From 32bbf23e2fd2727a1cdead40f0ef2e283cc441c8 Mon Sep 17 00:00:00 2001 From: Eric Torres Date: Sun, 2 Nov 2025 20:51:15 -0800 Subject: [PATCH] hosts/app-01: add config and secrets for stirling-pdf --- hosts/app-01/default.nix | 10 ++++++++++ secrets/app-01_stirlingpdf.env | 22 ++++++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 secrets/app-01_stirlingpdf.env diff --git a/hosts/app-01/default.nix b/hosts/app-01/default.nix index a51bb46..3d42e93 100644 --- a/hosts/app-01/default.nix +++ b/hosts/app-01/default.nix @@ -25,6 +25,12 @@ owner = "searx"; mode = "0400"; }; + "STIRLINGPDF_SECRETS" = { + sopsFile = ../../secrets/app-01_stirlingpdf.env; + format = "binary"; + owner = "stirlingpdf"; + mode = "0400"; + }; }; dockerserver.enable = true; @@ -33,6 +39,10 @@ enable = true; environmentFile = config.sops.secrets."SEARXNG_SECRETS".path; }; + stirling-pdf = { + enable = true; + environmentFiles = [ config.sops.secrets."STIRLINGPDF_SECRETS".path ]; + }; services.traefik = { staticConfigOptions = { diff --git a/secrets/app-01_stirlingpdf.env b/secrets/app-01_stirlingpdf.env new file mode 100644 index 0000000..7eadaf3 --- /dev/null +++ b/secrets/app-01_stirlingpdf.env @@ -0,0 +1,22 @@ +{ + "data": "ENC[AES256_GCM,data:vX2QSD8Iz9epPBnbS/j923JU0oCi552LKL5X9l+AsrM2i+EbChTknDf0wKGNMMtn4WskC3zMyN2P6WsR+FRtjEBJCgArINVmTVxV5R6dpxR0C38/i3usYT+CUiOIx3HTJVfFCUMpcy+iLjNdExg27i5gkD9REGcw49jML8SuT5MxJNtxhBkWSWjJAmio41pddnjPRpI4R7kp2gODWCMv28Ev1uIbopjOKY9yOa1ree9HAGcTxSizCOsjSCL/EJod9XBxroARhLoRUqHKYLPPcx1v9d4N9RDCS0Xh/JlrNDQfu4nv9bz/apHKpn4709giapQQoFeVFmtXP0RSYi4I6fZeCgDUp13gGoy0e/+3IUoyXRKOUApJaC2ser/5+ovf2QeO7MqnJmvtIqCJOJeK4w==,iv:xDM/tpSC7OqDu0ciF/kzlp6BapdG6H48Zyl7mNA5Sbo=,tag:IhZBJ4NceiuxP/lAbC7UwQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1jmsrfddctahhznfv7jv77tgw5crmhjhe0e0kzc967hvax4sulv3s6hp2su", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHcGtIWVIzL2dkM281RXBy\nU21pRXVLRnZtaC9QKytGcC9pOGFKeGY2WVJnCmdMVFpRZzNEd0xwV2dyTjdhUjJT\nbFNPQUh0Yzh0T0VuS3F3TDg1c2tBZzgKLS0tIGlOMUtIR2RVRi9kWkk3NUI2aFRr\nbytYUFprcHVZVUlKMkFXaFhNblJsUEUKz8gSkVIM/7i2bKOAItTrlZZY3CfQlTWu\n3xxWrWguvkNctDdeTJQFM4X/oHcYH1QTXezvYU+j2zOdAyVr3/4/YA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1g0vx0dgpzy3et6kuejf4xn4n0acr3666p8j4ygaulefh5mq3vyxs7mgjat", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2UnVlSzdnTHU4ZUwwUDIv\nRDkySmtpdGZoNEFMNVpwYTU2NG9wa1ozYVI4CldVam9oM0liOGlRcXZGOHE3eG1O\nWG9hUFdCQlNwY3pLdTJvSkdzaHp0ejQKLS0tIHFMWDRiMDI4ZGs4TytpL2s2VUp3\nRlloaTZUeTJVcUhpazlvU201ZGVKMGsKQvoI/fgvAfdGaT/KQ225uQBBAQwkFmC1\nkTqL+DqmC3F5bxazVLobQvZMEXvobSpuV2AT8oRC6AO4mGxkHQsmYQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1d0crvyst36euqdjsfu22xx87njd9gnmgdam0m289472h8ycmmc9s04v9ru", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPOGpQQkdYZzhxUHFTczBo\nbWVPb1N3Q0ttM211T1FsZjZ4ekFPekMwaUh3ClNlV3NhaTJJbk55ZldIVGJNR1hD\nQ0JPQXBFTjdNajQ2aExhNjZJZmhUYUEKLS0tIHFuejZ6ejU3c1FNYWxvY2NrWU1r\nNUIwNzZUT0R2bmNOcDJXZkdGSTZVTWcK2NNNaJx7R9WyMGNcaTv2pHIfsI4eAQog\nl6efAI+E5dN3ypZC0OUtPA5eq25O98QGcSDemkELVhAgWXZLrrKTrg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-11-03T04:21:17Z", + "mac": "ENC[AES256_GCM,data:k8fUiTCjJzL2V8Vfd6ZjcR426STTeTjzX+o418Z23cJ9NQlZj2zl0vaaybYZOT4vr/yY2Ef52N+plmCMeiIenpKeAc2SVlpCe5bRYBqBEM3hOSM66a/LUHSV0YsfjGCg4PSb0FN7odHO3OuuWVKDSvfG+MzJiAEzg3etgoMfcd4=,iv:moF0DWZLD24+lX8A4qzJI1O9GviK/Bj7u6F9FcQzSe4=,tag:DN5+SMc9djH60LiLpg5Zgw==,type:str]", + "version": "3.11.0" + } +}