commit fd92fed7e24418782b483030b62ae8bfce78ff62 · soopy.moe/gensokyo

+6 -3

creds/sops/koumakan/default.yaml

···

       82
       82
        
           entra_secret: ENC[AES256_GCM,data:h5tiggV5MgUby5tZ7oLqxAiJReB9L07XfEzfBWoSkgxJFm3mTDH3jg==,iv:xBi9pBWmyg+KGcGMxTXsabzK/uqcNpHdXdJ36UtiET4=,tag:OFyuvZuXvE/L/jBJSU3Vpw==,type:str]

     

       83
       83
        
           turnstile_key: ENC[AES256_GCM,data:r60Jgabtrkx9vYenlb0u+IM00PbD+v+V4/Vb0JT8Y/7lcoQ=,iv:GfcCLWI+mRlbOr2DDDs6nzWKpABJUP0xtrAyK4xhP9g=,tag:J9MO8UULfIT7nhf7/icuoA==,type:str]

     

       84
       84
        
           ipc_token: ENC[AES256_GCM,data:Klu5jBDkvCSY3b0+MDQNSer6FQqUPOltjS8tYmu2VwL3q0QqRDtfzejJA6rqpsW1hboeTNrYLlZu6VP/NpV8NqH/0NR/C60S/X9JsMADeyiwrWqGw1YRHhFnd+5f8n1C/m6AhfV4OnAHNtWOx7EF9tTPzU4fJf6yU7h+xK828/TnE7PMie1en+TKbaGGyaTr/6cv/ciCzY6GTFkZcB7uokhXs/rJJ1an4KsfTQ==,iv:KsFwwr2uzVa88+42gZCGRjfxuVLFlJ/kIi9KQn4e8GY=,tag:WNOE3y1HgIaILPnLqSgDEQ==,type:str]

     

       85
       85
       +
       pocket-id:

     

       86
       86
       +
           encryption_key: ENC[AES256_GCM,data:aSWSWrd1dR6NpwLJE3Je4j6bnBMq7QFD8VX6u4XIKqFq3shwuM/fZitblSfVX92UdDFZnsZyRiAf57rH/9PB+saoOcdSUkC/rTYO0iGFLQLcOiSMfBdyKA==,iv:ZlCrKpT8LrcqDK7uCr1m8vp+reCdwcG6KhxFQsB+KqY=,tag:+MvOEXBnUP5QleY5f6kbuA==,type:str]

     

       87
       87
       +
           maxmind_key: ENC[AES256_GCM,data:KfGuV+GbrZhDSDovV7eHu7nffOB6j+z6wsXQxlaEB/7tvwucn2wbxA==,iv:+t5nNpRE/x1cSZ+Ee6fHj5x1vKqTP/6NGqiUlhdzTxs=,tag://rUceu5SeIpgKGiP6+Pkw==,type:str]

     

       85
       88
        
       sops:

     

       86
       89
        
           age:

     

       87
       90
        
               - recipient: age1l3qxt6630dzesdclfm3eqgw3uuhwj09dh6typwlwr6clcv0qhfrqgtj2fk

     
···

       111
       114
        
                   QUlVNExmVGd2QXJwVmRGa0JvMmtocEUK7Zo0Mtj3oZm5Etp61cGbLs+2XP97pjR6

     

       112
       115
        
                   rtfHnuxceJj0+yBugfwgFD1TGJ+6M7z5YCwTx+GAvbPDrmSm2TGrwg==

     

       113
       116
        
                   -----END AGE ENCRYPTED FILE-----

     

       114
       114
       -
           lastmodified: "2025-09-28T16:46:06Z"

     

       115
       115
       -
           mac: ENC[AES256_GCM,data:gWB+a7urGrcH81OoVCMANMRWvHihxXyg7S5IkxhnJ+OFNW+gTB0E7ZV35GOCTnBk0W+pUgL3Rqb63LZ7HSWkCx/iCHwKZXuYFKLsHPp7123E9QTUI1uTcfCiZE/mUT5MD0UQzfv4NwQqZMReMa4vJaodFz1tdvMrDHwbA9LP8eI=,iv:LWY0fMDtGvSLIoPsfm6c/hEFxytXZhXziA5OCa3sM+8=,tag:AF0SrnpyZdgiTMKYIMb/FQ==,type:str]

     

       117
       117
       +
           lastmodified: "2025-10-13T08:42:55Z"

     

       118
       118
       +
           mac: ENC[AES256_GCM,data:ocIWuopOoiUMxc6TMCxzBuicp5rzqX9oE9pXaIbFkRxjXwmskUwS8s00Xzqgo1K60+tnBFFK+zma+jMd7fKeBtkUqD00dgXMnLlUNmUt2s+Mq34nCt3hiNSOcqQHjBBIeSEiy/gqn1umdnCkV/zLBEP10u/EOdJ1Dlb1vA3gvqs=,iv:xS9HBMGmATAH/IxFide0tV4lTZ1HwjBTm+Be+4exczo=,tag:JQTIYw+PQ03mx5JE8rNPsg==,type:str]

     

       116
       119
        
           unencrypted_suffix: _unencrypted

     

       117
       117
       -
           version: 3.10.2

     

       120
       120
       +
           version: 3.11.0

+1

systems/koumakan/services/default.nix

···

       19
       19
        
           ./databases

     

       20
       20
        
           ./games

     

       21
       21
        
           ./mirror

     

       22
       22
       +
           # ./notifications

     

       22
       23
        
           ./proxies

     

       23
       24
        
           ./scm

     

       24
       25
        
           ./security

+1

systems/koumakan/services/security/default.nix

···

       1
       1
        
       { ... }:

     

       2
       2
        
       {

     

       3
       3
        
         imports = [

     

       4
       4
       +
           ./pocket-id.nix

     

       4
       5
        
           ./vaultwarden.nix

     

       5
       6
        
         ];

     

       6
       7
        
       }

+36

systems/koumakan/services/security/pocket-id.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         _utils,

     

       3
       3
       +
         config,

     

       4
       4
       +
         # lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       7
       7
       +
       let

     

       8
       8
       +
         secrets = _utils.setupSecrets config {

     

       9
       9
       +
           namespace = "pocket-id";

     

       10
       10
       +
           secrets = [ "encryption_key" "maxmind_key" ];

     

       11
       11
       +
           config = {

     

       12
       12
       +
             owner = config.users.users.pocket-id.name;

     

       13
       13
       +
           };

     

       14
       14
       +
         };

     

       15
       15
       +
       in

     

       16
       16
       +
       {

     

       17
       17
       +
         imports = [ secrets.generate ];

     

       18
       18
       +
       

     

       19
       19
       +
         services.pocket-id = {

     

       20
       20
       +
           enable = true;

     

       21
       21
       +
       

     

       22
       22
       +
           settings = {

     

       23
       23
       +
             PUBLIC_APP_URL = "https://gatekeeper.soopy.moe";

     

       24
       24
       +
             TRUST_PROXY = true;

     

       25
       25
       +
             PORT = "31411";

     

       26
       26
       +
             KEYS_STORAGE = "database";

     

       27
       27
       +
       

     

       28
       28
       +
             ENCRYPTION_KEY_FILE = secrets.get "encryption_key";

     

       29
       29
       +
             MAXMIND_LICENSE_KEY_FILE = secrets.get "maxmind_key";

     

       30
       30
       +
           };

     

       31
       31
       +
         };

     

       32
       32
       +
       

     

       33
       33
       +
         services.nginx.virtualHosts."gatekeeper.soopy.moe" = _utils.mkSimpleProxy {

     

       34
       34
       +
           port = 31411;

     

       35
       35
       +
         };

     

       36
       36
       +
       }