put pihole password in secrets file and use systemd to auto change it

This commit is contained in:
tdback 2024-11-12 21:53:39 -05:00
parent 35d46ca712
commit a1b24090aa
3 changed files with 22 additions and 2 deletions

View file

@ -1,4 +1,4 @@
{ lib, ... }:
{ config, lib, ... }:
let
ip = "10.0.0.203";
interface = "eno1";
@ -22,13 +22,26 @@ in
];
environment = {
TZ = "America/Detroit";
WEBPASSWORD = "CHANGE_ME_PLEASE!";
FTLCONF_LOCAL_IPV4 = ip;
INTERFACE = interface;
};
extraOptions = [ "--network=host" ];
};
age.secrets.piholeAdminPass = {
file = ../../secrets/piholeAdminPass.age;
mode = "770";
owner = "share";
group = "share";
};
systemd.services.podman-pihole.postStart =
let
password = config.age.secrets.piholeAdminPass.path;
in ''
podman exec -it pihole pihole -a -p ${password}
'';
networking.firewall = {
allowedTCPPorts = [ 53 80 ];
allowedUDPPorts = [ 53 ];

View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 VoJMUA CGfkrC5LHa88XpHrxGJAELHXi+fcoSILipOJjxWPWhQ
ZSlQrcKXSeaevABSk8Xf76PPZZGC3jp+fdhxvB2u60I
--- m/rAZBuJimyZwQF5Q7AR3bmJoIcyekaprdxpZzZM0Go
nT÷½(гÈwiÄVÆÍÄâÊÎq='*u<Ž= ÃsO)iµ«.p cï®V¤1¹Ç] JÅyà*®ÊnQv

View file

@ -2,12 +2,14 @@ let
systems = {
eden = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByi8x1IgXBC6iw6MJoO7xIkkU4bdIaQ3Mi6zEtm+IJh";
oasis = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICCvgPNEJrWjeCUmF/izLhIzaAwSNYHW9o5meYmGHGzj";
raindog = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINq0rMkFlizGPijlHKMYS9CGWJ2T1ZJHqaLozWdoySz2";
};
allSystems = builtins.attrValues systems;
in
{
"forgejoAdminPass.age".publicKeys = [ systems.oasis ];
"forgejoRunnerToken.age".publicKeys = [ systems.oasis ];
"piholeAdminPass.age".publicKeys = [ systems.raindog ];
"pushoverAppToken.age".publicKeys = allSystems;
"pushoverUserToken.age".publicKeys = allSystems;
}