secrets: remove git-crypt secrets
This commit is contained in:
parent
414c27ee63
commit
e64fdcf38b
32 changed files with 1 additions and 82 deletions
5
secrets/.gitattributes
vendored
5
secrets/.gitattributes
vendored
|
|
@ -1,5 +0,0 @@
|
|||
* filter=git-crypt diff=git-crypt
|
||||
.gitattributes !filter !diff
|
||||
/default.nix !filter !diff
|
||||
/secrets.nix !filter !diff
|
||||
*.age !filter !diff
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
secrets/canary
BIN
secrets/canary
Binary file not shown.
|
|
@ -1,35 +1,11 @@
|
|||
{ inputs, lib, options, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
throwOnCanary =
|
||||
let
|
||||
canaryHash = builtins.hashFile "sha256" ./canary;
|
||||
expectedHash =
|
||||
"9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab";
|
||||
in
|
||||
if canaryHash != expectedHash
|
||||
then throw "Secrets are not readable. Have you run `git-crypt unlock`?"
|
||||
else id;
|
||||
in
|
||||
throwOnCanary {
|
||||
{
|
||||
imports = [
|
||||
inputs.agenix.nixosModules.age
|
||||
];
|
||||
|
||||
options.my.secrets = mkOption {
|
||||
type =
|
||||
let
|
||||
valueType = with types; oneOf [
|
||||
int
|
||||
str
|
||||
(attrsOf valueType)
|
||||
(listOf valueType)
|
||||
];
|
||||
in
|
||||
valueType;
|
||||
};
|
||||
|
||||
config.age = {
|
||||
secrets =
|
||||
let
|
||||
|
|
@ -48,53 +24,4 @@ throwOnCanary {
|
|||
"/home/ambroisie/.ssh/id_ed25519"
|
||||
];
|
||||
};
|
||||
|
||||
config.my.secrets = {
|
||||
acme.key = fileContents ./acme/key.env;
|
||||
|
||||
backup = {
|
||||
password = fileContents ./backup/password.txt;
|
||||
credentials = readFile ./backup/credentials.env;
|
||||
};
|
||||
|
||||
drone = {
|
||||
gitea = readFile ./drone/gitea.env;
|
||||
secret = readFile ./drone/secret.env;
|
||||
ssh = {
|
||||
publicKey = readFile ./drone/ssh/key.pub;
|
||||
privateKey = readFile ./drone/ssh/key;
|
||||
};
|
||||
};
|
||||
|
||||
lohr.secret = fileContents ./lohr/secret.txt;
|
||||
|
||||
matrix = {
|
||||
mail = import ./matrix/mail.nix;
|
||||
secret = fileContents ./matrix/secret.txt;
|
||||
};
|
||||
|
||||
miniflux.password = fileContents ./miniflux/password.txt;
|
||||
|
||||
monitoring.password = fileContents ./monitoring/password.txt;
|
||||
|
||||
nextcloud.password = fileContents ./nextcloud/password.txt;
|
||||
|
||||
paperless = {
|
||||
password = fileContents ./paperless/password.txt;
|
||||
secretKey = fileContents ./paperless/secretKey.txt;
|
||||
};
|
||||
|
||||
podgrab.password = fileContents ./podgrab/password.txt;
|
||||
|
||||
sso = import ./sso { inherit lib; };
|
||||
|
||||
transmission.password = fileContents ./transmission/password.txt;
|
||||
|
||||
users = {
|
||||
ambroisie.hashedPassword = fileContents ./users/ambroisie/password.txt;
|
||||
root.hashedPassword = fileContents ./users/root/password.txt;
|
||||
};
|
||||
|
||||
wireguard = import ./wireguard { inherit lib; };
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
1
secrets/sso/.gitattributes
vendored
1
secrets/sso/.gitattributes
vendored
|
|
@ -1 +0,0 @@
|
|||
/default.nix filter diff
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
2
secrets/wireguard/.gitattributes
vendored
2
secrets/wireguard/.gitattributes
vendored
|
|
@ -1,2 +0,0 @@
|
|||
/default.nix filter diff
|
||||
public-key.txt filter diff
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Loading…
Add table
Add a link
Reference in a new issue