luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-07-01 23:27:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: move secrets to private repo

Browse source
This commit is contained in:
Luj 2025-06-18 13:57:51 +02:00
parent 5c0182d087
commit 114abc4c0a
20 changed files with 37 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/backup/default.nix
View file

@ -72,12 +72,12 @@ in
config = lib.mkIf (cfg.includes != [ ]) {
age.secrets."borg-ssh-key" = {
file = ../../secrets/borg-ssh-priv.age;
file = ../../private/secrets/borg-ssh-priv.age;
owner = "root";
mode = "0600";
};
age.secrets."borg-encryption-secret".file = ../../secrets/borg-encryption-secret.age;
age.secrets."borg-encryption-secret".file = ../../private/secrets/borg-encryption-secret.age;
programs.ssh.knownHosts."${if port != 22 then "[${host}]:${port}" else host}" = {
publicKey = "${hostPublicKey}";

10
modules/buildbot/default.nix
View file

@ -55,12 +55,12 @@ in
};
age.secrets = {
github-token.file = ../../secrets/github-token-secret.age;
github-webhook-secret.file = ../../secrets/github-webhook-secret.age;
github-oauth-secret.file = ../../secrets/github-oauth-secret.age;
buildbot-nix-workers.file = ../../secrets/buildbot-nix-workers.age;
github-token.file = ../../private/secrets/github-token-secret.age;
github-webhook-secret.file = ../../private/secrets/github-webhook-secret.age;
github-oauth-secret.file = ../../private/secrets/github-oauth-secret.age;
buildbot-nix-workers.file = ../../private/secrets/buildbot-nix-workers.age;
buildbot-nix-worker-password = {
file = ../../secrets/buildbot-nix-worker-password.age;
file = ../../private/secrets/buildbot-nix-worker-password.age;
owner = "buildbot-worker";
};
};

2
modules/deluge/default.nix
View file

@ -35,7 +35,7 @@ in
age.secrets.deluge-webui-password = {
owner = cfg.user;
file = ../../secrets/deluge-webui-password.age;
file = ../../private/secrets/deluge-webui-password.age;
};
services.deluge = {

4
modules/nginx/default.nix
View file

@ -147,7 +147,7 @@ in
security.acme.acceptTerms = true;
age.secrets.nginx-cert = {
file = ../../secrets/404-ssl-certificate-cert.age;
file = ../../private/secrets/404-ssl-certificate-cert.age;
path = "/var/lib/acme/default/cert.pem";
owner = "acme";
group = "nginx";
@ -156,7 +156,7 @@ in
};
age.secrets.nginx-key = {
file = ../../secrets/404-ssl-certificate-key.age;
file = ../../private/secrets/404-ssl-certificate-key.age;
path = "/var/lib/acme/default/key.pem";
owner = "acme";
group = "nginx";

2
modules/secrets/default.nix
View file

@ -11,7 +11,7 @@ with lib;
config = mkIf cfg.enable {
age.secrets.git-gpg-private-key = {
file = ../../secrets/git-gpg-private-key.age;
file = ../../private/secrets/git-gpg-private-key.age;
owner = "julien";
mode = "0440";
group = config.users.groups.keys.name;