Working NixOS port: all core services operational
- Fix Caddy cfProxy helper for cloudflared http:// vhosts (X-Forwarded-Proto) - Fix Authelia LDAP bind (readonly user ACL + password sync) - Add gitea-admin-setup oneshot service to survive rebuilds - Update Authelia forward_auth with header_up X-Forwarded-Proto https - Update TODO.org with completed tasks and LDAP config details - Remove old Helm/k8s artifacts (Chart.yaml, templates/, values/, scripts) - Add result to .gitignore Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Aner Zakobar
+23
@@ -0,0 +1,23 @@
|
||||
# sops configuration — controls which keys can decrypt secrets.yaml.
|
||||
#
|
||||
# SETUP STEPS (do this once on the Pi):
|
||||
#
|
||||
# 1. Install age: nix-shell -p age
|
||||
# 2. Generate a key: age-keygen -o /var/lib/sops-nix/key.txt
|
||||
# 3. Print the pubkey: age-keygen -y /var/lib/sops-nix/key.txt
|
||||
# 4. Replace AGE-PUBLIC-KEY-PI-MAIN below with the output of step 3.
|
||||
# 5. (Optional) add your own age key or GPG key as a second recipient so
|
||||
# you can edit secrets from your workstation without the Pi being on.
|
||||
#
|
||||
# To encrypt / edit secrets.yaml:
|
||||
# sops secrets/secrets.yaml
|
||||
#
|
||||
# sops will re-encrypt the file for all keys listed here every time you save.
|
||||
|
||||
creation_rules:
|
||||
- path_regex: secrets/secrets\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- 076AA297579A0064
|
||||
age:
|
||||
- age120j8ty7nn04l3s3kgph5ty3v9g4e52fknn8xtnmzwakq9nv2la3skgte0p
|
||||
Reference in New Issue
Block a user