summary refs log tree commit diff
diff options
context:
space:
mode:
authorRory& <root@rory.gay>2025-12-27 10:30:38 +0100
committerRory& <root@rory.gay>2025-12-27 10:30:38 +0100
commite5129ee36e4677b7e8ba5aca1b10ca59fa06e5be (patch)
tree391f85dee76c698cd8cce617daa51fdd9dd781a2
parentspacebar: trust link local (diff)
downloadRory-Open-Architecture-e5129ee36e4677b7e8ba5aca1b10ca59fa06e5be.tar.xz
Spacebar secret paths
Diffstat
-rw-r--r--host/Rory-ovh/services/containers/spacebar/container.nix6


-rw-r--r--host/Rory-ovh/services/containers/spacebar/services/spacebar.nix37


2 files changed, 43 insertions, 0 deletions
diff --git a/host/Rory-ovh/services/containers/spacebar/container.nix b/host/Rory-ovh/services/containers/spacebar/container.nix

index 2abd2be..3189236 100644
--- a/host/Rory-ovh/services/containers/spacebar/container.nix
+++ b/host/Rory-ovh/services/containers/spacebar/container.nix
@@ -26,4 +26,10 @@
     mountPoint = "/storage";
     isReadOnly = false;
   };
+
+  bindMounts."spacebar-secrets" = {
+    hostPath = "/data/secrets/spacebar";
+    mountPoint = "/run/secrets/spacebar";
+    isReadOnly = true;
+  };
 }
diff --git a/host/Rory-ovh/services/containers/spacebar/services/spacebar.nix b/host/Rory-ovh/services/containers/spacebar/services/spacebar.nix

index 833a35e..7f75e1e 100644
--- a/host/Rory-ovh/services/containers/spacebar/services/spacebar.nix
+++ b/host/Rory-ovh/services/containers/spacebar/services/spacebar.nix
@@ -12,11 +12,48 @@ in
     gatewayEndpoint = sb.mkEndpoint "gateway.rory.server.spacebar.chat" 3002 true;
     cdnEndpoint = sb.mkEndpoint "cdn.rory.server.spacebar.chat" 3003 true;
     cdnPath = "/storage";
+
+    cdnSignaturePath = "/run/secrets/spacebar/cdnSignature";
+    legacyJwtSecretPath = "/run/secrets/spacebar/legacyJwtSecret";
+    mailjetApiKeyPath = "/run/secrets/spacebar/mailjetApiKey";
+    mailjetApiSecretPath = "/run/secrets/spacebar/mailjetApiSecret";
+    # smtpPasswordPath = "/run/secrets/spacebar/smtpPassword";
+    gifApiKeyPath = "/run/secrets/spacebar/gifApiKey";
+    rabbitmqHostPath = "/run/secrets/spacebar/rabbitmqHost";
+    abuseIpDbApiKeyPath = "/run/secrets/spacebar/abuseIpDbApiKey";
+    captchaSecretKeyPath = "/run/secrets/spacebar/captchaSecretKey";
+    captchaSiteKeyPath = "/run/secrets/spacebar/captchaSiteKey";
+    ipdataApiKeyPath = "/run/secrets/spacebar/ipdataApiKey";
+    requestSignaturePath = "/run/secrets/spacebar/requestSignature";
+
     settings = {
       security = {
         forwardedFor = "X-Forwarded-For";
         trustedProxies = "192.168.100.1, linklocal";
       };
+      user = {
+        blockedContains = [
+          "discord"
+          "clyde"
+          "mail.ru"
+          "penis"
+          "child"
+          "admin"
+          "owner"
+          "moderator"
+          "Noruya"
+          "𝖞𝖔𝖗𝖚𝖟𝖆"
+          "spacebar"
+          "1488"
+          "hitler"
+          "nigger"
+          "nitro"
+          "monero"
+          "gmail.com"
+          "outlook.com"
+          "steam"
+        ];
+      };
     };
     extraEnvironment = {
       DATABASE = "postgres://spacebar:spacebar@192.168.100.1/spacebar";

 

generated by cgit-magenta 1.5.1 (git 2.53.0) at 2026-05-03 07:30:34 +0000