Skip to content

Commit

Permalink
tiny1: add password to adguardhome
Browse files Browse the repository at this point in the history
  • Loading branch information
hyshka committed Nov 23, 2024
1 parent 794e8c3 commit fb87522
Show file tree
Hide file tree
Showing 3 changed files with 64 additions and 4 deletions.
7 changes: 4 additions & 3 deletions hosts/tiny1/secrets.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,14 @@ psitransfer_password: ENC[AES256_GCM,data:LdL5dtqsuYPsV+GvRkQ=,iv:6CTA9327rQdFKi
home-assistant-secrets.yaml: ENC[AES256_GCM,data:6tir6FU5qfH5XSE8sWoGHVBPsZ1JVtFta4SUhHXXb7/06riqBiTsk07eNGTWAVi/r6gEPRGTLRd50Ozt,iv:hDMxvKEngOp0X/enlvkc9UB2MqKgatDthyuqfBcw5ZM=,tag:hNn2EgycPWTeTwytPN1Jxg==,type:str]
syncthing_cert: ENC[AES256_GCM,data:PWgdtOhVH6SEITL+6m5KLBNmMl8l1KxvxGUFbYb3Xr3092VjiThdN2gesDjD45FAM1jaoQghITWl0JKY+3zZ19zSpl0tD9KLaCexTOObhLCfEdZgNIvQllWvO8utyFKuZEnZNEHaKw3hIuw7O6YVHjzirv5BYHU20JB54QdrgeiEKqsVdw4oMRTUtVN+dK6WIC4+OzbqE8MziuFdbrK2CPK879SlG2XVESYd41xy97TmS6zSWEwM+ST+6v8XaE8tl9G0Kbhb7RaxlOmpxkRoKd8ZwRnyxt4ax3W0hfD3KYzJATGPkTmtLEOqi0iUiXXPA2pADnbn/nsLnnF/sA6A1TLdoqErUWHt/wm66oS1pwVJGOZnNpeCZnpjvD/3SWO4jx8FYd5hzeM/mBrP6+sElGsKqDLkkjpbyWpPuFWyf9PTSxK/wkNnnfxcdzUwtM+BNFZx9CG7q+kWDD6dmqOF3T9UaE8CVqH8W+bVlnBXzY2qtP0p1EoZGrQKERRiTKFPpGV3ZL4Y4rAi9RkiUF9U8XQEFod4VBBBLQatKqh2Xh2gNgUEHLqCsUGHd/8lgA6kCDKuigLpvZ1H6l3FttAluuM1Vs9z/Bmpe+75I9LJhBxnms46lzE1Vchnv4rCrYFomw/WVZJuOKNhcf0HNk2FB2TtQHgolHytspraZHpUi7Okjt6ki3plrulArBk2JmtG2pXFMNlJZrtEO0YTo2LUIaeO8Uaj9OmwLo5fRu1c4n0pqxSuqNnp44t32Qe+POQPUh40Y5IuLpkSVYS6hJ2jc8Zy6m+AUeGDXlnZZcsEN6bL1Pjgbso7APDR2G7GlH8cU4+aKf5PvYchqumNoS74U3DNPfkz1srXTpQs6jDhaSXTOdX9VAnO2pLh3EAWIntE6szem20HWf396K6T04bPQB5Y+slaljnJoW3Scwbr0Dtr1IPvsvxEa+Cjg4IYmElmrSLw4xjE/X4zkdj4/KDW/0Y8p+VVukPdrOj4h915eq5HEk5c4wtupyGXljrdDQ0pCT4XjUfdVkzZ+TPDE0Y5FLcCzXG43Mw8dks=,iv:2Y67nWcdN8ayYDEslRmFSTUVr5kfgd86TKd8Xb1svFk=,tag:WU6WkdQCIBIRoCiZuUTCxQ==,type:str]
syncthing_key: ENC[AES256_GCM,data:w7lCOWtjlTNIxygGSwn4DU5UStncWP8fzQO4gtrBn6pUSojmvnbIYpOqrwdgQmovXoGstnVXJkQk/4ivc2ax3kvDxZY1eOoBg95vyxR0vAvSZ11QLrooj/2boLKHuwcoKdFnpwy2H74hQH7vrpz8e80fwEpPxdzs7nwnTOyFl7pdWYZhJsmOQe29J+FJyprGJcWU4cauP3D+43gKGmoBEgDq5wt8LolFxGBXgb9cgchbiJvPpz7JPHNwd3QbcYLb0WqO0Mpea09B0rcvJyE8yTsMz7E5JxBRbbgbtLanLKDqKkh/Qfixyf7hHQoqz5jew6Hx3WbHGBBDTHO9Crk8fU5J/Q9lrRCpgC5oU9BBa+PgxqhABHlQoX25IwXokLWZ,iv:lZbKOg7apc9CmcTmPQAA69Jam/yxi8rHWIVAWRRtFhw=,tag:TqInTMsh4QfGNPcjoiUVdw==,type:str]
homepage: ENC[AES256_GCM,data:dXOyrpUkSm9F6idTcbH3R+VMHZZxIntg+J3pq7Tbc/Mo7sba/cI0mmFc4+fc/4xUlswpuvQV8CfJ2tBrayQEap5sYqWq813ihQfn5qoXPU5FFKZxpYvW/Xzrl0tBWzxcfqvxrfhqP6kzagiEESJA9oET+/NJjfrQTF6gY5OIWyhoolMyG9X+Z7eRlSZAc0HCtfn4T6OaMUqwAJsHoZkbjkeC3072yfnPZSFunK4eDlC9U/TbHobDlsvILoZDKWKktGKEZfdKG3b5A0CF6rXBWqpVtDi9zyz7bBLyk3i45fTcmr3ysgzG6X4voxhJE5TtRltncmzH2VsBCP0ppOAFZxsWa6KuYRBSys4/2F+g4fBraeMPJNWyKb6QGTaJLuMOOYimeRBgObR1HI2SrYeHhz4j8OqLWgq5lZlhAQ6vGrLvkGvMbWsa3xeKRERArCvo7oXGhyqQ488A/0W2PMtZjEKht60VfPRiIteeGWoh63jPTxkvtIRuV9crrfWubeMKqnJCjcrdQgwIDOye34lqJOJcWc1j6CQZzaf0WxAlvK/qYIvgRiiIgp7gqwB3QwGYTqurjef9OrBQGOz5jyx9ES1sIbp5E4Lw3wKlFdntMpXjNLXvIhVC63O3k3sdygwzpdlwHEajUO+UZg==,iv:RtTNLIcfGmIqRimJcUHyU2QxdG9tDddzcE181YX0zho=,tag:6FZbJIoxmLhbdiP+7mO87g==,type:str]
homepage: ENC[AES256_GCM,data:yZTTndleiI8Fs8K8CSUqIL8lczQae14386Aofztp+V2yYKc6q/Ocw32erT9mTmbKvY8iCwY5r1h+70pr9n4I4CT4ox0sjipA3WTvG5ieq2WgaMQpzrRZLrCk31q4Qj6J6rsYDNknKC0Toc7tLJ1MN1XNaeFbLl6UwnBKxOxkOUUA4kaVH1U28jP6quTJ/l5CaxLS+giGS5wfl/LIT1GHlPm3s7P+x7CgHFruw6P1cD0C8kXJJXSsmwIUs9PlYt5DVID9AEAP+RkUIat20cHCTZM/KDECOyKDKJH3JVSWd715QfCwfhc3FPdFsyhU+IzkPKYG2EYGVMlPph3uwS54WuSZVg/burKDiXrLVp65rTulc2bjQ+bwG4KrHCYCW3KQr/cpMCc4x8Ghjc6mGIv6nt8DvGWPbcc6wX4t9JHKT3WunKiSo8useQ2abBJL0yECrday1vU0dLCjYVk+2OnHicrBYvvxi+hZouvPvsbVEAZO1YWjtlnuULyM+MoI1RQIBsstKMsjTDQxbq134XlCzxgeOLPi8oHc2Mu6aAerqYtBVuznDboXwoBKi8bisoj0/13Oc34VO2k2EDQS/jwg152M6GVptyo4fFrLlnT5v6Y9pvaJbdBqIzevYOYKy6e8PH1k3t29hPdZQ1zosVG+qt6Fnlxu3aHUCVESGGl3yXaEmc79XJ/f1NuKe7jOdF2en1YzdQk9Wktd8HE7LuQcGl/wtjznog3BkgXNFqUzPUQTUyZOLyz6Orsaldq4SwCjspjiBFGJN4W7mYu0YhrjEIopakp3UuK7OKHq8LIv+O72oHzR535fjlBovdJu8F8aa6CIyu7sL4/OeGmDENJEclByvHqJPl5BbUvv7hVtBuzsU+QjPW1c4nZf8zaB970DkUa+LPo=,iv:OeT+SMmVNAmG7TgfSXYOdJlSLu/h8FglmmeLtJ/vsDA=,tag:nWIUcOHTgjgjAmYcgGxuHg==,type:str]
microbin-passwordFile: ENC[AES256_GCM,data:uH6KG5uYPlQ6jOhQEi6RYpMuYVoLpEryO5ICPxywRsRT0RzTFrJAbqUJbpCuHp+lH1TxgtAKgZzg62NFsq6al+2nFHRnUE/IvhHFq4WRyADeqfXEZ6kH9bVAW/yPy3q08Tg01qWTmfzIFZ4KWZc4+xok5taXB3gOCve5rPTltvxKdG9V,iv:0OFWmfBA/RlqUXn45+7bEm6U3Rrk6043yKNfyVgX4Ro=,tag:fT5HpNsPugAdRTlyGX9eoQ==,type:str]
silverbullet-envFile: ENC[AES256_GCM,data:N2L4JJsCF2+D1DeSl5NpISxhhupYak4AQpHqtGPX8Gq+5a0Ll3HM,iv:7f7gGGd/jovPLiccIQiQ8eJ7FE+a11bIAuyfWJjbn6A=,tag:/05/X2k5pSpz7yFSqj6mHA==,type:str]
caddy-envFile: ENC[AES256_GCM,data:11H1+QET9lgRBgvLEeWOuCbH/Wv3gbMKsxYuuzyVc2EeR6PrnZ2zoJL3BjyleAgY7U57pSwdp2KaK9bzVmALi2LUxeCb42Xju89geybAGJ+iBBlNZsMYnD7w9xjSBWiNJiBpJFnkr/DJFUMWnJMjlUJ1GJps6h1VtOnerXVL8jpvc0Lw0ubX5KyrDg==,iv:wATvB9YjR/R43TBihfYZLATVyIvv0JNsRF0ZRa1Ai8k=,tag:/F9AkAtgOpAroqsXN7jvbA==,type:str]
nextcloud-adminPass: ENC[AES256_GCM,data:CFZ7QW7uwIxeOHIXZ1XH7dfqq+g9/kXO,iv:v5OhKnIWdHeH3C+IwKJVRBFgqLvYaTZ7zOmbmIHxMY8=,tag:itXOIuOMvEaNtFbZZMXBkQ==,type:str]
grafana-adminPass: ENC[AES256_GCM,data:Zbs2mwq75cf5k4la9V1AVYdHoDT4rTQ3,iv:u8kjJfQHxNEcZZ5QxutA/GhMhByz4Pz8cA2PT0y3ndk=,tag:OXtk9R/EE/YPhdv3jOaPXA==,type:str]
paperless-passwordFile: ENC[AES256_GCM,data:qYWdvXXeao3kZkVmWDAfdXHYSFro3FEI,iv:l9kTEiM3iZQXnFpuyhjOlJgA8uiB2pp8E5HtWUpWgec=,tag:9We20OmOegs+OVC9mybncA==,type:str]
adguard-passwordFile: ENC[AES256_GCM,data:+fQELnKBx5WRx8zfQUsFvs4mnXT48xo+,iv:zXLWQrATSOQCszztjRXsKIgtgQLvZWps6VffreA0290=,tag:n6bDP7NlRUNl0Vokvp8frA==,type:str]
immich-secretsFile: ENC[AES256_GCM,data:UB1cnC6BkYBOgifZLlcEHYyzWsberD75wu6U26KsQVQLI/SNmo/EapBJXPbOssfed1kO3bIfxh/Y5KnYhTrK+LbF96GNONkCTgzAkYU=,iv:UFtKfuSRHwwczOsprXay15w+2aVagcl9ekTfIu9o+qU=,tag:4CbBp2ChjHguhzyuQ9QMfQ==,type:str]
sops:
kms: []
Expand All @@ -29,8 +30,8 @@ sops:
WDBrSzgyN2k0UUttWHMxNmlDT2ZCSDgKH14m52P/6PVxOwJTGwSjZdzqh3r2zlER
/5EM3g7kFjUgRd+4Z5GnBMZp0LdN9Li4QKoz9diDJyNpVGNM4HGPxw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-23T21:13:52Z"
mac: ENC[AES256_GCM,data:7XZESq1NWMStkwVkxWHTCsCuwXrib6v0qmwCCwKMPRobX7CzT6nESedk+VTdvxKEcMfXLi0FHgeBQtgptolmxErvIUIcXUzZygHnpCwDZ6T/0gbDFq7PsazJYhRtXp2mECh52uRukcOkKcSshwPPkVw82T5Xea8q2ef1YK0xiDk=,iv:c7GbSyYAoX0sV2sLF/EfHI57YwnsUWZ3ZKQrWfJz9Vk=,tag:lDhJLSHFHEE5+4xhMW8TIQ==,type:str]
lastmodified: "2024-11-23T21:27:58Z"
mac: ENC[AES256_GCM,data:9ILVE84uhVOIl0reKsIvf9O9VPFZeRwO+xm9DeLa/wLYlZtSy+MCOmvBA4Ol/1ooC2uMWMBkxSq/CxaoKLX5aWHfIW/9j6cHU+8+X2Osg0SdQ/mKWNP3nZmhha4VykzxWrj/W7dunhqWyREvn6MosvG6hszPN5knc8MV5EWswa0=,iv:4nptH3heLUhCNaT4MIxRsEYHSUt9VzG4yrVWRQ0tico=,tag:187/o97vRW1kcuFCRPBovg==,type:str]
pgp:
- created_at: "2023-09-16T19:41:40Z"
enc: |
Expand Down
36 changes: 35 additions & 1 deletion hosts/tiny1/services/adguard-home.nix
Original file line number Diff line number Diff line change
@@ -1,4 +1,11 @@
{config, ...}: {
{
config,
lib,
pkgs,
...
}: let
adguardUser = "adguardhome";
in {
networking.firewall.allowedUDPPorts = [53];

services.adguardhome = {
Expand All @@ -12,6 +19,14 @@
# https://github.com/luisholanda/dotfiles/blob/e61b7bc0c819df2cb940ac5240795f05d251edc0/modules/services/networking/dns.nix#L8
settings = {
http = "127.0.0.1:${toString config.services.adguardhome.port}";
users = [
{
name = "admin";
password = "ADGUARDPASS"; # placeholder
}
];
auth_attempts = 3;
block_auth_min = 3600;
#dns = {
# bootstrap_dns = [
# "9.9.9.9"
Expand All @@ -21,4 +36,23 @@
#};
};
};

sops.secrets.adguard-passwordFile = {};

# add user, needed to access the secret
users.users.${adguardUser} = {
isSystemUser = true;
group = adguardUser;
};
users.groups.${adguardUser} = {};
# insert password before service starts
# password in sops is unencrypted, so we bcrypt it
# and insert it as per config requirements
systemd.services.adguardhome = {
preStart = lib.mkAfter ''
HASH=$(cat ${config.sops.secrets.adguard-passwordFile.path} | ${pkgs.apacheHttpd}/bin/htpasswd -binBC 12 "" | cut -c 2-)
${pkgs.gnused}/bin/sed -i "s,ADGUARDPASS,$HASH," "$STATE_DIRECTORY/AdGuardHome.yaml"
'';
serviceConfig.User = adguardUser;
};
}
25 changes: 25 additions & 0 deletions hosts/tiny1/services/homepage.nix
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,12 @@
"Adguard Home" = {
icon = "adguard-home.png";
href = "https://adguard.home.hyshka.com";
widget = {
type = "adguard";
url = "http://localhost:3020";
username = "hyshka";
password = "{{HOMEPAGE_VAR_ADGUARD_PASSWORD}}";
};
};
}
];
Expand Down Expand Up @@ -162,6 +168,12 @@
"Immich" = {
icon = "immich.svg";
href = "https://immich.home.hyshka.com/";
widget = {
type = "immich";
url = "http://localhost:3005";
key = "{{HOMEPAGE_VAR_IMMICH_APIKEY}}";
version = 2;
};
};
}
{
Expand Down Expand Up @@ -276,6 +288,19 @@
};
};
}
{
Sabnzbd = {
icon = "sabnzbd.svg";
href = "https://sabnzbd.home.hyshka.com";
server = "my-docker";
container = "sabnzbd";
widget = {
type = "sabnzbd";
url = "http://sabnzbd:8085";
key = "{{HOMEPAGE_VAR_SABNZBD_APIKEY}}";
};
};
}
{
Wireguard = {
icon = "wireguard.svg";
Expand Down

0 comments on commit fb87522

Please sign in to comment.