secrets: remove git-crypt secrets

This commit is contained in:
Bruno BELANYI 2021-09-25 16:36:57 +02:00
parent 414c27ee63
commit e64fdcf38b
32 changed files with 1 additions and 82 deletions

View file

@ -1,5 +0,0 @@
* filter=git-crypt diff=git-crypt
.gitattributes !filter !diff
/default.nix !filter !diff
/secrets.nix !filter !diff
*.age !filter !diff

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

@ -1,35 +1,11 @@
{ inputs, lib, options, ... }: { inputs, lib, options, ... }:
with lib; with lib;
let {
throwOnCanary =
let
canaryHash = builtins.hashFile "sha256" ./canary;
expectedHash =
"9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab";
in
if canaryHash != expectedHash
then throw "Secrets are not readable. Have you run `git-crypt unlock`?"
else id;
in
throwOnCanary {
imports = [ imports = [
inputs.agenix.nixosModules.age inputs.agenix.nixosModules.age
]; ];
options.my.secrets = mkOption {
type =
let
valueType = with types; oneOf [
int
str
(attrsOf valueType)
(listOf valueType)
];
in
valueType;
};
config.age = { config.age = {
secrets = secrets =
let let
@ -48,53 +24,4 @@ throwOnCanary {
"/home/ambroisie/.ssh/id_ed25519" "/home/ambroisie/.ssh/id_ed25519"
]; ];
}; };
config.my.secrets = {
acme.key = fileContents ./acme/key.env;
backup = {
password = fileContents ./backup/password.txt;
credentials = readFile ./backup/credentials.env;
};
drone = {
gitea = readFile ./drone/gitea.env;
secret = readFile ./drone/secret.env;
ssh = {
publicKey = readFile ./drone/ssh/key.pub;
privateKey = readFile ./drone/ssh/key;
};
};
lohr.secret = fileContents ./lohr/secret.txt;
matrix = {
mail = import ./matrix/mail.nix;
secret = fileContents ./matrix/secret.txt;
};
miniflux.password = fileContents ./miniflux/password.txt;
monitoring.password = fileContents ./monitoring/password.txt;
nextcloud.password = fileContents ./nextcloud/password.txt;
paperless = {
password = fileContents ./paperless/password.txt;
secretKey = fileContents ./paperless/secretKey.txt;
};
podgrab.password = fileContents ./podgrab/password.txt;
sso = import ./sso { inherit lib; };
transmission.password = fileContents ./transmission/password.txt;
users = {
ambroisie.hashedPassword = fileContents ./users/ambroisie/password.txt;
root.hashedPassword = fileContents ./users/root/password.txt;
};
wireguard = import ./wireguard { inherit lib; };
};
} }

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

@ -1 +0,0 @@
/default.nix filter diff

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

@ -1,2 +0,0 @@
/default.nix filter diff
public-key.txt filter diff

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.