From 238294b7bf5875cb8f8afacb2e213e506fcc7964 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 11 Mar 2022 17:10:44 +0100 Subject: [PATCH] secrets: move gandi api key to agenix --- hosts/poseidon/secrets.nix | 2 ++ modules/secrets/gandi/api-key.age | 8 ++++++++ modules/secrets/secrets.nix | 2 ++ secrets/default.nix | 1 - secrets/gandi-api-key.secret | Bin 63 -> 0 bytes services/nginx.nix | 2 +- 6 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 modules/secrets/gandi/api-key.age delete mode 100644 secrets/gandi-api-key.secret diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix index 2b64a0d..f0722b6 100644 --- a/hosts/poseidon/secrets.nix +++ b/hosts/poseidon/secrets.nix @@ -9,6 +9,8 @@ } // attrs; in lib.mapAttrs toSecret { + "gandi/api-key" = {}; + "users/alarsyo-hashed-password" = {}; "users/root-hashed-password" = {}; }; diff --git a/modules/secrets/gandi/api-key.age b/modules/secrets/gandi/api-key.age new file mode 100644 index 0000000..cf9f9c9 --- /dev/null +++ b/modules/secrets/gandi/api-key.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 z6Eu8Q Z6nxu/Aj6YiouSwaHKO9o/VjDwkFeg1aUpxWDH0zYUc +nN/e7E4mRe0u6r845FlT9QPYTAAoG7YQZY+igYNNd7Y +-> LZ-grease 7/44AQ]n H&}_^ hIg#2Ic :cyUJma +cyKzugByeYVVqVRXfi/a7RkreaM9vVNw8z1Jn+MaLZs1paE44QEe2Y2bsXA9tmai +GSfOFlOBv82/Jhlc7xUK5w6RxgIBdmxtpEfRaUw +--- jnsdwFTZU4wzsxo0piNFBchQtCuFQohGALt42YukeVA +7wOp8҈eu!CbBRzIאN?C W[kGslZG9nL \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 5e3fec2..cecc74e 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -11,6 +11,8 @@ let all = users ++ machines; in { + "gandi/api-key.age".publicKeys = [ poseidon ]; + "restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ]; "restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ]; "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ]; diff --git a/secrets/default.nix b/secrets/default.nix index 08084b0..c17761a 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -15,7 +15,6 @@ in { nextcloud-admin-pass = ./nextcloud-admin-pass.secret; nextcloud-admin-user = fileContents ./nextcloud-admin-user.secret; lohr-shared-secret = fileContents ./lohr-shared-secret.secret; - gandiKey = fileContents ./gandi-api-key.secret; borg-backup = import ./borg-backup { inherit lib; }; paperless = import ./paperless { inherit lib; }; diff --git a/secrets/gandi-api-key.secret b/secrets/gandi-api-key.secret deleted file mode 100644 index 06a9edabb961c3ea440cefc74e7bb645885d12ca..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 63 zcmV-F0KoqMM@dveQdv+`0Pya0WBT>|V<^;pO&_