feat: use separate repo for secrets.
This commit is contained in:
parent
7acedb3017
commit
992b689bbf
46 changed files with 121 additions and 365 deletions
|
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
options = {
|
||||
|
|
@ -10,16 +11,16 @@
|
|||
age = {
|
||||
secrets = {
|
||||
restic-local-pass = {
|
||||
file = ../../../secrets/restic-local-pass.age;
|
||||
file = "${inputs.secrets}/secrets/restic-local-pass.age";
|
||||
};
|
||||
restic-backblaze-pass = {
|
||||
file = ../../../secrets/restic-backblaze-pass.age;
|
||||
file = "${inputs.secrets}/secrets/restic-backblaze-pass.age";
|
||||
};
|
||||
restic-backblaze-repo = {
|
||||
file = ../../../secrets/restic-backblaze-repo.age;
|
||||
file = "${inputs.secrets}/secrets/restic-backblaze-repo.age";
|
||||
};
|
||||
restic-backblaze-env = {
|
||||
file = ../../../secrets/restic-backblaze-env.age;
|
||||
file = "${inputs.secrets}/secrets/restic-backblaze-env.age";
|
||||
};
|
||||
};
|
||||
identityPaths = ["/home/crony/.ssh/main" "/root/.ssh/id_ed25519"];
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}: let
|
||||
default_keys = map (e: e.path) (
|
||||
|
|
@ -14,16 +15,16 @@ in {
|
|||
age = {
|
||||
secrets = {
|
||||
wg-desktop = {
|
||||
file = ../../../secrets/wg-desktop.age;
|
||||
file = "${inputs.secrets}/secrets/wg-desktop.age";
|
||||
};
|
||||
wg-ymir-home = {
|
||||
file = ../../../secrets/wg-ymir-home.age;
|
||||
file = "${inputs.secrets}/secrets/wg-ymir-home.age";
|
||||
};
|
||||
crony-passwd = {
|
||||
file = ../../../secrets/crony-passwd-desktop.age;
|
||||
file = "${inputs.secrets}/secrets/crony-passwd-desktop.age";
|
||||
};
|
||||
root-passwd = {
|
||||
file = ../../../secrets/root-passwd.age;
|
||||
file = "${inputs.secrets}/secrets/root-passwd.age";
|
||||
};
|
||||
};
|
||||
identityPaths = ["/home/crony/.ssh/main" "/root/.ssh/id_ed25519"] ++ default_keys;
|
||||
|
|
|
|||
|
|
@ -1,27 +1,27 @@
|
|||
{
|
||||
{inputs, ...}: {
|
||||
age = {
|
||||
secrets = {
|
||||
traefik = {
|
||||
file = ../../../secrets/traefik.age;
|
||||
file = "${inputs.secrets}/secrets/traefik.age";
|
||||
owner = "traefik";
|
||||
};
|
||||
crony-passwd = {
|
||||
file = ../../../secrets/crony-passwd-servers.age;
|
||||
file = "${inputs.secrets}/secrets/crony-passwd-servers.age";
|
||||
};
|
||||
root-passwd = {
|
||||
file = ../../../secrets/root-passwd.age;
|
||||
file = "${inputs.secrets}/secrets/root-passwd.age";
|
||||
};
|
||||
restic-server-local-pass = {
|
||||
file = ../../../secrets/restic-server-local-pass.age;
|
||||
file = "${inputs.secrets}/secrets/restic-server-local-pass.age";
|
||||
};
|
||||
restic-server-pass = {
|
||||
file = ../../../secrets/restic-server-pass.age;
|
||||
file = "${inputs.secrets}/secrets/restic-server-pass.age";
|
||||
};
|
||||
restic-server-repo = {
|
||||
file = ../../../secrets/restic-server-repo.age;
|
||||
file = "${inputs.secrets}/secrets/restic-server-repo.age";
|
||||
};
|
||||
restic-server-env = {
|
||||
file = ../../../secrets/restic-server-env.age;
|
||||
file = "${inputs.secrets}/secrets/restic-server-env.age";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,14 +1,14 @@
|
|||
{
|
||||
{inputs, ...}: {
|
||||
age = {
|
||||
secrets = {
|
||||
rclone = {
|
||||
file = ../../../../secrets/rclone.age;
|
||||
file = "${inputs.secrets}/secrets/rclone.age";
|
||||
};
|
||||
navidrome = {
|
||||
file = ../../../../secrets/navidrome.age;
|
||||
file = "${inputs.secrets}/secrets/navidrome.age";
|
||||
};
|
||||
attic-env = {
|
||||
file = ../../../../secrets/attic-env.age;
|
||||
file = "${inputs.secrets}/secrets/attic-env.age";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
{
|
||||
{inputs, ...}: {
|
||||
age = {
|
||||
secrets = {
|
||||
forgejo-runner-token = {
|
||||
file = ../../../../secrets/forgejo-runner-token.age;
|
||||
file = "${inputs.secrets}/secrets/forgejo-runner-token.age";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
{
|
||||
{inputs, ...}: {
|
||||
age = {
|
||||
secrets = {
|
||||
wg-heimdall = {
|
||||
file = ../../../../secrets/wg-heimdall.age;
|
||||
file = "${inputs.secrets}/secrets/wg-heimdall.age";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
{
|
||||
{inputs, ...}: {
|
||||
age = {
|
||||
secrets = {
|
||||
searx = {
|
||||
file = ../../../../secrets/searx.age;
|
||||
file = "${inputs.secrets}/secrets/searx.age";
|
||||
};
|
||||
miniflux = {
|
||||
file = ../../../../secrets/miniflux.age;
|
||||
file = "${inputs.secrets}/secrets/miniflux.age";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,17 +1,17 @@
|
|||
{
|
||||
{inputs, ...}: {
|
||||
age = {
|
||||
secrets = {
|
||||
forgejo-db = {
|
||||
file = ../../../../secrets/forgejo-db.age;
|
||||
file = "${inputs.secrets}/secrets/forgejo-db.age";
|
||||
};
|
||||
plausible = {
|
||||
file = ../../../../secrets/plausible.age;
|
||||
file = "${inputs.secrets}/secrets/plausible.age";
|
||||
};
|
||||
conduit = {
|
||||
file = ../../../../secrets/conduit.age;
|
||||
file = "${inputs.secrets}/secrets/conduit.age";
|
||||
};
|
||||
lemmy-env = {
|
||||
file = ../../../../secrets/lemmy.env.age;
|
||||
file = "${inputs.secrets}/secrets/lemmy.env.age";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,55 +1,59 @@
|
|||
{config, ...}: {
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
age = {
|
||||
secrets = {
|
||||
wg-tyr = {
|
||||
file = ../../../../secrets/wg-tyr.age;
|
||||
file = "${inputs.secrets}/secrets/wg-tyr.age";
|
||||
};
|
||||
duckdns = {
|
||||
file = ../../../../secrets/duckdns.age;
|
||||
file = "${inputs.secrets}/secrets/duckdns.age";
|
||||
};
|
||||
restic-server-local-pass = {
|
||||
file = ../../../../secrets/restic-server-local-pass.age;
|
||||
file = "${inputs.secrets}/secrets/restic-server-local-pass.age";
|
||||
};
|
||||
restic-server-pass = {
|
||||
file = ../../../../secrets/restic-server-pass.age;
|
||||
file = "${inputs.secrets}/secrets/restic-server-pass.age";
|
||||
};
|
||||
restic-server-repo = {
|
||||
file = ../../../../secrets/restic-server-repo.age;
|
||||
file = "${inputs.secrets}/secrets/restic-server-repo.age";
|
||||
};
|
||||
restic-server-env = {
|
||||
file = ../../../../secrets/restic-server-env.age;
|
||||
file = "${inputs.secrets}/secrets/restic-server-env.age";
|
||||
};
|
||||
glance = {
|
||||
file = ../../../../secrets/glance.age;
|
||||
file = "${inputs.secrets}/secrets/glance.age";
|
||||
};
|
||||
traefik = {
|
||||
file = ../../../../secrets/traefik.age;
|
||||
file = "${inputs.secrets}/secrets/traefik.age";
|
||||
owner = "traefik";
|
||||
};
|
||||
ddns = {
|
||||
file = ../../../../secrets/ddns.age;
|
||||
file = "${inputs.secrets}/secrets/ddns.age";
|
||||
path = "/var/lib/ddns-updater/config.json";
|
||||
owner = "nobody";
|
||||
group = "nogroup";
|
||||
symlink = false;
|
||||
};
|
||||
linkwarden = {
|
||||
file = ../../../../secrets/linkwarden.age;
|
||||
file = "${inputs.secrets}/secrets/linkwarden.age";
|
||||
owner = config.services.linkwarden.user;
|
||||
};
|
||||
linkwarden-db = {
|
||||
file = ../../../../secrets/linkwarden.age;
|
||||
file = "${inputs.secrets}/secrets/linkwarden.age";
|
||||
};
|
||||
paperless-ngx = {
|
||||
file = ../../../../secrets/paperless-ngx.age;
|
||||
file = "${inputs.secrets}/secrets/paperless-ngx.age";
|
||||
};
|
||||
wg-wireproxy = {
|
||||
file = ../../../../secrets/wg-wireproxy.age;
|
||||
file = "${inputs.secrets}/secrets/wg-wireproxy.age";
|
||||
owner = "wireproxy";
|
||||
group = "wireproxy";
|
||||
};
|
||||
wireproxy = {
|
||||
file = ../../../../secrets/wireproxy.age;
|
||||
file = "${inputs.secrets}/secrets/wireproxy.age";
|
||||
path = "/etc/wireproxy/wireproxy.conf";
|
||||
owner = "wireproxy";
|
||||
group = "wireproxy";
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue