diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix index f0722b6..2b64a0d 100644 --- a/hosts/poseidon/secrets.nix +++ b/hosts/poseidon/secrets.nix @@ -9,8 +9,6 @@ } // attrs; in lib.mapAttrs toSecret { - "gandi/api-key" = {}; - "users/alarsyo-hashed-password" = {}; "users/root-hashed-password" = {}; }; diff --git a/modules/secrets/gandi/api-key.age b/modules/secrets/gandi/api-key.age deleted file mode 100644 index cf9f9c9..0000000 --- a/modules/secrets/gandi/api-key.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 z6Eu8Q Z6nxu/Aj6YiouSwaHKO9o/VjDwkFeg1aUpxWDH0zYUc -nN/e7E4mRe0u6r845FlT9QPYTAAoG7YQZY+igYNNd7Y --> LZ-grease 7/44AQ]n H&}_^ hIg#2Ic :cyUJma -cyKzugByeYVVqVRXfi/a7RkreaM9vVNw8z1Jn+MaLZs1paE44QEe2Y2bsXA9tmai -GSfOFlOBv82/Jhlc7xUK5w6RxgIBdmxtpEfRaUw ---- jnsdwFTZU4wzsxo0piNFBchQtCuFQohGALt42YukeVA -7wOp8҈eu!CbBRzIאN?C W[kGslZG9nL \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index cecc74e..5e3fec2 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -11,8 +11,6 @@ let all = users ++ machines; in { - "gandi/api-key.age".publicKeys = [ poseidon ]; - "restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ]; "restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ]; "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ]; diff --git a/secrets/default.nix b/secrets/default.nix index c17761a..d63ad9f 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -10,11 +10,14 @@ in { }; config.my.secrets = { + shadow-hashed-password-alarsyo = fileContents ./shadow-hashed-password-alarsyo.secret; + shadow-hashed-password-root = fileContents ./shadow-hashed-password-root.secret; miniflux-admin-credentials = fileContents ./miniflux-admin-credentials.secret; transmission-password = fileContents ./transmission.secret; nextcloud-admin-pass = ./nextcloud-admin-pass.secret; nextcloud-admin-user = fileContents ./nextcloud-admin-user.secret; lohr-shared-secret = fileContents ./lohr-shared-secret.secret; + gandiKey = fileContents ./gandi-api-key.secret; borg-backup = import ./borg-backup { inherit lib; }; paperless = import ./paperless { inherit lib; }; diff --git a/secrets/gandi-api-key.secret b/secrets/gandi-api-key.secret new file mode 100644 index 0000000..06a9eda Binary files /dev/null and b/secrets/gandi-api-key.secret differ diff --git a/secrets/shadow-hashed-password-alarsyo.secret b/secrets/shadow-hashed-password-alarsyo.secret new file mode 100644 index 0000000..d4afac8 Binary files /dev/null and b/secrets/shadow-hashed-password-alarsyo.secret differ diff --git a/secrets/shadow-hashed-password-root.secret b/secrets/shadow-hashed-password-root.secret new file mode 100644 index 0000000..d4afac8 Binary files /dev/null and b/secrets/shadow-hashed-password-root.secret differ diff --git a/services/nginx.nix b/services/nginx.nix index 42dc015..0fe607b 100644 --- a/services/nginx.nix +++ b/services/nginx.nix @@ -54,7 +54,7 @@ in "${domain}" = { extraDomainNames = [ "*.${domain}" ]; dnsProvider = "gandiv5"; - credentialsFile = config.age.secrets."gandi/api-key".path; + credentialsFile = pkgs.writeText "gandi-creds.env" gandiKey; group = "nginx"; }; };