mirror of
https://github.com/JulienMalka/snowfield.git
synced 2025-07-01 23:27:18 +02:00
chore: move secrets to private repo
This commit is contained in:
parent
5c0182d087
commit
114abc4c0a
20 changed files with 37 additions and 33 deletions
|
|
@ -64,7 +64,7 @@
|
|||
services.backup.includes = [ "/var/lib/stalwart-mail/db" ];
|
||||
|
||||
age.secrets.stalwart-admin-hash = {
|
||||
file = ../../secrets/stalwart-admin.age;
|
||||
file = ../../private/secrets/stalwart-admin.age;
|
||||
path = "/var/lib/stalwart-mail/admin-hash";
|
||||
owner = "stalwart-mail";
|
||||
group = "stalwart-mail";
|
||||
|
|
|
|||
|
|
@ -36,17 +36,17 @@ in
|
|||
environmentFile = config.age.secrets."garage-env-file".path;
|
||||
};
|
||||
|
||||
age.secrets."garage-env-file".file = ../../secrets/garage-env-file.age;
|
||||
age.secrets."garage-env-file".file = ../../private/secrets/garage-env-file.age;
|
||||
age.secrets."book-auth" = {
|
||||
file = ../../secrets/book-auth.age;
|
||||
file = ../../private/secrets/book-auth.age;
|
||||
owner = "nginx";
|
||||
};
|
||||
age.secrets."notes-phd-auth" = {
|
||||
file = ../../secrets/notes-phd-auth.age;
|
||||
file = ../../private/secrets/notes-phd-auth.age;
|
||||
owner = "nginx";
|
||||
};
|
||||
age.secrets."notes-perso-auth" = {
|
||||
file = ../../secrets/notes-perso-auth.age;
|
||||
file = ../../private/secrets/notes-perso-auth.age;
|
||||
owner = "nginx";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -90,7 +90,7 @@
|
|||
};
|
||||
};
|
||||
|
||||
age.secrets.keycloak-db.file = ../../secrets/keycloak-db.age;
|
||||
age.secrets.keycloak-db.file = ../../private/secrets/keycloak-db.age;
|
||||
|
||||
services.openssh.extraConfig = ''
|
||||
HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
{
|
||||
|
||||
age.secrets."artiflakery-auth" = {
|
||||
file = ../../secrets/artiflakery-auth.age;
|
||||
file = ../../private/secrets/artiflakery-auth.age;
|
||||
owner = "artiflakery";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -5,13 +5,13 @@
|
|||
environment.systemPackages = [ config.services.nextcloud.occ ];
|
||||
|
||||
age.secrets."nextcloud-admin-password" = {
|
||||
file = ../../secrets/nextcloud-admin-password.age;
|
||||
file = ../../private/secrets/nextcloud-admin-password.age;
|
||||
owner = "nextcloud";
|
||||
group = "nextcloud";
|
||||
};
|
||||
|
||||
age.secrets."nextcloud-s3-token" = {
|
||||
file = ../../secrets/nextcloud-s3-token.age;
|
||||
file = ../../private/secrets/nextcloud-s3-token.age;
|
||||
owner = "nextcloud";
|
||||
group = "nextcloud";
|
||||
};
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ let
|
|||
allowedUpstream = "2a01:e0a:de4:a0e1:4bb5:9275:6010:e9b5/128";
|
||||
in
|
||||
{
|
||||
age.secrets."pages-settings-file".file = ../../secrets/pages-settings-file.age;
|
||||
age.secrets."pages-settings-file".file = ../../private/secrets/pages-settings-file.age;
|
||||
|
||||
services.codeberg-pages = {
|
||||
enable = true;
|
||||
|
|
@ -97,7 +97,7 @@ in
|
|||
];
|
||||
|
||||
# Listen to ipv6 packets coming from the internet, check the SNI
|
||||
# If they are one of the declared virtualHosts, forward them to the proxy protocol listener
|
||||
# If they are one of the declared virtualHosts, forward them to the proxy protocol listener
|
||||
# for that virtualHost, else forward them to the page server
|
||||
streamConfig = ''
|
||||
map $ssl_preread_server_name $sni_upstream {
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@
|
|||
};
|
||||
|
||||
age.secrets = {
|
||||
plausible-admin-password.file = ../../secrets/plausible-password.age;
|
||||
plausible-secret-key-base.file = ../../secrets/plausible-keybase-secret.age;
|
||||
plausible-admin-password.file = ../../private/secrets/plausible-password.age;
|
||||
plausible-secret-key-base.file = ../../private/secrets/plausible-keybase-secret.age;
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
|
||||
age.secrets."readeck-config".file = ../../secrets/readeck-config.age;
|
||||
age.secrets."readeck-config".file = ../../private/secrets/readeck-config.age;
|
||||
|
||||
services.nginx.virtualHosts."read.luj" = {
|
||||
forceSSL = true;
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ in
|
|||
};
|
||||
|
||||
age.secrets."stateless-uptime-kuma-password".file =
|
||||
../../secrets/stateless-uptime-kuma-password.age;
|
||||
../../private/secrets/stateless-uptime-kuma-password.age;
|
||||
nixpkgs.overlays = [
|
||||
(import "${inputs.stateless-uptime-kuma}/overlay.nix")
|
||||
];
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
age.secrets.forgejo_runners-token_file.file = ../../secrets/forgejo_runners-token_file.age;
|
||||
age.secrets.forgejo_runners-token_file.file = ../../private/secrets/forgejo_runners-token_file.age;
|
||||
nix.settings.allowed-users = [ "gitea-runner" ];
|
||||
nix.settings.trusted-users = [ "gitea-runner" ];
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue