From ce355885c6a407f2cbaf8e13920eeb9837412eb7 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Thu, 21 Aug 2025 23:52:01 -0500 Subject: [PATCH] add secret for openwebui --- .../hyprland/home_manager/hyprland.nix | 1 + common/secrets/default.nix | 170 +++++++++--------- common/secrets/secrets/openwebui_env.age | 15 ++ common/secrets/secrets/secrets.nix | 17 +- hosts/oracle/o001/nginx.nix | 2 +- 5 files changed, 111 insertions(+), 94 deletions(-) create mode 100644 common/secrets/secrets/openwebui_env.age diff --git a/common/desktop_environment/hyprland/home_manager/hyprland.nix b/common/desktop_environment/hyprland/home_manager/hyprland.nix index 30f33d4..4e1e6d8 100644 --- a/common/desktop_environment/hyprland/home_manager/hyprland.nix +++ b/common/desktop_environment/hyprland/home_manager/hyprland.nix @@ -130,6 +130,7 @@ in bindr = [ # overview "$mainMod, SUPER_L, overview:toggle" + "$mainMod SHIFT, R, exec, systemctl --user restart hyprpanel.service" ]; binde = [ diff --git a/common/secrets/default.nix b/common/secrets/default.nix index bf2bfd0..a01d60a 100644 --- a/common/secrets/default.nix +++ b/common/secrets/default.nix @@ -38,96 +38,96 @@ in # }) # (import secretsFile); { - nix2github = { - file = ./secrets/nix2github.age; - owner = users_cfg.primary; - }; - nix2bitbucket = { - file = ./secrets/nix2bitbucket.age; - owner = users_cfg.primary; - }; - nix2gitjosh = { - file = ./secrets/nix2gitjosh.age; - owner = users_cfg.primary; - }; - nix2gitforgejo = { - file = ./secrets/nix2gitforgejo.age; - owner = users_cfg.primary; - }; - nix2nix = { - file = ./secrets/nix2nix.age; - owner = users_cfg.primary; - }; - nix2h001 = { - file = ./secrets/nix2h001.age; - owner = users_cfg.primary; - }; - nix2h002 = { - file = ./secrets/nix2h002.age; - owner = users_cfg.primary; - }; - nix2h003 = { - file = ./secrets/nix2h003.age; - owner = users_cfg.primary; - }; - nix2joe = { - file = ./secrets/nix2joe.age; - owner = users_cfg.primary; - }; - nix2gpdPocket3 = { - file = ./secrets/nix2gpdPocket3.age; - owner = users_cfg.primary; - }; - nix2t = { - file = ./secrets/nix2t.age; - owner = users_cfg.primary; - }; - nix2linode = { - file = ./secrets/nix2linode.age; - owner = users_cfg.primary; - }; - nix2oracle = { - file = ./secrets/nix2oracle.age; - owner = users_cfg.primary; - }; - nix2l002 = { - file = ./secrets/nix2l002.age; - owner = users_cfg.primary; - }; - nix2lio = { - file = ./secrets/nix2lio.age; - owner = users_cfg.primary; - }; - nix2oren = { - file = ./secrets/nix2oren.age; - owner = users_cfg.primary; - }; - github_read_token = { - file = ./secrets/github_read_token.age; - owner = users_cfg.primary; - }; - headscale_auth = { - file = ./secrets/headscale_auth.age; - owner = users_cfg.primary; - }; - obsidian_sync_env = { - file = ./secrets/obsidian_sync_env.age; - owner = users_cfg.primary; - }; - us_chi_wg = { - file = ./secrets/us_chi_wg.age; - owner = users_cfg.primary; - }; + # nix2github = { + # file = ./secrets/nix2github.age; + # owner = users_cfg.primary; + # }; + # nix2bitbucket = { + # file = ./secrets/nix2bitbucket.age; + # owner = users_cfg.primary; + # }; + # nix2gitjosh = { + # file = ./secrets/nix2gitjosh.age; + # owner = users_cfg.primary; + # }; + # nix2gitforgejo = { + # file = ./secrets/nix2gitforgejo.age; + # owner = users_cfg.primary; + # }; + # nix2nix = { + # file = ./secrets/nix2nix.age; + # owner = users_cfg.primary; + # }; + # nix2h001 = { + # file = ./secrets/nix2h001.age; + # owner = users_cfg.primary; + # }; + # nix2h002 = { + # file = ./secrets/nix2h002.age; + # owner = users_cfg.primary; + # }; + # nix2h003 = { + # file = ./secrets/nix2h003.age; + # owner = users_cfg.primary; + # }; + # nix2joe = { + # file = ./secrets/nix2joe.age; + # owner = users_cfg.primary; + # }; + # nix2gpdPocket3 = { + # file = ./secrets/nix2gpdPocket3.age; + # owner = users_cfg.primary; + # }; + # nix2t = { + # file = ./secrets/nix2t.age; + # owner = users_cfg.primary; + # }; + # nix2linode = { + # file = ./secrets/nix2linode.age; + # owner = users_cfg.primary; + # }; + # nix2oracle = { + # file = ./secrets/nix2oracle.age; + # owner = users_cfg.primary; + # }; + # nix2l002 = { + # file = ./secrets/nix2l002.age; + # owner = users_cfg.primary; + # }; + # nix2lio = { + # file = ./secrets/nix2lio.age; + # owner = users_cfg.primary; + # }; + # nix2oren = { + # file = ./secrets/nix2oren.age; + # owner = users_cfg.primary; + # }; + # github_read_token = { + # file = ./secrets/github_read_token.age; + # owner = users_cfg.primary; + # }; + # headscale_auth = { + # file = ./secrets/headscale_auth.age; + # owner = users_cfg.primary; + # }; + # obsidian_sync_env = { + # file = ./secrets/obsidian_sync_env.age; + # owner = users_cfg.primary; + # }; + # us_chi_wg = { + # file = ./secrets/us_chi_wg.age; + # owner = users_cfg.primary; + # }; # zitadel_master_key = { # file = ./secrets/zitadel_master_key.age; # owner = users_cfg.primary; # mode = "444"; # World readable! # }; - # vaultwarden_env = { - # file = ./secrets/vaultwarden_env.age; - # owner = users_cfg.primary; - # mode = "444"; # World readable! - # }; + vaultwarden_env = { + file = ./secrets/vaultwarden_env.age; + owner = users_cfg.primary; + mode = "444"; # World readable! + }; }; }; }; diff --git a/common/secrets/secrets/openwebui_env.age b/common/secrets/secrets/openwebui_env.age new file mode 100644 index 0000000..66eee18 --- /dev/null +++ b/common/secrets/secrets/openwebui_env.age @@ -0,0 +1,15 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBORVRn +WmpIQStaRnV3QU9wMStQWHJMTklhb21nM3YyRE1xdWNxcWZEelRnCnZvckQ1K0hE +UkNyZGIvTFhpU1JtcXgzTy9QK2hhV2JYcm9nczJSbXgyS1kKLT4gc3NoLWVkMjU1 +MTkgcGVGQlFnIFU4QndCcjhFbG05M1prbGkwcFlYWU1WT1NkU3ZCZ09SQm9sMERC +OGZnMGMKbnBqNzd2dnBQT3R2YXBraEZKVFBJeHJXU1RhOWwwNHdGbC95TzhDM1g4 +MAotPiBzc2gtZWQyNTUxOSA5di8ySEEgOGdMRXZ4cnd0VFdxNlBHYlI0S2pCTkZo +dGtnUm4vaGFQanpKMFRjVjdHSQo1aStST0hFdkR4T0syekFZZXM1b1JBbXV4bFB0 +RVIyRG0raEZDVmt3L3owCi0+IGxLPUBZOS1ncmVhc2UgOyAqIH06U1EgQCRXdn1K +CnpSdjUwaDI1eWE3ckNBCi0tLSB2ZTJVTHphZVhBQndhUU1GZTYvYlFMT3h6cVRE +SzBoK2sySStmWm9SSnU4CjTkglKu9/CMRrbdagHF1uNxTOBSthOhyAgfcHLXHwXe +dtZiEnev479tMoIo2OXi5ODZpz1LTCkBMO0yRY6JlmNVlwpByNJkyij5bwXbUiPy +Mk9airOI/s5fIEIStb6ei8TMgy68trToK8JUmBtK8JzL9fkJDET9YyQh8N3BTUMR +8M2cUXX1qFjP7dyRDOQiq3LQEKpywUIuGNASDw== +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/secrets.nix b/common/secrets/secrets/secrets.nix index b68e6f3..e30b958 100644 --- a/common/secrets/secrets/secrets.nix +++ b/common/secrets/secrets/secrets.nix @@ -123,12 +123,13 @@ in "us_chi_wg.age" = { publicKeys = trustedKeys; }; - # "zitadel_master_key.age" = { - # # h001 only - # publicKeys = authorityKey ++ h001; - # }; - # "vaultwarden_env.age" = { - # # h001 only - # publicKeys = authorityKey ++ o001; - # }; + "zitadel_master_key.age" = { + publicKeys = authorityKey ++ h001; + }; + "openwebui_env.age" = { + publicKeys = authorityKey ++ h001; + }; + "vaultwarden_env.age" = { + publicKeys = authorityKey ++ o001; + }; } diff --git a/hosts/oracle/o001/nginx.nix b/hosts/oracle/o001/nginx.nix index ed89398..c0b171a 100644 --- a/hosts/oracle/o001/nginx.nix +++ b/hosts/oracle/o001/nginx.nix @@ -116,7 +116,7 @@ forceSSL = true; locations."/" = { proxyWebsockets = true; - proxyPass = "http://100.64.0.1:3080"; + proxyPass = "http://100.64.0.13"; }; }; "gist.joshuabell.xyz" = {