dan/ops-jrz1
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
ops-jrz1/secrets/secrets.yaml
Dan 64246a6615 Deploy Generation 31 with sops-nix secrets management 
Successfully deployed ops-jrz1 Matrix platform to production VPS using
extracted modules from ops-base. Validated deployment workflow following
ops-base best practices: boot -> reboot -> verify.

Changes:
- Pin sops-nix to June 2024 version for nixpkgs 24.05 compatibility
- Configure sops secrets for Matrix registration token and ACME email
- Add encrypted secrets.yaml (safe to commit, encrypted with age)
- Document deployment process and lessons learned

All services verified running:
- Matrix homeserver (matrix-continuwuity): conduwuit 0.5.0-rc.8
- nginx: Proxying Matrix and Forgejo
- PostgreSQL 15.10: Database services
- Forgejo 7.0.12: Git platform

Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-21 21:32:23 -07:00

29 lines
1.9 KiB
YAML
Raw Permalink Blame History

matrix-registration-token: ENC[AES256_GCM,data:H7BgtpsDLOYcywjOHru+u7t6BCbqhFrmPS3YXJWnMVcppD4lVh6ewZB/ZPM2ck5OcBQe8gmCYNGKchzPf0aeRw==,iv:9b8gPuxQaJIGep/YHpA02/yJx13bJZ3r6WmKEXRGFDc=,tag:/NxCSqkwPxhEOeWM+/3Hhg==,type:str]
acme-email: ENC[AES256_GCM,data:+tN+nRfn2kpGLdF3Vg==,iv:uZvSw4viBWCTT35C718cLOCrSLM1EnkmEZH644aVuPI=,tag:tf6+7ubiOLVj7k4rfNI3lQ==,type:str]
slack-oauth-token: ""
slack-app-token: ""
sops:
age:
- recipient: age1vuxcwvdvzl2u7w6kudqvnnf45czrnhwv9aevjq9hyjjpa409jvkqhkz32q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVkViNzZJL09hZVZzUWlM
RXVQOE1BM2EwakF5TkZ5OW1Mc3VORlcvdHpNCk1QMmFyTHl4bG9pUzVEQ0tEN2pp
WmFOdnc4dUovdDdWODVFQzJZOVgxQ3MKLS0tIEJ3SklPenliempCMjJOcmlJMmQz
Y0xiLzZOS0N0cVNBcXR2Y0RTV0lhV3cKsYObarH4BE24LSdUrj0TjCFj3tTdfnNI
sFFu96M3EO9hXlB+gujF9NFSZ/YyCwzK+typTtuyuTr9DmjxPwFeLw==
-----END AGE ENCRYPTED FILE-----
- recipient: age18ue40q4fw8uggdlfag7jf5nrawvfvsnv93nurschhuynus200yjsd775v3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxcXJDN29vZWpzaFVGdEJj
YnFMWFoyc2EwVjBNa1VUVXh6eFkrTmRWb2lRCmNkaUQxM2xOb2x2TmV6dnhlaTNO
TXk4SkJxOGhOd3JMaEhoUUFYMmk4TXMKLS0tIE9IWFpwbU1FTFZFYTIwQVYzd1hI
TzI2NGdaVHd1RFZWRE50bjZ0cHhBOXMKRXVYFMNxNIX+8uVxf1X4hu+OfOKKs2TK
A2qdAMJIfdy9f7SPVrPnrGMIwl/prxIkbSRwYC/UNK5NNkjMrGoSwg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-02T21:33:16Z"
mac: ENC[AES256_GCM,data:B/9XWKEYWv00+xfcnsrqqRvM7mf/1/VMxeaW9V0HoD32Wv8EvjUIOptU4VV/iDHb1zGCzd41XVOulowlKfXbcuDbA2Pi8cVT38F9ZuxSyCjpssDnPYj816SvXNp5gwCHxfvIp32ekrQ7PNQLZVWhHzL/H1doalXv9XHO1xUY6X8=,iv:NKjxEOG0SlJQurfb9f2GRYUFDlNk0mjxpci87r0vmX8=,tag:sGrhVfwq18QI6MS7L5x31w==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2
Reference in a new issue View git blame Copy permalink