motiejus/config
1
Fork 0
Code Packages Releases Activity

move secrets from flake.nix to host config

Browse Source
This commit is contained in:
Motiejus Jakštys 2024-08-27 08:50:57 +03:00
parent c2e58f1314
commit 01e86db54c
5 changed files with 55 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
flake.nix
View File

@ -142,18 +142,7 @@
home-manager.nixosModules.home-manager
nixos-hardware.nixosModules.lenovo-thinkpad-x1-11th-gen
nix-index-database.nixosModules.nix-index
agenix.nixosModules.default
{
age.secrets = {
motiejus-work-passwd-hash.file = ./secrets/motiejus_work_passwd_hash.age;
root-work-passwd-hash.file = ./secrets/root_work_passwd_hash.age;
sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
syncthing-key.file = ./secrets/mtworx/syncthing/key.pem.age;
syncthing-cert.file = ./secrets/mtworx/syncthing/cert.pem.age;
};
}
];
specialArgs = {
@ -170,24 +159,6 @@
nixos-hardware.nixosModules.framework-12th-gen-intel
agenix.nixosModules.default
{
age.secrets = {
motiejus-server-passwd-hash.file = ./secrets/motiejus_server_passwd_hash.age;
root-server-passwd-hash.file = ./secrets/root_server_passwd_hash.age;
sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
headscale-client-oidc.file = ./secrets/headscale/oidc_client_secret2.age;
borgbackup-password.file = ./secrets/fwminex/borgbackup-password.age;
grafana-oidc.file = ./secrets/grafana.jakstys.lt/oidc.age;
letsencrypt-account-key.file = ./secrets/letsencrypt/account.key.age;
vaultwarden-secrets-env.file = ./secrets/vaultwarden/secrets.env.age;
photoprism-admin-passwd.file = ./secrets/photoprism/admin_password.age;
synapse-jakstys-signing-key.file = ./secrets/synapse/jakstys_lt_signing_key.age;
synapse-registration-shared-secret.file = ./secrets/synapse/registration_shared_secret.age;
synapse-macaroon-secret-key.file = ./secrets/synapse/macaroon_secret_key.age;
syncthing-key.file = ./secrets/fwminex/syncthing/key.pem.age;
syncthing-cert.file = ./secrets/fwminex/syncthing/cert.pem.age;
};
}
];
specialArgs = {
@ -204,16 +175,6 @@
nix-index-database.nixosModules.nix-index
agenix.nixosModules.default
{
age.secrets = {
motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
root-passwd-hash.file = ./secrets/root_passwd_hash.age;
sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
syncthing-key.file = ./secrets/vno1-gdrx/syncthing/key.pem.age;
syncthing-cert.file = ./secrets/vno1-gdrx/syncthing/cert.pem.age;
};
}
];
specialArgs = {
@ -254,18 +215,8 @@
{ nixpkgs.overlays = overlays; }
agenix.nixosModules.default
home-manager.nixosModules.home-manager
./hosts/fra1-b/configuration.nix
./modules
{
age.secrets = {
motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
root-passwd-hash.file = ./secrets/root_passwd_hash.age;
sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
};
}
];
specialArgs = {

14
hosts/fra1-b/configuration.nix
View File

@ -10,10 +10,16 @@ in
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
age.secrets.ssh8022-server = {
file = ../../secrets/ssh8022.age;
owner = "spiped";
path = "/var/lib/spiped/ssh8022.key";
age.secrets = {
motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
root-passwd-hash.file = ./secrets/root_passwd_hash.age;
sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
ssh8022-server = {
file = ../../secrets/ssh8022.age;
owner = "spiped";
path = "/var/lib/spiped/ssh8022.key";
};
};
boot = {

25
hosts/fwminex/configuration.nix
View File

@ -13,10 +13,27 @@ in
../../modules/profiles/btrfs
];
age.secrets.ssh8022-server = {
file = ../../secrets/ssh8022.age;
owner = "spiped";
path = "/var/lib/spiped/ssh8022.key";
age.secrets = {
motiejus-server-passwd-hash.file = ./secrets/motiejus_server_passwd_hash.age;
root-server-passwd-hash.file = ./secrets/root_server_passwd_hash.age;
sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
headscale-client-oidc.file = ./secrets/headscale/oidc_client_secret2.age;
borgbackup-password.file = ./secrets/fwminex/borgbackup-password.age;
grafana-oidc.file = ./secrets/grafana.jakstys.lt/oidc.age;
letsencrypt-account-key.file = ./secrets/letsencrypt/account.key.age;
vaultwarden-secrets-env.file = ./secrets/vaultwarden/secrets.env.age;
photoprism-admin-passwd.file = ./secrets/photoprism/admin_password.age;
synapse-jakstys-signing-key.file = ./secrets/synapse/jakstys_lt_signing_key.age;
synapse-registration-shared-secret.file = ./secrets/synapse/registration_shared_secret.age;
synapse-macaroon-secret-key.file = ./secrets/synapse/macaroon_secret_key.age;
syncthing-key.file = ./secrets/fwminex/syncthing/key.pem.age;
syncthing-cert.file = ./secrets/fwminex/syncthing/cert.pem.age;
ssh8022-server = {
file = ../../secrets/ssh8022.age;
owner = "spiped";
path = "/var/lib/spiped/ssh8022.key";
};
};
boot = {

15
hosts/mtworx/configuration.nix
View File

@ -16,9 +16,18 @@ in
../../modules/profiles/btrfs
];
age.secrets.ssh8022-client = {
file = ../../secrets/ssh8022.age;
mode = "444";
age.secrets = {
motiejus-work-passwd-hash.file = ./secrets/motiejus_work_passwd_hash.age;
root-work-passwd-hash.file = ./secrets/root_work_passwd_hash.age;
sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
syncthing-key.file = ./secrets/mtworx/syncthing/key.pem.age;
syncthing-cert.file = ./secrets/mtworx/syncthing/cert.pem.age;
ssh8022-client = {
file = ../../secrets/ssh8022.age;
mode = "444";
};
};
boot = {

15
hosts/vno1-gdrx/configuration.nix
View File

@ -10,9 +10,18 @@ in
../../modules/profiles/btrfs
];
age.secrets.ssh8022-client = {
file = ../../secrets/ssh8022.age;
mode = "444";
age.secrets = {
motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
root-passwd-hash.file = ./secrets/root_passwd_hash.age;
sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
syncthing-key.file = ./secrets/vno1-gdrx/syncthing/key.pem.age;
syncthing-cert.file = ./secrets/vno1-gdrx/syncthing/cert.pem.age;
ssh8022-client = {
file = ../../secrets/ssh8022.age;
mode = "444";
};
};
boot = {