Compare commits
2 commits
aa72401909
...
238294b7bf
Author | SHA1 | Date | |
---|---|---|---|
Antoine Martin | 238294b7bf | ||
Antoine Martin | f4e2d1739d |
|
@ -9,6 +9,8 @@
|
||||||
} // attrs;
|
} // attrs;
|
||||||
in
|
in
|
||||||
lib.mapAttrs toSecret {
|
lib.mapAttrs toSecret {
|
||||||
|
"gandi/api-key" = {};
|
||||||
|
|
||||||
"users/alarsyo-hashed-password" = {};
|
"users/alarsyo-hashed-password" = {};
|
||||||
"users/root-hashed-password" = {};
|
"users/root-hashed-password" = {};
|
||||||
};
|
};
|
||||||
|
|
8
modules/secrets/gandi/api-key.age
Normal file
8
modules/secrets/gandi/api-key.age
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 z6Eu8Q Z6nxu/Aj6YiouSwaHKO9o/VjDwkFeg1aUpxWDH0zYUc
|
||||||
|
nN/e7E4mRe0u6r845FlT9QPYTAAoG7YQZY+igYNNd7Y
|
||||||
|
-> LZ-grease 7/44AQ]n H&}_^ hIg#2Ic :cyUJma
|
||||||
|
cyKzugByeYVVqVRXfi/a7RkreaM9vVNw8z1Jn+MaLZs1paE44QEe2Y2bsXA9tmai
|
||||||
|
GSfOFlOBv82/Jhlc7xUK5w6RxgIBdmxtpEfRaUw
|
||||||
|
--- jnsdwFTZU4wzsxo0piNFBchQtCuFQohGALt42YukeVA
|
||||||
|
˜7wO˜ƒp8Òˆeu!¡CbìBRïî·zI×<49>Nìô•?C <09>éýW›õ[kG½ƒslãöÀZGÿØì™üÝ9nðL
|
|
@ -11,6 +11,8 @@ let
|
||||||
all = users ++ machines;
|
all = users ++ machines;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
"gandi/api-key.age".publicKeys = [ poseidon ];
|
||||||
|
|
||||||
"restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ];
|
"restic-backup/boreal-password.age".publicKeys = [ alarsyo boreal ];
|
||||||
"restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ];
|
"restic-backup/boreal-credentials.age".publicKeys = [ alarsyo boreal ];
|
||||||
"restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
|
"restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
|
||||||
|
|
|
@ -10,14 +10,11 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
config.my.secrets = {
|
config.my.secrets = {
|
||||||
shadow-hashed-password-alarsyo = fileContents ./shadow-hashed-password-alarsyo.secret;
|
|
||||||
shadow-hashed-password-root = fileContents ./shadow-hashed-password-root.secret;
|
|
||||||
miniflux-admin-credentials = fileContents ./miniflux-admin-credentials.secret;
|
miniflux-admin-credentials = fileContents ./miniflux-admin-credentials.secret;
|
||||||
transmission-password = fileContents ./transmission.secret;
|
transmission-password = fileContents ./transmission.secret;
|
||||||
nextcloud-admin-pass = ./nextcloud-admin-pass.secret;
|
nextcloud-admin-pass = ./nextcloud-admin-pass.secret;
|
||||||
nextcloud-admin-user = fileContents ./nextcloud-admin-user.secret;
|
nextcloud-admin-user = fileContents ./nextcloud-admin-user.secret;
|
||||||
lohr-shared-secret = fileContents ./lohr-shared-secret.secret;
|
lohr-shared-secret = fileContents ./lohr-shared-secret.secret;
|
||||||
gandiKey = fileContents ./gandi-api-key.secret;
|
|
||||||
|
|
||||||
borg-backup = import ./borg-backup { inherit lib; };
|
borg-backup = import ./borg-backup { inherit lib; };
|
||||||
paperless = import ./paperless { inherit lib; };
|
paperless = import ./paperless { inherit lib; };
|
||||||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -54,7 +54,7 @@ in
|
||||||
"${domain}" = {
|
"${domain}" = {
|
||||||
extraDomainNames = [ "*.${domain}" ];
|
extraDomainNames = [ "*.${domain}" ];
|
||||||
dnsProvider = "gandiv5";
|
dnsProvider = "gandiv5";
|
||||||
credentialsFile = pkgs.writeText "gandi-creds.env" gandiKey;
|
credentialsFile = config.age.secrets."gandi/api-key".path;
|
||||||
group = "nginx";
|
group = "nginx";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue