add basic container, configure git repo structure, add sops addon

2026-02-10 18:34:25 +03:00
parent 3e5be7b7a4
commit d457efd566
14 changed files with 132 additions and 1 deletions
--- a/hosts/home-morefine/systemd/docker.service.d/10-sops-decrypt.conf
+++ b/hosts/home-morefine/systemd/docker.service.d/10-sops-decrypt.conf
@@ -0,0 +1,3 @@
+[Unit]
+Requires=sops-decrypt.service
+After=sops-decrypt.service
--- a/hosts/home-morefine/systemd/sops/sops-decrypt.service
+++ b/hosts/home-morefine/systemd/sops/sops-decrypt.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=Decrypt SOPS secrets before Docker starts
+DefaultDependencies=no
+Before=docker.service
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=oneshot
+WorkingDirectory=/srv/gitops
+Environment=SOPS_AGE_KEY_FILE=/root/.config/sops/age/keys.txt
+
+# твой скрипт расшифровки (держи в репо или в /usr/local/bin)
+ExecStart=/srv/gitops/homelab-infra/lab-home/sops-decrypt.sh
+
+TimeoutStartSec=300
+
+[Install]
+WantedBy=multi-user.target
--- a/hosts/home-morefine/systemd/sops/sops-install-oneoff.sh
+++ b/hosts/home-morefine/systemd/sops/sops-install-oneoff.sh
@@ -0,0 +1,8 @@
+sudo install -D -m 0644 systemd/sops-decrypt.service /etc/systemd/system/sops-decrypt.service
+sudo install -D -m 0644 systemd/docker.service.d/10-sops-decrypt.conf /etc/systemd/system/docker.service.d/10-sops-decrypt.conf
+
+# сам скрипт
+sudo install -D -m 0755 systemd/sops-decrypt-all /usr/local/bin/sops-decrypt-all
+
+sudo systemctl daemon-reload
+sudo systemctl enable sops-decrypt.service