alarsyo/nixos-config
alarsyo/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

secrets: move lohr to agenix

Browse source
This commit is contained in:
Antoine Martin 2022-03-11 17:26:54 +01:00
parent 3b99096af9
commit dad068ed6b
6 changed files with 13 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hosts/poseidon/secrets.nix
View file

@ -11,6 +11,8 @@
lib.mapAttrs toSecret { lib.mapAttrs toSecret {
"gandi/api-key" = {}; "gandi/api-key" = {};
"lohr/shared-secret" = {};
"users/alarsyo-hashed-password" = {}; "users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {}; "users/root-hashed-password" = {};
}; };

8
modules/secrets/lohr/shared-secret.age Normal file
View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 z6Eu8Q TbYGLV7JbzW40Eo9aNDfirmKXntiJnT60mbbzRLQJX4
KHbJtr2hsfe7lsZ2VRTo7mWAgi33f8OJiuBDNfnCijE
-> U}J&0*-grease 0~7egWZ( bN0gqO I[r[CN15
xL86runL
--- WrvrFFp0ZtCc0dXhfzaHOiFckW5u6qpm7SLEwgi8cyg
Æqä¯Q<1E>èI‘²º ±à[¸E>¤0ÒÀ<C392>Å <20>ô멃<C2A9>ŒKE<4B>
ÏÝUüéA'[KpaŽy8fëžÉŠ¾Z©Ã`¤Èö‰q¾7qÁ"„ÎzC íI{I!æ\é%€E²q¦y¢ãÒ”3

2
modules/secrets/secrets.nix
View file

@ -13,6 +13,8 @@ in
{ {
"gandi/api-key.age".publicKeys = [ poseidon ]; "gandi/api-key.age".publicKeys = [ poseidon ];
"lohr/shared-secret.age".publicKeys = [ poseidon ];
"restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ]; "restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ];
"restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ]; "restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ];
"restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ]; "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];

1
secrets/default.nix
View file

@ -14,7 +14,6 @@ in {
transmission-password = fileContents ./transmission.secret; transmission-password = fileContents ./transmission.secret;
nextcloud-admin-pass = ./nextcloud-admin-pass.secret; nextcloud-admin-pass = ./nextcloud-admin-pass.secret;
nextcloud-admin-user = fileContents ./nextcloud-admin-user.secret; nextcloud-admin-user = fileContents ./nextcloud-admin-user.secret;
lohr-shared-secret = fileContents ./lohr-shared-secret.secret;
paperless = import ./paperless { inherit lib; }; paperless = import ./paperless { inherit lib; };
restic-backup = import ./restic-backup { inherit lib; }; restic-backup = import ./restic-backup { inherit lib; };

BIN
secrets/lohr-shared-secret.secret
View file

Binary file not shown.

3
services/lohr.nix
View file

@ -44,9 +44,8 @@ in
"ROCKET_PORT=${toString cfg.port}" "ROCKET_PORT=${toString cfg.port}"
"ROCKET_LOG_LEVEL=normal" "ROCKET_LOG_LEVEL=normal"
"LOHR_HOME=${cfg.home}" "LOHR_HOME=${cfg.home}"
# NOTE: secret cannot contain a '%', it's interpreted by systemd
"'LOHR_SECRET=${secrets.lohr-shared-secret}'"
]; ];
EnvironmentFile = config.age.secrets."lohr/shared-secret".path;
ExecStart = "${lohrPkg}/bin/lohr"; ExecStart = "${lohrPkg}/bin/lohr";
StateDirectory = "lohr"; StateDirectory = "lohr";
WorkingDirectory = "/var/lib/lohr"; WorkingDirectory = "/var/lib/lohr";