Grimmauld/grimm-nix-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

secure database

Browse source
This commit is contained in:
Grimmauld 2024-01-30 22:00:49 +01:00
parent 30bdaa6e9f
commit 24b26bf4a3
4 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
configuration.nix
View file

@ -56,6 +56,7 @@ in {
(writeShellScriptBin "pufferpanel-nix" "pufferpanel --workDir /var/lib/pufferpanel $@")
(writeShellScriptBin "nix-referrers" "nix-store --query --referrers $@")
(writeShellScriptBin "silent-add" "git add --intent-to-add $@ ; git update-index --assume-unchanged $@")
(writeShellScriptBin "systemd-owner" "systemctl show -pUser,UID $@")
];
environment.sessionVariables = {

12
modules/ptero.nix
View file

@ -15,6 +15,9 @@ in {
};
users.groups.${panel_user} = {};
age.secrets.ptero_env = {
file = ../secrets/ptero_env.age;
};
systemd.services.init-ptero-data-dir = {
description = "Create the pterodactyl panel data dir";
@ -24,7 +27,9 @@ in {
script =''
mkdir -p ${DATA_DIR}/database
mkdir -p ${DATA_DIR}/cache
mkdir -p ${DATA_DIR}/panel
mkdir -p ${DATA_DIR}/panel/var
mkdir -p ${DATA_DIR}/panel/logs
mkdir -p ${DATA_DIR}/panel/nginx
chown ${panel_user}:${panel_user} -R ${DATA_DIR}
chmod +777 -R ${DATA_DIR}
'';
@ -55,11 +60,10 @@ chmod +777 -R ${DATA_DIR}
workdir = "${DATA_DIR}/database";
extraOptions = [ "--pod=ptero" ];
environment = {
"MYSQL_ROOT_PASSWORD" = "JMK1VmZDwoVAUhvClQ7DncOEw5B1XcKXwqERw45Cw4/CoMKKwqHCocKXwqZrwr9b";
"MYSQL_USER" = "pterodactyl";
"MYSQL_PASSWORD" = "JMK1VmZDwoVAUhvClQ7DncOEw5B1XcKXwqERw45Cw4/CoMKKwqHCocKXwqZrwr9b";
"MYSQL_DATABASE" = "panel";
};
environmentFiles = [ config.age.secrets.ptero_env.path ];
volumes = ["${DATA_DIR}/database:/var/lib/mysql" "${DATA_DIR}/database:${DATA_DIR}/database"];
cmd=["--default-authentication-plugin=mysql_native_password"];
};
@ -92,7 +96,6 @@ chmod +777 -R ${DATA_DIR}
"MAIL_PASSWORD" = "";
"MAIL_ENCRYPTION" = "true";
"DB_PASSWORD" = "JMK1VmZDwoVAUhvClQ7DncOEw5B1XcKXwqERw45Cw4/CoMKKwqHCocKXwqZrwr9b";
"APP_ENV"= "production";
"APP_ENVIRONMENT_ONLY"= "false";
"CACHE_DRIVER" = "redis";
@ -105,6 +108,7 @@ chmod +777 -R ${DATA_DIR}
labels = {
"traefik.http.routers.pterodactyl_panel.entrypoints"="web";
};
environmentFiles = [ config.age.secrets.ptero_env.path ];
};
security.acme.certs."${root_host}".extraDomainNames = [ ptero_host ];

BIN
secrets/ptero_env.age Normal file
View file

Binary file not shown.

1
secrets/secrets.nix
View file

@ -14,4 +14,5 @@ in
"matrix_mjolnir_pass.age".publicKeys = [ contabo_nix_pub ];
"matrix_mjolnir_tle_pass.age".publicKeys = [ contabo_nix_pub ];
"matrix_discord_bridge_token.age".publicKeys = [ contabo_nix_pub ];
"ptero_env.age".publicKeys = [ contabo_nix_pub ];
}