From 13b06e86a44a42c58d983b106eb7d9f9af9e8b7c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Wed, 28 May 2025 14:42:19 +0200 Subject: [PATCH] Try new onlyoffice version --- secrets.nix | 3 ++- services/onlyoffice/default.nix | 1 - services/onlyoffice/secrets/office-dbpass.age | 18 ++++++++---------- services/postgresql/default.nix | 12 ++++++++++++ .../postgresql/secrets/onlyofficeDBPass.age | 10 ++++++++++ 5 files changed, 32 insertions(+), 12 deletions(-) create mode 100644 services/postgresql/secrets/onlyofficeDBPass.age diff --git a/secrets.nix b/secrets.nix index 07762b7..5079cac 100644 --- a/secrets.nix +++ b/secrets.nix @@ -4,7 +4,7 @@ let grafana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQxvO9vdd2f9aV4F3LEQrrTJaLwLvSLbLtjB9qNxc4z root@grafana"; redis = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDAbU7uRlNmFIazfJVnibUnwq5OvtV8wb3PYFFYJfZc4 root@redis"; - onlyoffice = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAEHTFFQoi8PtzkdTEeA5lGELFS01J51GLLjrnySJM7R root@onlyoffice"; + onlyoffice = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDBiLdVqDxawg/1Som1hp1sOa52tQ3FZkhMxmkbORQY6 root@onlyoffice"; postgresql = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJW7qA7j1sICuu1RAfs9ifR9dmOlHq45tKu1ga7CKaob root@pgsql"; forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMf3Cc/S0p/LFcW+RLMEqpxOOv8q/HrKO4I9joHmRxl root@forgejo"; nginx = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKX2wkS9bpMy1+ITPtQclRkthOwksWBZOLa3bT9oLAe1 root@nixos-nginx"; @@ -32,6 +32,7 @@ in { "services/postgresql/secrets/authentikDBPass.age".publicKeys = [tbarnouin postgresql]; "services/postgresql/secrets/grafanaDBPass.age".publicKeys = [tbarnouin postgresql]; "services/postgresql/secrets/netboxDBPass.age".publicKeys = [tbarnouin postgresql]; + "services/postgresql/secrets/onlyofficeDBPass.age".publicKeys = [tbarnouin postgresql]; "secrets/postgresql-lapi-key.age".publicKeys = [tbarnouin postgresql]; "services/nginx/secrets/cs-lapi-key.age".publicKeys = [tbarnouin nginx]; diff --git a/services/onlyoffice/default.nix b/services/onlyoffice/default.nix index ba91dd4..89aed5c 100644 --- a/services/onlyoffice/default.nix +++ b/services/onlyoffice/default.nix @@ -1,6 +1,5 @@ { config, - pkgs, lib, ... }: let diff --git a/services/onlyoffice/secrets/office-dbpass.age b/services/onlyoffice/secrets/office-dbpass.age index d73ba65..21a4b79 100644 --- a/services/onlyoffice/secrets/office-dbpass.age +++ b/services/onlyoffice/secrets/office-dbpass.age @@ -1,12 +1,10 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBOYUUx -dTNiK2J1Y1ptZFppRDVrSXZjSVdVQzNhVGlqaXk0TWNWeGFWWGs4Cm81bVkyeUh3 -bnM3Mm4wVmMxYnVxTktQSmhia2xPNEdiaDFxd0YwbTZZckUKLT4gc3NoLWVkMjU1 -MTkgbm1LUytBIGZuYWFxQm43YjZOdndMOG9PMkVVNGNKS2NnSkFtbHdrSlpES1Ez -Mk1FbXMKMHN1dVJwRkFmdUhVbDlTRWhrRjE4ejhPeUNhcTYzOXZQeTFBR1FtQW9v -WQotPiA1VH0ofS1ncmVhc2UKTjF3OHdQNXVxa0VBTGdhZ25Cb0RJTUdyeGxsd3FB -eTJzS25ISEo2ZHJCd0lHRVVuTWx3S3hyVWtjOGJwK213aQpkOWtoMlRWQnE0MFZv -WTJ6RjRCUHVYL24veUs2TE0ySUErbGFyaFlaQ09QVmpQaW0KLS0tIG9wWXlwVEIx -Rjg1d3Q3a3ZEdU0rRk8rV1RVcFlCOEE5MFZYU3E0YzlOMUEK+3DtLdLySGpcBmCp -aCa6FmS8vTZOPL5/6HF0cg4Fwn3LwFZxerK5Ff/NUDjZKDXZ +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBmWkZ0 +K3VvNFpJczVNb0xHb2twQ0tVZEVNYzRvcndjL0g1bGZxWVAzb2d3CkdmMk1JbWdv +OE14QkZ4Y2ZjUGRJa0ovUnY1WGM1dFFIdmQ3QUwrSURjeTAKLT4gc3NoLWVkMjU1 +MTkgdm93WmZBIFhEbzJJSmwzZEwwVGF2bjVZeC9yVGtSYXgwSWgyVUhSc09ML244 +VUZCSEEKV2NSNU8xZURjalJqUlV2WnlVY0NMN2FJcWJ0d096SCthMlZiRlhtNFl2 +UQotPiBVLWdyZWFzZQpqV0xCeDhvM0xVNEcvdW9RdU9EQTNqYjR2L3c0Z2cKLS0t +IGt2c2pYSkNxVXpxaWorNkYzZDJDa2JTS2hWb1VDSzYxcFYxOG5zWW9DYWcKpH28 +/UJhcMIGboWh3W7sz2G5ht8/KKay4+e+WNM99o3sKonyHBY+Q9rO7QrG+B1+Cw== -----END AGE ENCRYPTED FILE----- diff --git a/services/postgresql/default.nix b/services/postgresql/default.nix index cf20b53..e7146b9 100644 --- a/services/postgresql/default.nix +++ b/services/postgresql/default.nix @@ -35,6 +35,10 @@ in { file = ./secrets/netboxDBPass.age; owner = "postgres"; }; + onlyofficeDBPass = { + file = ./secrets/onlyofficeDBPass.age; + owner = "postgres"; + }; }; services = { crowdsec = { @@ -65,6 +69,7 @@ in { host authentik authentik 192.168.1.125/32 md5 host grafana grafana 192.168.1.27/32 md5 host netbox netbox 192.168.1.90/32 md5 + host onlyoffice onlyoffice 192.168.1.20/32 md5 "; initialScript = pkgs.writeText "init-sql-script" '' CREATE ROLE nextcloud WITH LOGIN CREATEDB; @@ -86,6 +91,10 @@ in { CREATE ROLE netbox WITH LOGIN CREATEDB; CREATE DATABASE netbox; GRANT ALL PRIVILEGES ON DATABASE netbox TO netbox; + + CREATE ROLE onlyoffice WITH LOGIN CREATEDB; + CREATE DATABASE onlyoffice; + GRANT ALL PRIVILEGES ON DATABASE onlyoffice TO onlyoffice; ''; }; }; @@ -116,6 +125,9 @@ in { password := trim(both from replace(pg_read_file('${netboxDBPass}'), E'\n', ''')); EXECUTE format('ALTER ROLE netbox WITH PASSWORD '''%s''';', password); + + password := trim(both from replace(pg_read_file('${onlyofficeDBPass}'), E'\n', ''')); + EXECUTE format('ALTER ROLE onlyoffice WITH PASSWORD '''%s''';', password); END $$; EOF ''; diff --git a/services/postgresql/secrets/onlyofficeDBPass.age b/services/postgresql/secrets/onlyofficeDBPass.age new file mode 100644 index 0000000..f36d02f --- /dev/null +++ b/services/postgresql/secrets/onlyofficeDBPass.age @@ -0,0 +1,10 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA2L0dP +aVJWUERxTzJ5eWQrbFE0SGtZNml1NG5oQnBrbHI3N1pwcU0yVVFJCm4zWkt4dnZr +Vnk4REp3aFBwSGE4TmUvLzBtMUgzZXRVUjFZMHM1dHNaK1EKLT4gc3NoLWVkMjU1 +MTkgc2luZ3ZRIGV6VU1WakJFU2RqYWhrN3BjbHVuYkxqNGJhRUZaZWdNajZtSmRz +b251RUkKZVFYVXJmczJ3UndjZ2lFa0IrZmJ0MEIvR3cxaDlLaUZZMGRGY0Z0dXFQ +SQotPiAjeTd7Ny1ncmVhc2UgPyBINmw5CjNKekxvbWk3Wk1MeFZ3Ci0tLSA2TS9Q +VXkweEVFSXJMVGVCVG1McWVhVm13dnR4aGtLNzh4ck9KU1V6UDZZCtHldZ67VF6h +PWB5mAiVxkjXEF71I3/xJsuz01zoUDk4mjS2Tq17fbeEJZuv/1RHbE4= +-----END AGE ENCRYPTED FILE-----