Gleipnir/nixos-systems
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Get cloudreve working on new corp with local database

Browse source 
This was a huge hassle. I really wanted to see it working under a
non-root user since it writes files, but that ended up being impossible
because of several bugs in podman's rootless integration with NixOS.
I've kept pieces of the logic around and commented out in case I can fix
it in the future as it would be more secure.

I also tried to connect to Postgres over the unix domain socket, but the
problem here is that the container is built to run as root and I'd need
to do some elaborate mapping of the root user inside the container, the
non-root user outside the container, and the Postgres auth scheme.

This would be great stuff to sort out, but I'm out of time now to work
on it.
This commit is contained in:
Eli Ribble 2025-09-09 19:47:22 +00:00
parent b652029e73
commit 2c101e6aaa
4 changed files with 35 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

6
secrets/cloudreve.env
View file

@ -1,5 +1,3 @@
CR_CONF_Database.Type=ENC[AES256_GCM,data:bcU1B6sOSjc=,iv:JX7r+jbeM85ai/iATvipMSsPuom0FJwDMkV0U+Waebg=,tag:ptft8MxWTkiFVx/OibpiPg==,type:str]
CR_CONF_Database.DatabaseURL=ENC[AES256_GCM,data:C2+9vVWi5JPF+IdEDBaRPk2B9VGBEwCKxC+9GcNah09fp7Nz7SBYqIbQxb+GKx6jzSUritCgwfruZN7y7p3lIUwdCOa//MJwm4FTWOX2gT8IhI8xFPr+1rNgSWM5VIS0apTE+MpFwM1QPJwRFbLyFvfD3sGP1tUIsOLNxw7iTJG4RiJLtcl8D0AHNul2awymqYc/Z82gMe9HqNRhig4EjQ==,iv:+DeCxNOQd5OdviMDXdqCT2A6Y+iAjVfFGtOfwg8nl6Y=,tag:C0mLMzs/44m3NeXDq/pwzw==,type:str]
CR_LICENSE_KEY=ENC[AES256_GCM,data:TLb8iQFNLA88iLe8td0Oggd+bbNzqgxMCpP9ulMw4+B0t9l5vdKks1Vyx2hxV2Hg4BuYkoW6IW1njoWtT9gCrCAd8pGTJ7+x,iv:ywD8DlNGOA+caY0BnmgPm1r+cnjSRwZ5ZabKXrGtmxo=,tag:8ua/itSi75qjpU6Pl+6jig==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaS3Y2VHlSQXRYOW43djcw\nUU02QWdjNE5KSzl0dk5ybnFORERXeE5NRkVVClllMkRFa2Izek1XYXpwb3V2ekJZ\neHVaY2dlVDRxbXRieC9MMlZRb0N2eFkKLS0tIFdZQXlYZVhFdFB4K3phRFpHVFBj\nVk5BQzJuQlJZcEVTZ3NTNloxWTRjRTgK9q3orFFKI6jQ25cX4y8spBM6xYOdo5lf\nqnetsT7N0vv4qFOlkvw7SJpljX3OMxlby1CpqYe6494GF2bUsg1tIA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1fnkhk9rv7r8gh84vxnhvndk4fgh20qcj4hvnfhdpumcydl6m6vrse50lrz
@ -13,7 +11,7 @@ sops_age__list_4__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb2
sops_age__list_4__map_recipient=age1t3ryfktuhr3cysf49m9q2n8fkjf9ajjjnhztxw9hz8paxgk4lpcq065jge
sops_age__list_5__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLSEw1cElqRDRJRE42bXM1\nZjh3MDJQVFEwdFJmcmF2YWdvamJ4VDJKQmd3CjE2Q1FBUU10ekx0WjVNS1R6c3lF\nS0VZSkp5b0FWTDNTNTVObFVjVXZiS28KLS0tIDM1SDY1YWlLNkM5aEZoVng5NnhQ\nT3dYbTIzdlA0RDkrNDJEbE1hM04yK1UKMIdTHYf1ONLM4cG2V6+3cqZdsJCnAtPR\n6K741LxT5eHQ8o1vbtCi0/zWj/4lb/wmiCCRBgj4B88eQSdqxRhtPA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_5__map_recipient=age1j90h7hcp4fctr2xwj4zf9cxuelm43wkujvryc9hk6rzzc37rwdmss035w7
sops_lastmodified=2025-07-19T00:19:19Z
sops_mac=ENC[AES256_GCM,data:y0ImYOeiuYDVkBdL+PU4oWKrwpLhcylh0qYfR6BYS5dGdw4A1KMxN0vqhXM73mQaHRwEJBfGJDA6pq++/e0lMbiw7xhyWvm/AxQ8DlSo+4cV19ZAs+VwV0fGkHJ7xKVN2Yl5qQRNKvy1IhIFOd1yre8kGJKeD7FYJXpn/cdsIoE=,iv:ngvWDmaXKG2E8p0gKTGzoFzvPCHAEurMuX4M1L/xqA0=,tag:UNvtRT2JINgTg4WJomiTUA==,type:str]
sops_lastmodified=2025-09-09T19:12:50Z
sops_mac=ENC[AES256_GCM,data:YiXYB4ZgQiqWhF+XUuu6kMW1kvf4FzBOdJiwuxaww9gFS3FMztReJYNYqHuVYQyGPQZgexVRgwGqf8kZ/aSsn8mSf4Wpx9zdI69bS9+mlJUN0ndQKQhP/wiO5TP4bmJxB0W8sq62V3nCWG82tdG6jTCNrpS2y3L4U4H+tg7uD+4=,iv:le11XPbNeaNY89a6hDmx7kyQWD1BhicHaUKT43qLOEs=,tag:QFDSWFDhE7ZESI4UnDUXRQ==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.10.2