lander/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add docuseal

Browse source 
Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
This commit is contained in:
Lander Van den Bulcke 2025-10-21 14:38:27 +02:00
parent 440e1a6541
commit 2abbc3cd4e
Signed by: lander
GPG key ID: 0142722B4B0C536F
3 changed files with 33 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/servers/db-01.nix
View file

@ -20,6 +20,7 @@
"authelia"
"forgejo"
"kinky-vaultwarden"
"kinky-docuseal"
"lldap"
"mealie"
];
@ -40,6 +41,10 @@
name = "kinky-vaultwarden";
ensureDBOwnership = true;
}
{
name = "kinky-docuseal";
ensureDBOwnership = true;
}
{
name = "lldap";
ensureDBOwnership = true;
@ -59,6 +64,7 @@
"authelia"
"forgejo"
"kinky-vaultwarden"
"kinky-docuseal"
"lldap"
"mealie"
];

24
hosts/servers/hosting-01.nix
View file

@ -153,6 +153,26 @@ in
};
};
virtualisation.oci-containers = {
backend = "podman";
containers = {
docuseal = {
image = "docuseal/docuseal:latest";
ports = [ "3001:3000" ];
environmentFiles = [ config.sops.secrets.docusealEnvironment.path ];
extraOptions = [ "--dns=100.100.100.100" ];
};
};
};
services.nginx.virtualHosts."sign.kinkystar.com" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:3001";
};
};
sops = {
defaultSopsFile = ./hosting-01.yaml;
validateSopsFiles = false;
@ -165,6 +185,10 @@ in
vaultwarden = {
owner = "root";
};
docusealEnvironment = {
owner = "root";
};
};
};

5
hosts/servers/hosting-01.yaml
View file

@ -21,6 +21,7 @@ forgejo:
oidc-secret: ENC[AES256_GCM,data:CC78bq7nFYXAV0MLIshBkB1s7kQOgn0bkk21olNf9xT10KjJBB4KkbIZ6WI45T88MsK9Lv3FB6C9tRaPo3TLzcuz7D2Yk6O7,iv:ouUIoQY03DRlKpbEy8LTFnuClmYADa38Tp9EN932XSU=,tag:ieVnmE1A6g91qw9p1ek49Q==,type:str]
mealie-env: ENC[AES256_GCM,data:E9z2K/HJNs3MrYMG+WjxUjxl5vslVskQOyHSs2qwDWbL6Dzjqd3ifvwuT6vSufEce0QaU9d+lIC/EAwi3LIxl9M77eBaUq3QXLeTdJ87DObJOpsxhbelaV5rKec=,iv:w1cdMEIaHFES8oHvMGcGp4jHhMPMje3SVepbaMJcEe4=,tag:wl5+xDtjM8rd9ecq2ws/Xw==,type:str]
vaultwarden: ENC[AES256_GCM,data:YTGRVjajeSSRnjqaZHTa9HiV1c0kQj6+3m3BMirMH4Pu6NNlTYJgGOdz44jEmx4plbZkyM+ZkFVK3sL9rDryaxKGeDxZyM/2zPTlcosPVgA4ObzmmyT0XUoNRjOPYiE3CibmG9ZAEKp8hkGJGJATFOaQrphDS0Zczq/zc8+vUpVSJi8ycB1y1fxNAvfrftyETUsGYdKrD5+5s4fl422L6G12xdcy3TQNdfPz+SeXfhcTXSnORCglyYVzYlbUFQF9N6rpyZROv0dsN+s+c1d6Fsg6ROL3NrfQ0DkUy2rdmzAxrMNlRa89ZAybkDNeW/Wm24E/P+S5gqysRKA9ZJ6H/F9JZWJOazESgzcBLsWvSRO7U0O4Nou8uWAVuvQ/lmgwbepjUKG1EWRXJdNkZtL4EQiWR5G7NnhXjiLb22do7w5O8qiCXOHtQek/wfT57loLCn8oQfz6,iv:Sq7Mom6PwmmjU9t+qZM3I+Ybb416eEzqwAFeCHaeB8M=,tag:8mb+YC6zq22V/qgjMKHbPw==,type:str]
docusealEnvironment: ENC[AES256_GCM,data:4Ij0S1ovq/YlVo4Ubo4ZKed1cEahNL1caaPCoBQ4PVik+Ys7IARQD9qZabm5+V+73C1QnrqLJf4QLNaQ1rwpEohMZSx6dLl0HwfaGdLx5+tIjTpwHwzMkkFnoJOgwNJ7iziHxF6EYZ45VjuE+LMFa1yE5XZUDMCRf0Wkn9RfU5wyXA4RNQ6N+p46FQ2toUcBcVEJFkBrEjMN2C8heV8RI93Om9jfAJmEi75il3ZHESJnE4QVmWN5U+xuMgNuR+cw7sEQ/bnb6chXkTPKfPqPoP6dKARcZPVG4omIMgqonnkSM7IwxEcwaU1S7dc/7F3zCT9wtQoZhoaPeB/VxSyzozcxTdEteovl0j4qOd8hNPGSN8fMXO173yxgrHergY6D7R4IvZJQNxou4XBCh27SWHuJGp34ek7yDr6L+XuECcSVrC8XdENgjNOAZEX6hlJNgW18sHstw8pUzhS9Ic6Zx/rGbRt/hK0sPd/AXHhCC1dBt1hIBHLKqgsiLonAV5KVFV7Nw+1FrOy9GUsUR1p1JAmnodZF0su6q3r1bNvYACDWyGQfIH9BUCQy1Pn97BIyte1SG9cs4jJrXRrjcn4gy4l1mYBzdcUYv4Nb/W3uVxROkThN,iv:NetK2q1+Rpi6LVhhJNlLz997fzx4O/cqos/8azg/Nbc=,tag:1MJvnIUNHwvIuDFFpwHImg==,type:str]
sops:
age:
- recipient: age18g4z53ykxzq35dsjq3a2np4f88xwat0kwtax229l3zn0ykhlpvqqy8fgtv
@ -32,8 +33,8 @@ sops:
RWRCYlk1RkM1Z0ZiS25mYnRuWjYybzAKcZgEfGBifKHkEowQxe+1xQJhk6JuhJXQ
LLdL9jBdfMrqXz48653XRKf3h4Nn4K70E65Ek8sPyZ5qSJYJHOwjYw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-21T11:33:52Z"
mac: ENC[AES256_GCM,data:6N0F+M2EyTiuXQokdVLGn3dZ5AG6Oq+uvrVoEvKPatyy8ynO0X7fS4GbvmHXmrzXcZwEIz16Y8M3Mk8S+PsVR0Zpc08HRwcIKtXCS7y00Y1iokAL83MoqG4m0kZbuvyY4nOvYAfH1VEJXsD5wSCYL2rMcer5oZ9zQagrNSjTUzw=,iv:+0990xD6258PwlWsggOLeXjSTqPSiN/qF6/xS9gRfXI=,tag:fZg+cQZncU0VV1maNSPOgg==,type:str]
lastmodified: "2025-10-21T12:38:15Z"
mac: ENC[AES256_GCM,data:DnzL2KsPXHSxGOcdAfIQ1+cLXG/nAQ+6m+1WBtW6xejiK1tmQYHTrYYdVOKBaYOl6cp9BB8qd20WfFCa/pE7745RwO2u13I4anX/fHYKTnDtuihQDFUsISkGwg5ynErh9dCd8pS3DxdtJtx6v4XrA0AEyYHZXfnTK6rxIFEDJu0=,iv:ep9lFZc6OcuP8mM2hu3iDsYuDjm4FjpQ9sraRm8LScA=,tag:AH/pG7Df7DiCv3TShI08Ow==,type:str]
pgp:
- created_at: "2025-10-21T11:33:41Z"
enc: |-