secrets: remove git-crypt secrets

This commit is contained in:
Bruno BELANYI 2021-09-25 16:36:57 +02:00
parent e962d4c574
commit 738d1760c3
32 changed files with 1 additions and 82 deletions

View file

@ -1,5 +0,0 @@
* filter=git-crypt diff=git-crypt
.gitattributes !filter !diff
/default.nix !filter !diff
/secrets.nix !filter !diff
*.age !filter !diff

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

@ -1,35 +1,11 @@
{ inputs, lib, options, ... }: { inputs, lib, options, ... }:
with lib; with lib;
let {
throwOnCanary =
let
canaryHash = builtins.hashFile "sha256" ./canary;
expectedHash =
"9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab";
in
if canaryHash != expectedHash
then throw "Secrets are not readable. Have you run `git-crypt unlock`?"
else id;
in
throwOnCanary {
imports = [ imports = [
inputs.agenix.nixosModules.age inputs.agenix.nixosModules.age
]; ];
options.my.secrets = mkOption {
type =
let
valueType = with types; oneOf [
int
str
(attrsOf valueType)
(listOf valueType)
];
in
valueType;
};
config.age = { config.age = {
secrets = secrets =
let let
@ -48,53 +24,4 @@ throwOnCanary {
"/home/ambroisie/.ssh/id_ed25519" "/home/ambroisie/.ssh/id_ed25519"
]; ];
}; };
config.my.secrets = {
acme.key = fileContents ./acme/key.env;
backup = {
password = fileContents ./backup/password.txt;
credentials = readFile ./backup/credentials.env;
};
drone = {
gitea = readFile ./drone/gitea.env;
secret = readFile ./drone/secret.env;
ssh = {
publicKey = readFile ./drone/ssh/key.pub;
privateKey = readFile ./drone/ssh/key;
};
};
lohr.secret = fileContents ./lohr/secret.txt;
matrix = {
mail = import ./matrix/mail.nix;
secret = fileContents ./matrix/secret.txt;
};
miniflux.password = fileContents ./miniflux/password.txt;
monitoring.password = fileContents ./monitoring/password.txt;
nextcloud.password = fileContents ./nextcloud/password.txt;
paperless = {
password = fileContents ./paperless/password.txt;
secretKey = fileContents ./paperless/secretKey.txt;
};
podgrab.password = fileContents ./podgrab/password.txt;
sso = import ./sso { inherit lib; };
transmission.password = fileContents ./transmission/password.txt;
users = {
ambroisie.hashedPassword = fileContents ./users/ambroisie/password.txt;
root.hashedPassword = fileContents ./users/root/password.txt;
};
wireguard = import ./wireguard { inherit lib; };
};
} }

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

@ -1 +0,0 @@
/default.nix filter diff

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

@ -1,2 +0,0 @@
/default.nix filter diff
public-key.txt filter diff

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.