ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

modules: secrets: move host-specific secrets

Browse source
This commit is contained in:
Bruno BELANYI 2023-04-13 16:48:37 +00:00
parent 57008bcb7c
commit 6079485b50
27 changed files with 52 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
modules/secrets/acme/dns-key.age → hosts/nixos/porthos/secrets/acme/dns-key.age
View file

0
modules/secrets/backup/credentials.age → hosts/nixos/porthos/secrets/backup/credentials.age
View file

0
modules/secrets/backup/password.age → hosts/nixos/porthos/secrets/backup/password.age
View file

0
modules/secrets/drone/gitea.age → hosts/nixos/porthos/secrets/drone/gitea.age
View file

0
modules/secrets/drone/secret.age → hosts/nixos/porthos/secrets/drone/secret.age
View file

0
modules/secrets/drone/ssh/private-key.age → hosts/nixos/porthos/secrets/drone/ssh/private-key.age
View file

0
modules/secrets/gitea/mail-password.age → hosts/nixos/porthos/secrets/gitea/mail-password.age
View file

0
modules/secrets/lohr/secret.age → hosts/nixos/porthos/secrets/lohr/secret.age
View file

0
modules/secrets/lohr/ssh-key.age → hosts/nixos/porthos/secrets/lohr/ssh-key.age
View file

0
modules/secrets/matrix/mail.age → hosts/nixos/porthos/secrets/matrix/mail.age
View file

0
modules/secrets/matrix/secret.age → hosts/nixos/porthos/secrets/matrix/secret.age
View file

0
modules/secrets/miniflux/credentials.age → hosts/nixos/porthos/secrets/miniflux/credentials.age
View file

0
modules/secrets/monitoring/password.age → hosts/nixos/porthos/secrets/monitoring/password.age
View file

0
modules/secrets/nextcloud/password.age → hosts/nixos/porthos/secrets/nextcloud/password.age
View file

0
modules/secrets/paperless/password.age → hosts/nixos/porthos/secrets/paperless/password.age
View file

0
modules/secrets/paperless/secret-key.age → hosts/nixos/porthos/secrets/paperless/secret-key.age
View file

0
modules/secrets/podgrab/password.age → hosts/nixos/porthos/secrets/podgrab/password.age
View file

53
hosts/nixos/porthos/secrets/secrets.nix
View file

@ -10,5 +10,56 @@ let
];
in
{
# Add secrets here
"acme/dns-key.age".publicKeys = all;
"backup/password.age".publicKeys = all;
"backup/credentials.age".publicKeys = all;
"drone/gitea.age".publicKeys = all;
"drone/secret.age".publicKeys = all;
"drone/ssh/private-key.age".publicKeys = all;
"gitea/mail-password.age" = {
owner = "git";
publicKeys = all;
};
"lohr/secret.age".publicKeys = all;
"lohr/ssh-key.age".publicKeys = all;
"matrix/mail.age" = {
owner = "matrix-synapse";
publicKeys = all;
};
"matrix/secret.age" = {
owner = "matrix-synapse";
publicKeys = all;
};
"miniflux/credentials.age".publicKeys = all;
"monitoring/password.age" = {
owner = "grafana";
publicKeys = all;
};
"nextcloud/password.age" = {
owner = "nextcloud";
publicKeys = all;
};
"paperless/password.age".publicKeys = all;
"paperless/secret-key.age".publicKeys = all;
"podgrab/password.age".publicKeys = all;
"sso/auth-key.age".publicKeys = all;
"sso/ambroisie/password-hash.age".publicKeys = all;
"sso/ambroisie/totp-secret.age".publicKeys = all;
"transmission/credentials.age".publicKeys = all;
"woodpecker/gitea.age".publicKeys = all;
"woodpecker/secret.age".publicKeys = all;
"woodpecker/ssh/private-key.age".publicKeys = all;
}

0
modules/secrets/sso/ambroisie/password-hash.age → hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age
View file

0
modules/secrets/sso/ambroisie/totp-secret.age → hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age
View file

0
modules/secrets/sso/auth-key.age → hosts/nixos/porthos/secrets/sso/auth-key.age
View file

0
modules/secrets/sso/default.nix → hosts/nixos/porthos/secrets/sso/default.nix
View file

0
modules/secrets/transmission/credentials.age → hosts/nixos/porthos/secrets/transmission/credentials.age
View file

0
modules/secrets/woodpecker/gitea.age → hosts/nixos/porthos/secrets/woodpecker/gitea.age
View file

0
modules/secrets/woodpecker/secret.age → hosts/nixos/porthos/secrets/woodpecker/secret.age
View file

0
modules/secrets/woodpecker/ssh/private-key.age → hosts/nixos/porthos/secrets/woodpecker/ssh/private-key.age
View file

54
modules/secrets/secrets.nix
View file

@ -5,56 +5,6 @@ let
inherit (keys) all;
in
{
"acme/dns-key.age".publicKeys = all;
"backup/password.age".publicKeys = all;
"backup/credentials.age".publicKeys = all;
"drone/gitea.age".publicKeys = all;
"drone/secret.age".publicKeys = all;
"drone/ssh/private-key.age".publicKeys = all;
"gitea/mail-password.age" = {
owner = "git";
publicKeys = all;
};
"lohr/secret.age".publicKeys = all;
"lohr/ssh-key.age".publicKeys = all;
"matrix/mail.age" = {
owner = "matrix-synapse";
publicKeys = all;
};
"matrix/secret.age" = {
owner = "matrix-synapse";
publicKeys = all;
};
"miniflux/credentials.age".publicKeys = all;
"monitoring/password.age" = {
owner = "grafana";
publicKeys = all;
};
"nextcloud/password.age" = {
# Must be readable by the service
owner = "nextcloud";
publicKeys = all;
};
"paperless/password.age".publicKeys = all;
"paperless/secret-key.age".publicKeys = all;
"podgrab/password.age".publicKeys = all;
"sso/auth-key.age".publicKeys = all;
"sso/ambroisie/password-hash.age".publicKeys = all;
"sso/ambroisie/totp-secret.age".publicKeys = all;
"transmission/credentials.age".publicKeys = all;
"users/ambroisie/hashed-password.age".publicKeys = all;
"users/root/hashed-password.age".publicKeys = all;
@ -62,8 +12,4 @@ in
"wireguard/milady/private-key.age".publicKeys = all;
"wireguard/porthos/private-key.age".publicKeys = all;
"wireguard/richelieu/private-key.age".publicKeys = all;
"woodpecker/gitea.age".publicKeys = all;
"woodpecker/secret.age".publicKeys = all;
"woodpecker/ssh/private-key.age".publicKeys = all;
}