Remove secrets repo
Finally
This commit is contained in:
parent
852a3150b2
commit
daf15aa5be
|
@ -372,6 +372,13 @@ creation_rules:
|
|||
- *radiobert
|
||||
- *polygon-snowflake
|
||||
|
||||
- path_regex: hosts/scrape/secrets\.yaml$
|
||||
key_groups:
|
||||
- pgp: *admins
|
||||
age:
|
||||
- *scrape
|
||||
- *polygon-snowflake
|
||||
|
||||
- path_regex: hosts/server8/secrets\.yaml$
|
||||
key_groups:
|
||||
- pgp: *admins
|
||||
|
|
16
flake.lock
16
flake.lock
|
@ -543,7 +543,6 @@
|
|||
"openwrt-imagebuilder": "openwrt-imagebuilder",
|
||||
"rust-overlay": "rust-overlay",
|
||||
"scrapers": "scrapers",
|
||||
"secrets": "secrets",
|
||||
"simple-nixos-mailserver": "simple-nixos-mailserver",
|
||||
"skyflake": "skyflake",
|
||||
"sops-nix": "sops-nix",
|
||||
|
@ -613,21 +612,6 @@
|
|||
"url": "https://gitea.c3d2.de/astro/scrapers.git"
|
||||
}
|
||||
},
|
||||
"secrets": {
|
||||
"locked": {
|
||||
"lastModified": 1713190267,
|
||||
"narHash": "sha256-JuK9t9ax6iNJka99MuEHBigggURtuOldIuO3wRIqrJI=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "3ebb2eed7868e62215a5d620ca903286850a8229",
|
||||
"revCount": 167,
|
||||
"type": "git",
|
||||
"url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"
|
||||
}
|
||||
},
|
||||
"simple-nixos-mailserver": {
|
||||
"inputs": {
|
||||
"blobs": "blobs",
|
||||
|
|
|
@ -165,8 +165,6 @@
|
|||
fenix.follows = "fenix";
|
||||
};
|
||||
};
|
||||
# deprecated
|
||||
secrets.url = "git+ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git";
|
||||
simple-nixos-mailserver = {
|
||||
# url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11";
|
||||
url = "gitlab:SuperSandro2000/nixos-mailserver/quote-ldap-password";
|
||||
|
@ -221,7 +219,7 @@
|
|||
};
|
||||
};
|
||||
|
||||
outputs = inputs@{ self, alert2muc, c3d2-user-module, deployment, disko, fenix, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-modules, buzzrelay, caveman, oparl-scraper, simple-nixos-mailserver, scrapers, secrets, skyflake, sshlogd, sops-nix, spacemsg, ticker, tigger, yammat, zentralwerk, ... }:
|
||||
outputs = inputs@{ self, alert2muc, c3d2-user-module, deployment, disko, fenix, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-modules, buzzrelay, caveman, oparl-scraper, simple-nixos-mailserver, scrapers, skyflake, sshlogd, sops-nix, spacemsg, ticker, tigger, yammat, zentralwerk, ... }:
|
||||
let
|
||||
inherit (nixos) lib;
|
||||
|
||||
|
@ -630,9 +628,6 @@
|
|||
./hosts/scrape
|
||||
{
|
||||
_module.args = { inherit scrapers; };
|
||||
|
||||
# TODO: migrate to sops
|
||||
nixpkgs.overlays = [ secrets.overlays.scrape ];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ pkgs, config, scrapers, ... }:
|
||||
{ lib, config, pkgs, scrapers, ... }:
|
||||
|
||||
let
|
||||
freifunkNodes = {
|
||||
|
@ -37,14 +37,29 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
"scrape/matemat/user".owner = config.users.users.scrape.name;
|
||||
"scrape/matemat/password".owner = config.users.users.scrape.name;
|
||||
"scrape/xeri/user".owner = config.users.users.scrape.name;
|
||||
"scrape/xeri/password".owner = config.users.users.scrape.name;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services = let
|
||||
serviceConfig = {
|
||||
User = config.users.users.scrape.name;
|
||||
Group = config.users.users.scrape.group;
|
||||
};
|
||||
scraperPkgs = import scrapers { inherit pkgs; };
|
||||
makeService = { script, host ? "", user ? "", password ? "" }: {
|
||||
script = "${scraperPkgs."${script}"}/bin/${script} ${host} ${user} ${password}";
|
||||
makeService = {
|
||||
script,
|
||||
host ? "",
|
||||
userFile ? "",
|
||||
passwordFile ? ""
|
||||
}: {
|
||||
script = "${lib.getExe scraperPkgs."${script}"} ${host} ${lib.optionalString (userFile != "") ''"$(cat ${userFile})"''} ${lib.optionalString (passwordFile != "") ''"$(cat ${passwordFile})"''}";
|
||||
inherit serviceConfig;
|
||||
};
|
||||
makeNodeScraper = nodeId: {
|
||||
|
@ -67,7 +82,8 @@ in {
|
|||
scrape-xeri = makeService {
|
||||
script = "xerox";
|
||||
host = "xeri.hq.c3d2.de";
|
||||
inherit (pkgs.scrape-xeri-login) user password;
|
||||
userFile = config.sops.secrets."scrape/xeri/user".path;
|
||||
passwordFile = config.sops.secrets."scrape/xeri/user".path;
|
||||
};
|
||||
scrape-roxi = makeService {
|
||||
script = "xerox";
|
||||
|
@ -76,7 +92,8 @@ in {
|
|||
scrape-matemat = makeService {
|
||||
script = "matemat";
|
||||
host = "matemat.hq.c3d2.de";
|
||||
inherit (pkgs.scrape-matemat-login) user password;
|
||||
userFile = config.sops.secrets."scrape/matemat/user".path;
|
||||
passwordFile = config.sops.secrets."scrape/matemat/user".path;
|
||||
};
|
||||
scrape-impfee = makeService {
|
||||
script = "impfee";
|
||||
|
|
Loading…
Reference in New Issue
Block a user