Aner Zakobar
0b73d493d8
- Fix Caddy cfProxy helper for cloudflared http:// vhosts (X-Forwarded-Proto) - Fix Authelia LDAP bind (readonly user ACL + password sync) - Add gitea-admin-setup oneshot service to survive rebuilds - Update Authelia forward_auth with header_up X-Forwarded-Proto https - Update TODO.org with completed tasks and LDAP config details - Remove old Helm/k8s artifacts (Chart.yaml, templates/, values/, scripts) - Add result to .gitignore Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
24 lines
862 B
YAML
24 lines
862 B
YAML
# sops configuration — controls which keys can decrypt secrets.yaml.
|
|
#
|
|
# SETUP STEPS (do this once on the Pi):
|
|
#
|
|
# 1. Install age: nix-shell -p age
|
|
# 2. Generate a key: age-keygen -o /var/lib/sops-nix/key.txt
|
|
# 3. Print the pubkey: age-keygen -y /var/lib/sops-nix/key.txt
|
|
# 4. Replace AGE-PUBLIC-KEY-PI-MAIN below with the output of step 3.
|
|
# 5. (Optional) add your own age key or GPG key as a second recipient so
|
|
# you can edit secrets from your workstation without the Pi being on.
|
|
#
|
|
# To encrypt / edit secrets.yaml:
|
|
# sops secrets/secrets.yaml
|
|
#
|
|
# sops will re-encrypt the file for all keys listed here every time you save.
|
|
|
|
creation_rules:
|
|
- path_regex: secrets/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- 076AA297579A0064
|
|
age:
|
|
- age120j8ty7nn04l3s3kgph5ty3v9g4e52fknn8xtnmzwakq9nv2la3skgte0p
|