petersweb-infra/nixos/secrets/default.nix
Philip Peterson d7109b6585 add VNC desktop container at vnc.quinefoundation.com
Custom Podman image (forge.quinefoundation.com/ironmagma/vnc-desktop) running
TigerVNC + noVNC + openbox, proxied via nginx with ACME TLS and basic auth.
Also switches all arion projects from docker to podman backend.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-25 17:08:15 -08:00

27 lines
919 B
Nix

let
mainframePublicKey = builtins.readFile ../keys/mainframe.pub;
in {
# This .age file should contain the following environment variables:
# NEARLYFREESPEECH_API_KEY
# NEARLYFREESPEECH_LOGIN
"./nearlyfreespeech.age".publicKeys = [mainframePublicKey];
# WEBDAV_PASSWORD
"./webdav.age".publicKeys = [mainframePublicKey];
# ANTHROPIC_API_KEY
"./anthropic-api-key.age".publicKeys = [mainframePublicKey];
# POSTMARK_SERVER_TOKEN
"./postmark.age".publicKeys = [mainframePublicKey];
# TOKEN=<forgejo runner registration token from Forgejo admin>
"./forgejo-runner-token.age".publicKeys = [mainframePublicKey];
# VNC_PASSWORD=<vnc session password>
"./vnc-password.age".publicKeys = [mainframePublicKey];
# htpasswd-format credentials for nginx basic auth on vnc.quinefoundation.com
# Generate with: htpasswd -n <username>
"./vnc-htpasswd.age".publicKeys = [mainframePublicKey];
}