secrets: list secrets used on host explicitly

2022-01-21 01:40:53 +01:00 · 2022-01-21 01:40:53 +01:00 · 096c2abb02
commit 096c2abb02
parent 8881850730
5 changed files with 41 additions and 15 deletions
--- a/hosts/boreal/default.nix
+++ b/hosts/boreal/default.nix
@ -9,6 +9,8 @@
      ./hardware-configuration.nix

      ./home.nix
+
+      ./secrets.nix
    ];

  boot.kernelPackages = pkgs.linuxPackages_latest;
--- a/hosts/boreal/secrets.nix
+++ b/hosts/boreal/secrets.nix
@ -0,0 +1,19 @@
+{ config, lib, options, ... }:
+
+{
+  config.age = {
+    secrets =
+      let
+        toSecret = name: { ... }@attrs: {
+          file = ./../../modules/secrets + "/${name}.age";
+        } // attrs;
+      in
+        lib.mapAttrs toSecret {
+          "restic-backup/boreal-credentials" = {};
+          "restic-backup/boreal-password" = {};
+
+          "users/alarsyo-hashed-password" = {};
+          "users/root-hashed-password" = {};
+        };
+  };
+}
--- a/hosts/zephyrus/default.nix
+++ b/hosts/zephyrus/default.nix
@ -8,6 +8,7 @@
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ./home.nix
+      ./secrets.nix
    ];

  boot.kernelPackages = pkgs.linuxPackages;
--- a/hosts/zephyrus/secrets.nix
+++ b/hosts/zephyrus/secrets.nix
@ -0,0 +1,19 @@
+{ config, lib, options, ... }:
+
+{
+  config.age = {
+    secrets =
+      let
+        toSecret = name: { ... }@attrs: {
+          file = ./../../modules/secrets + "/${name}.age";
+        } // attrs;
+      in
+        lib.mapAttrs toSecret {
+          "restic-backup/zephyrus-credentials" = {};
+          "restic-backup/zephyrus-password" = {};
+
+          "users/alarsyo-hashed-password" = {};
+          "users/root-hashed-password" = {};
+        };
+  };
+}