzRNMm9rSVRpRS9CVFdzQ1J4WCtjbmcKLS0tIDNBMkI2MmdLOXJTQXRmTDRCVHZo\nbjNLNDgzNFlIVFVpQ3B3WkNIay8zNFEKgvfmctBeJZGBRHWFxa5+glrDQrQQjuOi\nAJruP2S/76899HR2RaMIi5SGKbzBGN7AOw52hLF2sFklksp0ehc0eA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1dqt3znmzcgghsjjzzax0pf0eyu95h0p7kaf5v988ysjv7fl7lumsatl048",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBVjFwYnVFSHBEbXhmU1NZ\nbURUaXgrWE9DT1dhYkJ5djgzVllKeWhUYkhJCitWV1Z5am0vNUJTMzcxVnoxZHdI\nVVFXbDdUaVNuTXFPdFJUSVN3UXF2bzQKLS0tIGE3bVFNZTFCUGVzRWxVMi9PQ0N5\nYjM0ZmdiOXozUm0rUHVZN1dKSkFlaDQKYD03tlAlsUQ+mIue1EcvAK1mslv7J/Nx\nOAxVTEWZC3tjuJpJfnwEGDKKf0Zw24Ytqy429gLL4QFKFIZNTSjzvA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1ez6j3r5wdp0tjy7n5qzv5vfakdc2nh2zeu388zu7a80l0thv052syxq5e2",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmUDlTZGFJVlE5T2VuMG5I\nMEJSQ25DZFpmSFArbXpVeFlncGhZY0pVcldnCisyTlVmbzhwWkVDbXFJcXRNdFRZ\nNTFtNE9JcWdzdzNiaFdkbUxtcjVXdzgKLS0tIFdySDJUVnZFQmtYVlBvNitYY0FV\nb0xjbStobk0yTXhxNWcyRk9aWjJYMUkKMyPmCXSqCuWYV65ey38N7vu4CqT43My9\nHU0H4MEi8LRNHcqzs2dJFRC2a6gmV4+ca4Uleze4rOiJX8g2DDwDAQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1tlymdmaukhwupzrhszspp26lgd8s64rw4vu9lwc7gsgrjm78095s9fe9l3",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxcUdZeDY2UzkvK0srMmhP\nTDlPVFFSaVhqVjJLMjBWdVdNVkt1TlZhRlQ4CldYTm10Z0o0alRKeUVqVmU3RG0x\nbTI4UlJLaE9ETzFmcmtHZTZYdzVTSDQKLS0tIHFPazJsVTRlRm9LU1FYalphVWU4\nbEJMa3ZRZjVNMVoyOTVWbXdYY01wUjQKuVG4rQ+BSIRuBb0NVua0ZCRi2KQmz+k1\ntSFckzBr3Rs4GjzZctznmTYcIS5euNAAkaZUcdbm9rFp634FwnppKA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2026-01-04T19:47:06Z",
|
||||
"mac": "ENC[AES256_GCM,data:dD9rNZRzmVdtLjkPv0V0zjGGcoX91Jcdrzpp6t7JcolINv0Hg21RIaEC7S9DRI1vBHAjlhVSqYksALsB9c4v6yjI4HKzID6Ao+SyOMLSbdLI1iHIviPkV8LTagM62vea2IWSL7/sWHoYJtk585lEHyxyM5p58yHnfxjXifMs1Wg=,iv:6xgjc/kw7CcI1iGpF6g9dZqgO4gRfOj4s8Mq6DRLEjs=,tag:GK3JWeoTPcXV9Jq3j7I4Hw==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.11.0"
|
||||
}
|
||||
}
|
||||
30
secrets/michael-restic-gitea-password
Normal file
30
secrets/michael-restic-gitea-password
Normal file
@@ -0,0 +1,30 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:mZsEULW28vLpV+Z0u/TjtuoNNJwmWT15pNMObTJa5aQcZeDLvr1MdUgIg8ccBOzNbJ/uVPN2Oz+OIGYQe//lY7g=,iv:PsNOa0aUXSKXwg7HoETxtsSa9gpYveTZAOyBG0gXlWA=,tag:RUHiDvt2npc6V06/FQcBEQ==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1njjegjjdqzfnrr54f536yl4lduqgna3wuv7ef6vtl9jw5cju0grsgy62tm",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjOXEzc0FhMXJ0djNyTk03\nUG96SW1sWFpPWjVuVkZuTWlWVlpLUXFwTkZNCnNQTXlkQ3hQaXljQXdibmZ5NUwv\nd1VQUUd6UXUrNndldFJiSktFcnM3NzgKLS0tIGFGSHdlY3ExQjlmYjAxU1VLSVVt\nOXdoUWl1SFpwa211UE1FbzkvVXZ6eTgKunPqEeM8LvnsxhTtPBMvCtzcF8/3Zs1s\nqLl5Quz1eS1mJnbMvCwQsHpYS8V5IvZH5fEzu9GqJjC2CFJsKm2dkA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age187jl7e4k9n4guygkmpuqzeh0wenefwrfkpvuyhvwjrjwxqpzassqq3x67j",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVeElIeTNIdmlPbTA3SjdI\nZXRjNDdtZ1Y0dTZ5WkFNdHd5MWFqM1lySnprCmdzRGR4bXVtZ0V6TVBZVFpObytO\nWmJUREgrdVhVQUt6eU45c1lWWWxZSEEKLS0tIDI5Tm1YOXFueHRrdXFmU1UyOGRC\nNTJPZmhjdE9IVzJicW5jRE16MEhiMkUKRSQofAI1fHWPJInD2ag4Wx7K9ucBxa/G\n7lwpBMu2Fr9F/9ac+0sBToyKBOm/vNYFOsXn4ukP4FvmLYgtsJGVsw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1dqt3znmzcgghsjjzzax0pf0eyu95h0p7kaf5v988ysjv7fl7lumsatl048",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKZWIzemZQbEZvWnEvOU1a\nSTJDWUxrZ3Q2bXNYVEMreG9OUDBnOGhabEZZCkJFYm5pbWtKNXFPVWYvVFFCN2JO\nUnBheUFDMytTUVZ5QUVMR3Z4WHBZNnMKLS0tIHk5cXJuNWR6NUpBMFFZeER0R3R5\nbGhPUktybUZLSUo4OEhlQkRuSGlwK1UKwwcSTVWxp2M8Fi0nGYBPSe/niWC2ypFR\nmJoXFfLKfNWJDRNn4VkYHNMunpxQh5OKo2xILvbNDywrFJMZhQ0wsw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1ez6j3r5wdp0tjy7n5qzv5vfakdc2nh2zeu388zu7a80l0thv052syxq5e2",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSZ20rVDNib21qKzJsTkp3\nbGVIWHlXQVUwSnNpU1AvRm0vdTc1d3Y2M0Q4CkFGV2VNbSsyVVY3M1grWHdZdUlH\nV0UreWVUdURiUFVzWUdyV21jSlBFWWMKLS0tIGRFSUFmaUQxOW9wY0U1MEErL2ow\naWdlNFJRRWh3OE0rRnV3RGJQblJCMGcKbiCxlAqeRLSI9GXPSVO/KBxPi2qsTGcq\nHoEw8WxruwUlpJVNudlB9+k1RkJr0ARudEDxhJtZGLB2x1yaDZqJyw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1tlymdmaukhwupzrhszspp26lgd8s64rw4vu9lwc7gsgrjm78095s9fe9l3",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxM0RWcFRIQzh3Q2F4OTdq\nNVlWQWZjTmJVb0Jwb1dRdXd4UWxRUlNPNVVjCkN3MGFjajZ6TkdkMzQ0TFRSUkdI\nUVFWMkhHSFcyUDlpV3ZVaWdVU1BST1kKLS0tIG4xdE9pVk9rbmlmN3M4V1lDcjRr\nY29BcHc1eS81SXgwdFkxTzFXNUc4STgKmiFwqCcP6OX+3PzAi/jqa3x8p4NCfhHM\nVJh8EX7E3IH61XudzODcUmKoN4vY4LkpAmnRZCO4e6BEw+DfMicmWw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2026-01-04T19:44:05Z",
|
||||
"mac": "ENC[AES256_GCM,data:utjekNdQg8gBzHjTjfB2cfIcDdDGgVcZpNT9INHvxW4mq0hY21kEwocLqsRyYwyoxefxuCJw3ZZddCf64FmXuJfEqWWmH0etR0VnxIRBtU9UHkyjZlDDPJi4o1+U70xYgXK+fcxnscd89+guyrHS0SbM66C/jzTSRBzirPGxONM=,iv:YibuMU7zqPGiSsmTIOLxQalczmGuMs2/X5MaSjxWJT4=,tag:c3PBMU4TGcBPjJGW7rkDzw==,type:str]",
|
||||
"version": "3.11.0"
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user