From e53051be1bcb59cd826d1320ce59c3f3e2703521 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 8 Jun 2025 13:54:23 +0200 Subject: [PATCH] bundles/navidrome: do not rotate password encryption key --- bundles/navidrome/items.py | 3 +++ bundles/navidrome/metadata.py | 1 - nodes/sophie/sophie.navidrome.toml | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/bundles/navidrome/items.py b/bundles/navidrome/items.py index d51f2cc..5e3ef4e 100644 --- a/bundles/navidrome/items.py +++ b/bundles/navidrome/items.py @@ -1,3 +1,6 @@ +# ensure users set this to avoid using the shared key +node.metadata.get('navidrome/config/PasswordEncryptionKey') + users = { 'navidrome': { 'home': '/opt/navidrome', diff --git a/bundles/navidrome/metadata.py b/bundles/navidrome/metadata.py index 73efe72..2b85b76 100644 --- a/bundles/navidrome/metadata.py +++ b/bundles/navidrome/metadata.py @@ -19,7 +19,6 @@ defaults = { 'EnableInsightsCollector': False, 'LastFM.Enabled': False, 'ListenBrainz.Enabled': False, - 'PasswordEncryptionKey': repo.vault.password_for('{} encryption navidrome'.format(node.name)), 'Port': 4533, 'Scanner.Schedule': '@every 72h', }, diff --git a/nodes/sophie/sophie.navidrome.toml b/nodes/sophie/sophie.navidrome.toml index d1df8eb..396503d 100644 --- a/nodes/sophie/sophie.navidrome.toml +++ b/nodes/sophie/sophie.navidrome.toml @@ -28,6 +28,7 @@ sha1 = 'c5e513fb830f40bea33537ef0c649a3621bd443c' [metadata.navidrome.config] MusicFolder = "/mnt/media/Musik" +PasswordEncryptionKey = "!decrypt:encrypt$gAAAAABoRXLwSTeGRCvU-eVS-596B4UqjR6sC-AyB17JCLLEaGHDjJUnUXyn3dRKaLNoTCxKQkHIR4K0aAyQkPf7gVEwthZS4UoJCeQhvhFA9udtjSSAMt7E7sMnTFD8qCCoznqSRQzZ" [metadata.nfs-client.mounts.media] mountpoint = '/mnt/media'