From 54dbe0c667280a7500da521ce89bcfab0c306937 Mon Sep 17 00:00:00 2001 From: Adrian Cowan Date: Sat, 18 Apr 2026 16:44:44 +1000 Subject: [PATCH] Cleanup diun references from ntfy, diun was never actually committed --- 2-nomad-config/ntfy.nomad.hcl | 11 ----------- 2-nomad-config/ntfy.tf | 1 - 2 files changed, 12 deletions(-) diff --git a/2-nomad-config/ntfy.nomad.hcl b/2-nomad-config/ntfy.nomad.hcl index 36fa0b6..f5560a5 100644 --- a/2-nomad-config/ntfy.nomad.hcl +++ b/2-nomad-config/ntfy.nomad.hcl @@ -46,14 +46,8 @@ job "ntfy" { # Bcrypt hashes are not secrets and are hardcoded below (same as /etc/shadow — safe to commit). # Generate with: docker run --rm -it binwiederhier/ntfy user hash # or: echo "mypassword" | docker run --rm -i binwiederhier/ntfy user hash - # For the diun account the plaintext is irrelevant (token-only auth); use a random password: - # openssl rand -base64 32 | docker run --rm -i binwiederhier/ntfy user hash - # # Required SOPS keys: # ntfy.database_pw — postgres password for the ntfy role - # diun.ntfy_token — access token for Diun (actual secret — grants write access) - # Must start with "tk_" and be exactly 32 chars total. - # Generate: tok=$(openssl rand -hex 15); echo "tk_${tok:0:29}" task "ntfy" { driver = "docker" @@ -80,11 +74,6 @@ behind-proxy: true enable-login: true auth-users: - "admin:$2a$10$rLp4qagJnsA8Es5hQlISH.WrlzwMrXE2MBaEgz7zdd2lkAVu30lMy:admin" - - "diun:$2y$10$4wi1VG.Vp5p3Q2OEIXaTSOmwZm.G9dpNca9BqQRMdGGnk2yQqK3Gq:user" -auth-tokens: - - "diun:{{with nomadVar "nomad/jobs/ntfy"}}{{.diun_token}}{{end}}:Diun" -auth-access: - - "diun:diun:write-only" EOF destination = "local/server.yml" } diff --git a/2-nomad-config/ntfy.tf b/2-nomad-config/ntfy.tf index 5f7905d..872253d 100644 --- a/2-nomad-config/ntfy.tf +++ b/2-nomad-config/ntfy.tf @@ -6,7 +6,6 @@ resource "nomad_variable" "ntfy" { path = "nomad/jobs/ntfy" items = { database_pw = data.sops_file.secrets.data["ntfy.database_pw"] - diun_token = data.sops_file.secrets.data["diun.ntfy_token"] } }