diff --git a/machines/web03/django-apps/annuaire.nix b/machines/web03/django-apps/annuaire.nix index 16709b8..8c97a92 100644 --- a/machines/web03/django-apps/annuaire.nix +++ b/machines/web03/django-apps/annuaire.nix @@ -1,4 +1,9 @@ -{ pkgs, sources, ... }: +{ + pkgs, + sources, + config, + ... +}: let nix-pkgs = import sources.nix-pkgs { inherit pkgs; }; @@ -15,7 +20,7 @@ in forceSSL = true; }; - webHookSecret = builtins.toFile "insecure-secret" "T5hNeDraMivRZLUkrekv&QeM"; + webHookSecret = config.age.secrets."webhook-annuaire_token".path; python = pkgs.python3.override { packageOverrides = _: _: { inherit (nix-pkgs) authens loadcredential; }; @@ -30,7 +35,7 @@ in ]; credentials = { - SECRET_KEY = builtins.toFile "insecure-key" "insecure-key"; + SECRET_KEY = config.age.secrets."dj_annuaire-secret_key_file".path; }; environment = { diff --git a/machines/web03/django-apps/bocal.nix b/machines/web03/django-apps/bocal.nix index 36816be..09f2892 100644 --- a/machines/web03/django-apps/bocal.nix +++ b/machines/web03/django-apps/bocal.nix @@ -1,4 +1,9 @@ -{ pkgs, sources, ... }: +{ + pkgs, + sources, + config, + ... +}: let nix-pkgs = import sources.nix-pkgs { inherit pkgs; }; @@ -15,7 +20,7 @@ in forceSSL = true; }; - webHookSecret = builtins.toFile "insecure-secret" "T5hNeDraMivRZLUkrekv&QeM"; + webHookSecret = config.age.secrets."webhook-bocal_token".path; python = pkgs.python3.override { packageOverrides = _: _: { inherit (nix-pkgs) django-cas-ng django-solo loadcredential; }; @@ -32,7 +37,7 @@ in ]; credentials = { - SECRET_KEY = builtins.toFile "insecure-key" "insecure-key"; + SECRET_KEY = config.age.secrets."dj_bocal-secret_key_file".path; }; environment = { diff --git a/machines/web03/django-apps/gestiojeux.nix b/machines/web03/django-apps/gestiojeux.nix index e7aedf1..78260e4 100644 --- a/machines/web03/django-apps/gestiojeux.nix +++ b/machines/web03/django-apps/gestiojeux.nix @@ -1,4 +1,9 @@ -{ pkgs, sources, ... }: +{ + pkgs, + sources, + config, + ... +}: let nix-pkgs = import sources.nix-pkgs { inherit pkgs; }; @@ -15,7 +20,7 @@ in forceSSL = true; }; - webHookSecret = builtins.toFile "insecure-secret" "T5hNeDraMivRZLUkrekv&QeM"; + webHookSecret = config.age.secrets."webhook-gestiojeux_token".path; application = { type = "wsgi"; @@ -54,7 +59,7 @@ in mediaDirectory = "source/public/media"; credentials = { - SECRET_KEY = builtins.toFile "insecure-key" "insecure-key"; + SECRET_KEY = config.age.secrets."dj_gestiojeux-secret_key_file".path; }; environment = { diff --git a/machines/web03/django-apps/wikiens.nix b/machines/web03/django-apps/wikiens.nix index a8ab49d..5ed0543 100644 --- a/machines/web03/django-apps/wikiens.nix +++ b/machines/web03/django-apps/wikiens.nix @@ -1,4 +1,9 @@ -{ pkgs, sources, ... }: +{ + pkgs, + sources, + config, + ... +}: let nix-pkgs = import sources.nix-pkgs { inherit pkgs; }; @@ -8,14 +13,14 @@ in services.django-apps.sites.wikiens = { source = "https://git.dgnum.eu/DGNum/wiki-eleves"; branch = "main"; - domain = "wiki.webapps.dgnum.eu"; + domain = "wiki.eleves.ens.fr"; nginx = { enableACME = true; forceSSL = true; }; - webHookSecret = builtins.toFile "insecure-secret" "T5hNeDraMivRZLUkrekv&QeM"; + webHookSecret = config.age.secrets."webhook-wikiens_token".path; python = pkgs.python3.override { packageOverrides = _: _: { @@ -40,11 +45,11 @@ in ++ ps.django-allauth.optional-dependencies.socialaccount; credentials = { - SECRET_KEY = builtins.toFile "insecure-key" "insecure-key"; + SECRET_KEY = config.age.secrets."dj_wikiens-secret_key_file".path; }; environment = { - WIKIENS_ALLOWED_HOSTS = [ "wiki.webapps.dgnum.eu" ]; + WIKIENS_ALLOWED_HOSTS = [ "wiki.eleves.ens.fr" ]; }; }; } diff --git a/machines/web03/secrets/dj_annuaire-secret_key_file b/machines/web03/secrets/dj_annuaire-secret_key_file new file mode 100644 index 0000000..d32c2f0 Binary files /dev/null and b/machines/web03/secrets/dj_annuaire-secret_key_file differ diff --git a/machines/web03/secrets/dj_bocal-secret_key_file b/machines/web03/secrets/dj_bocal-secret_key_file new file mode 100644 index 0000000..4493ee5 --- /dev/null +++ b/machines/web03/secrets/dj_bocal-secret_key_file @@ -0,0 +1,30 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA HF+w4Kuk7Wo2s94SeNxAB3zFZhKNn1fPabJhUK/xGH0 +KY5tknNrICYq0HTfNRX760OPyWPJ8B4Sasq8BjN9a6k +-> ssh-ed25519 QlRB9Q OGcCe/S1aIQckJGzt4Wz+DFebTZpNV+YCevnVOPDMXQ +keDckjD4Vjhj3gmQnW0V8nJ1Soubkhb9WP28fsanhMA +-> ssh-ed25519 r+nK/Q lO6xwuhfQ6gMlJzFBF5J9c2elEg1J3leAt5x1uTYGSk +HQG0VQXvn72CIOqe6FRGrSX8TIa7sBB3cOZZQzXBl8w +-> ssh-rsa krWCLQ +pvF18GVS3dHr2jiss4sn00UqVVM2f/6BmkpYMgAVQ3FNpgnimQGsgCssuBo3Hjrc +BTO4v2U6cQ28LTUsruWdPhRChT0zfGRtx1QIn0tPzy3XKUxjt2XkBeblxtLhCHmI +muQ0yA15bP+aQfZn0dE1Eb4krw1unKWE4f82L/BQ5Y/i1P2rubhyBhBoQRb6atHv +S2EWBafaNr3orbFl9FPMjhWW3WZX/zKJxlu0saN88I6ZU2967mdR4PogMpL9iqST +atraraA1jG6mR9Ojloyrf8FG6wTlplDlZk8Sgtg88FD1iHMN1q0DQv1LwRoD3QUa +ywIn9MABMufNXQ+jm/DQpw +-> ssh-ed25519 /vwQcQ 83MxgOJhIBBGU6IRcTQPtxtyR4MapAxhdKT634w/em4 +scNxodN5j1HXOIPCB3glvc08Gb4wW9gmZ5gkWMCbm4E +-> ssh-ed25519 0R97PA LBFUS7zx26+rjiWqVwQ4UBqRxr+3Sx+j+GGrRaBbz08 +fnFwvJz36SiKnEoJr+0+enNVcT7wduZUrYe7bWhyxfE +-> ssh-ed25519 JGx7Ng iXjAn4Y7+yHASx4ZbIrvFffLzgX52DbQy9hIcTScHAs +6AJZoV33mBryiCaquKTAkw8yB1NQs38QlG2p4LIcoMc +-> ssh-ed25519 bUjjig 0cqMXUVHqhyYhygR7meIyWRr/c7H8ZGB5eO7tTHhRUk +GYKKGB02ElJXpObmBJKF4Bvoswd3o83vvVYIHIpDprg +-> ssh-ed25519 VQSaNw xHhzKnYeKxrN2MJz84v7Mjg3Nh69UJ6Q/eAyVAvC3V0 +/bvauGesQw9/tl4DhCNFY9Rq+qWv12O4TcqzdxTCWzk +-> T:){{-grease NuQ <}vLGT% +0JSFYPMWs6LXpWacfiHNdwqvs/eHecFwj6cg0eLZEQe96shxy8/WSUBMpgasKufB +Nc4tpfiOVWVRGm4arhunwJ+1sgg37X35PWde89Qpg5g +--- Y6N6GuCpRLdD25EWW+05qbUAadrT3z2Pzc5golCBHJw +N3'8@/0,zWS;)e +qMjόrHBR2 E2H+d% Җ \ No newline at end of file diff --git a/machines/web03/secrets/dj_gestiojeux-secret_key_file b/machines/web03/secrets/dj_gestiojeux-secret_key_file new file mode 100644 index 0000000..5ccdcce --- /dev/null +++ b/machines/web03/secrets/dj_gestiojeux-secret_key_file @@ -0,0 +1,30 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA tuq63SvMOBnLOZNkIA5RenFt0DTg6bwCX4zJ8ISYRxc +B1K+kEO/JC0t2EL+2od+UiVNlzBbpRg29lsp2L1DhHw +-> ssh-ed25519 QlRB9Q r3M3DQi3xJiP+3nTpwm+2PQipnAaRyaWSH+mb0es6kE +codqvk7AgptYBRyz2BFVH0FcQ7ebZGGdJ6PJmoWWXTk +-> ssh-ed25519 r+nK/Q Ah4Oim/N0Tdkz1KPbQiHJQaqx614/jjlMqCxtYqjBy0 +aTrlmm3TbWN6pyDEHf9uGy9H9CyyChXGKL0RZr7U3W4 +-> ssh-rsa krWCLQ +ZbbBqvj7L2XFfJBCQrn799m7FQDrFDg96Moev+Uab/U5caQoJIljMldkfD7VphEt +56dyeJ7IdKdnwyt07213ua2gZ8Cmjyffi4b0mYhHkvRI5aSmfUtfiomXU0HkgZvK +rk4+AVQYXTLZKlGaq5KkTt4i0ltwzjA9ECNirciqi5JmORkUD1T41xBKCSb+7N5b +34Z/uka+oacxt7q27GnSonyFQIm7/owS4bTWV7vxoWLoOYTJcg4Oki/Op4gE9GkK +1y4RDpdVsHcRZbi7ewB9UKbvMzH44TN5VJARUf0mFQ/OHUo5IJcm/glS898fSLu/ +mrjVT6XGAmPELB8uaVhSkg +-> ssh-ed25519 /vwQcQ 2mD6dstuZmOkYlBajNevQkeCYAGWshp0h0F1TzdcJSY +pzjxW+RZDSqPAHm+c5cMJZOdIfkwTmSLw2BktGh/kHk +-> ssh-ed25519 0R97PA /vOiTSDwQVYTX+tFuJD0M8Enk+4b0ViZUnrZ/WhUKiI +83r35uyZ/XELwTXZXzlU1yq+xzsNTUYNwK9aGGlOSAA +-> ssh-ed25519 JGx7Ng V6Xnn5q1hSvWHjiWtWJAD7as5N2fdtWNKWi3JwhfYgQ +aL3fX67spVrgguVtNNrfJ20fy3LRaDgMZldw5D1fKuE +-> ssh-ed25519 bUjjig RdTpxQYpmEtG2Cn1EACf85/ZynfPbZhGfoSF+sfw1AA +YovrKYRtwRPco3luRBVA0IA1qAq1jKxoS1UdoouhLGE +-> ssh-ed25519 VQSaNw F4hYo2UaLzV8leVHx/oY9aIcZkZ9Fap5HiuTvZy+Hko +Qwf9JDKqLXmIzId7gAtG5ERirfwZlQWCV6YiKgbexS4 +-> v>[->`-grease O {|u& 2o9 {w&!Ev +jZPBNd6e20KQYli80kXK9D+qfmIVbOw9Y0aKXB3uvyNJPWDOoYTbzanjeXLuJdN+ +pB/fgMX7znIg+VP87n2qMR5jFVj/x4g4vNgKTUtglw +--- j4kt4DFy3r3y6IMvNakNkmlkeb6iHYI5xAK8CZtbPD4 +EWS|p^/ ?Np%eFU/>0bccvr( +.VdgADZ3" (\5q< \ No newline at end of file diff --git a/machines/web03/secrets/dj_wikiens-secret_key_file b/machines/web03/secrets/dj_wikiens-secret_key_file new file mode 100644 index 0000000..babdf8a Binary files /dev/null and b/machines/web03/secrets/dj_wikiens-secret_key_file differ diff --git a/machines/web03/secrets/secrets.nix b/machines/web03/secrets/secrets.nix index 77b8726..a689416 100644 --- a/machines/web03/secrets/secrets.nix +++ b/machines/web03/secrets/secrets.nix @@ -1,6 +1,14 @@ (import ../../../keys).mkSecrets [ "web03" ] [ # List of secrets for web03 + "dj_annuaire-secret_key_file" + "dj_bocal-secret_key_file" + "dj_gestiojeux-secret_key_file" "dj_interludes-email_host_password_file" "dj_interludes-secret_key_file" + "dj_wikiens-secret_key_file" + "webhook-annuaire_token" + "webhook-bocal_token" + "webhook-gestiojeux_token" "webhook-interludes_token" + "webhook-wikiens_token" ] diff --git a/machines/web03/secrets/webhook-annuaire_token b/machines/web03/secrets/webhook-annuaire_token new file mode 100644 index 0000000..afb8d7d --- /dev/null +++ b/machines/web03/secrets/webhook-annuaire_token @@ -0,0 +1,29 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA NovhLzllQnEbnI7bno+zDoSRFJyZMfVVYPQMReUIymw +sefGtZ8fbYVqtKgMhrEj9AlwP70YM5MGkQ+o8Dmfb/Q +-> ssh-ed25519 QlRB9Q 9mh3vQVo5tPorLYBVCcZUJOlcEftQKA94PxNhh+pDwg +GXM67qitYqnxbFoHbsfa1lNNLIahPqshosIY7h0fDBA +-> ssh-ed25519 r+nK/Q BOXck7k9AH+KvmoicI/fmGzWcna0nwnJ+uyteUjIukE +Hyts1/6EAdruuBilhifl/HwPTWEBe+Kr1RL6SDjHaaM +-> ssh-rsa krWCLQ +1ROqUHCkbkEgRTQUha0cVJVAqLu0nvfKik9yI392sbEQYgmpuf7F0gzA97BXcoi3 +2BdZWu/cJ6m6bfMvXdZ04cUjRcNrnpPHsoqie3G9s9p6aa9XIrLO5K6kH7S6f5DZ +pZdOqfSYldtJKRx7F8k0D/pscN5qB1Tb1x0CIULJVo7uKf9X1MnZwapOOCY2q40U +Ip2aefr40h3EO7jBlswx2/fB8aqW95BR4JQzJZ/uiIsBUQDqvn39GU7R0JaLdAPB +6kJXaJ3ORaDDtslcaAVZWLqFbOlINXYHr/mqYNTZMubE4BmNjvJL3aRozQQWraoJ +q5rDvgwUXVhpGpcaNf4/xw +-> ssh-ed25519 /vwQcQ FHYnfCad1imFiV5tRIfe9mtJ2ouiu2l19th2UD7j3gw +Xu+Sk9GEQ9Wyf7iU790yxv80vLYHp2StArPkfRqfRhI +-> ssh-ed25519 0R97PA etwCsiGmvzufJGMw8aDN+M931lPlE9fTUBQmk0X4DFk +o6xJbfNjQ3Lko1MSJ9JBu6FefZ8267dZ+vL1Gpd1eH8 +-> ssh-ed25519 JGx7Ng h0XzejD/c5F2M7sWS4vTQL9OoRG73ACwlWCtK51Dcyo +diMDy201IpwL6Ec+Zb4pH5f1yyMOMHT3jg6yriopCRU +-> ssh-ed25519 bUjjig 2Oh5FhWfrbA9c5TisXuxasyYF41YOlNdurZR9QowETA +706/MLiPT9+9xHZPZQYtvKm8zbN5qS/9XJ+TK15etIs +-> ssh-ed25519 VQSaNw YbtnCoySon7jNBq7IFOl8UfxuJXRjzLrgXp238q4RRE +10au0QwFP9ntPMU4u2bMl3KLYBIPy09xVoKNLxWvpw0 +-> Vu-grease !oqb p1-QmV +i1WmaOmxmdAX/se60fnUL41n57c8tN1gnUjjBjSV7GkQGzhKnxTplJTUpifP9Js3 +8D+xe86sN2l2JQ5R9QFOAbsvSa5eXSo +--- JE+yvBRH9Jz6Sdz46AzWuhVI0kXWObODKSiNWz5L9As +_n(I 6PCa\U= @ ?6P[Tjk0r҅-(]/a 8=i \ No newline at end of file diff --git a/machines/web03/secrets/webhook-bocal_token b/machines/web03/secrets/webhook-bocal_token new file mode 100644 index 0000000..0314664 --- /dev/null +++ b/machines/web03/secrets/webhook-bocal_token @@ -0,0 +1,29 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA Ju7YL9wvvYr9VPLmYtYTniyuj9JTVqe2V8eRLISkIH8 +EJjZPLOhspyyrx7a+fYlPPH+1pr93KzW7E2Ztkic0cY +-> ssh-ed25519 QlRB9Q X+TAfiEk1d67rkz6CgIO66bBrahY39ZTnmj0cBGGrSo +kBLFu6DnN7rIzP3mSlPEc+yBN+yU5toLeA069vuNW6g +-> ssh-ed25519 r+nK/Q wcXXCuAS9bOp3GM6c0pU7sxpylFEHFPmnibQTEwJ1x4 +fR41b7fhZCzuNP1jst3vx3wUjIkBDsz54VzubwNX6+M +-> ssh-rsa krWCLQ +ySG+OgB3gMW/ijdWqlGr1LnkfqeFD53ChxkOUfAe4+Z1VsK0FkVaBmqvW38SFMw9 +S4dcOkO6Km8umsaZBZi2QaItm+p8Rf/j7+W2WZPoyoKE1l1KW1ic/wGOY7uqeucn +YZRq7rWX+DaH2VLbkl12wUlVgYwJGcH6VrpRizbq2z0jcdTak6hgzcXo7WhcNAit +DY8W8X5Zv34mpj1VO7n2LJs5V7gzfSLq+KVMIi++QphVv2VkFpvaOqlEP2neVXnV +C3YNJTkVx+R6wANCao+9a5VHC261Bkm81dKgzceW2OCHkwOP6XTbDpj59sMRxRuU +B7jrvre5S1WZN9jc16Dv/Q +-> ssh-ed25519 /vwQcQ TW560PIrbJV3ZB55w+EvH2PEYOoYM93x3aaeeShYKE8 +LC6pydBK3yCq/Vs7MUoa0xjDSn3WjRaZuqwvhX24YJQ +-> ssh-ed25519 0R97PA zyerO6EIwW90XVSBVP3Y/7Q8hK+7uPe6kKENGCdDJRw +WEpgo8Y64YXnat1OJU5qtpecf+Zu2P2LmB7DEtmUuAU +-> ssh-ed25519 JGx7Ng 7h4q8ztQ0BFJSfavV4l1pKjbNRZveOPIJG0KF98vh28 +mYcUEL4n2+bkjpvJylIvzXSxoa71YZKMSgN21ONnvko +-> ssh-ed25519 bUjjig 9wKWtLWD+9LlAOO24iQiOdvpSDIWpL6Xo0Wt3QOLIQY +Kq2QLFB7E5tiqZQlsn5pZRM52v8XqUyYsvwNHXZspRs +-> ssh-ed25519 VQSaNw 3tJNtvi0WK9iAzx3Q7Q0Ogj1TGH0Zrm5v0ERhQILBVk +4232/j+xnbhQpId7ZS6+xAQBDxtumeOp4c1HVeMRqB4 +-> Pug13&(-grease 'w0JG}JF .t`9lMF v)8}4qW +yRriwE//abKvQgu962F7URbOAiHDFMipnsq22itGkLDvmwIRY6Bi83xOzx72EV4y +27GNdxQOni+z8NPt0YTskqq4fHfZky/EMFUvXTfteB7izYxEliHLRKA +--- JNvexaDwzwOIUCxanJRLunfhBh1/PE8ssFCytr8nPjo +TXނxd~KS?ICe 3J CF6qv~DqT55bjf5"p \ No newline at end of file diff --git a/machines/web03/secrets/webhook-gestiojeux_token b/machines/web03/secrets/webhook-gestiojeux_token new file mode 100644 index 0000000..04b19d1 --- /dev/null +++ b/machines/web03/secrets/webhook-gestiojeux_token @@ -0,0 +1,29 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA dBBF9o4SBTHNv495PFZa6dszbs9nEARwg0EfOlfFwhc +GkqX8sjLqFHGm4UA+zyVRB7FGGgAxilFYHarEQB0YAk +-> ssh-ed25519 QlRB9Q DEu91DA+qho3Zs3gSQbWH/hOKUfgP5Qd90+9ZzYs1So +aIw1ygo/e0tpqW2N27Fl8WRe362ronzqy52vSzD35Tc +-> ssh-ed25519 r+nK/Q JUurf12UYuJKvKusUh/GOJryFbA8lWaS8v+/pRb0kys +VsgsBSwjBXTD+tmP3jxCPVeDY7AHVFx5o57y+ubEjts +-> ssh-rsa krWCLQ +o08ZnFZIj37p5hpWgl8FXwPwHKjoBD7Z0UxMRsF4CUF0sLOpwVHD4L57hAA8a80S +063e48OJ5OsrtueqqJwPT+wjXfmEarLUqC+rP0X+JDW8OLwSImBcYC5DQJZLUFSK +doF8S8Bo0MbuB4eKnXUAJlhdZOk/iqYK8TYuuSIwWQxHwF/fT43hrYIkj6lmqdmG +IqSXA04KpQFoL15INIAtsnj5xXJlI0gCPp0pxMNUmVyTTrNLfaEiKH191D+Elmjd +xcdvMX1yzIPI/mI/+/OjeYspijY0XpRHLJ9ljfEK7E2N8IgpyzBx2BzxYhRHoQmi +6SbZu9Tirw+yv5wv8oIaHA +-> ssh-ed25519 /vwQcQ M6QID8DMaFMnF97UWwbSYJ7Sh0wvj/fq7cszu82/oHI +T+aT4NCbVfGXnvPK7w8fbojAwDTE41h40q0tDwnGyhE +-> ssh-ed25519 0R97PA XyZvyy80nv2tGe1fBzM0LeiIAGuyV22CzBoCPFMMrw8 +9VPiRV3GCWbH1So5LBrjBeRzEtErPM7BwOF/zaD/yGk +-> ssh-ed25519 JGx7Ng OPlQBKO+Wub+PPMNPoRGWTeSZfGF3kYCD8HLbLbPR0k +ZhBUT5ig0FnLCau+da9bfEkVjFxfZXG0mXW1o0yZ+JQ +-> ssh-ed25519 bUjjig T5/dZtIRaXmNg8pajSAM76cVANM7MvQ7f32fz2fEqx0 ++6kRffMJX+8QAOf5jA5acGihgw4q8yJda0EzVGePD+I +-> ssh-ed25519 VQSaNw InflFPtAwYwQFWqd+KK+ILwMa0XTNkVB+xEMtUXW8Us +XZ6LVMCpvq+QBo0EHAlnC8uBhQssixTLVCpul6ov4Dk +-> YKmn+c&-grease EA5d$ ="1d }cP +3u46NE2SdfO9ugNN/41PeU/65CRgmDiO54B9ZQLNRQtVyyLlcmvaYHCQach+s+Rs +tE0Gc8MD23hPw5ZhWj0nq7xF8VHtRQSTLQ +--- UkbfAVgnLkeg6Zdb3bsdPtx9Wh6HOjdB+qmTvrAWFuE +5_E/e)C7ڛYwPTát6>l_0:[PH5j P˸=vFI4D쪘p \ No newline at end of file diff --git a/machines/web03/secrets/webhook-wikiens_token b/machines/web03/secrets/webhook-wikiens_token new file mode 100644 index 0000000..df57be9 Binary files /dev/null and b/machines/web03/secrets/webhook-wikiens_token differ