Reduce copy pasting of sops
This commit is contained in:
parent
f2c012e9c9
commit
df4d1abbdf
|
@ -27,8 +27,6 @@
|
|||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
"plume/env".owner = config.systemd.services.plume.serviceConfig.User;
|
||||
"restic/password".owner = "root";
|
||||
"restic/repositories/server8".owner = "root";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -22,8 +22,6 @@
|
|||
"buzzrelay/privKey".owner = config.services.buzzrelay.user;
|
||||
"buzzrelay/pubKey".owner = config.services.buzzrelay.user;
|
||||
"buzzrelay/redis/password".owner = config.services.buzzrelay.user;
|
||||
"restic/password".owner = "root";
|
||||
"restic/repositories/server8".owner = "root";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -29,8 +29,6 @@
|
|||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
"restic/password".owner = "root";
|
||||
"restic/repositories/server8".owner = "root";
|
||||
"redis/caveman/requirePass".mode = "0444";
|
||||
# Must be readable for DynamicUser caveman-sieve
|
||||
"caveman/sieve/privKey".mode = "0444";
|
||||
|
|
|
@ -91,8 +91,6 @@ in
|
|||
secrets = {
|
||||
"drone/runner/environmentFile".owner = "drone";
|
||||
"drone/server/environmentFile".owner = "drone";
|
||||
"restic/password".owner = "root";
|
||||
"restic/repositories/server8".owner = "root";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -142,8 +142,6 @@
|
|||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
"gitea/ldapSearchUserPassword".owner = "gitea";
|
||||
"restic/password".owner = "root";
|
||||
"restic/repositories/server8".owner = "root";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -86,8 +86,6 @@
|
|||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
"hedgedoc".owner = config.systemd.services.hedgedoc.serviceConfig.User;
|
||||
"restic/password".owner = "root";
|
||||
"restic/repositories/server8".owner = "root";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -308,8 +308,6 @@ in
|
|||
mode = "440";
|
||||
owner = config.users.users.hydra-queue-runner.name;
|
||||
};
|
||||
"restic/password".owner = "root";
|
||||
"restic/repositories/server8".owner = "root";
|
||||
"ssh-keys/hydra/private" = {
|
||||
owner = "hydra";
|
||||
path = "/var/lib/hydra/.ssh/id_ed25519";
|
||||
|
|
|
@ -238,8 +238,6 @@ in
|
|||
"acme/credentials-file" = { };
|
||||
"coturn/static-auth-secret".owner = "turnserver";
|
||||
"prosody/enviroment" = { };
|
||||
"restic/password" = { };
|
||||
"restic/repositories/server8" = { };
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -165,8 +165,6 @@
|
|||
"mastodon/secret-key".owner = "mastodon";
|
||||
"mastodon/vapid-private-key".owner = "mastodon";
|
||||
"mastodon/vapid-public-key".owner = "mastodon";
|
||||
"restic/password".owner = "root";
|
||||
"restic/repositories/server8".owner = "root";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -56,8 +56,6 @@
|
|||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
"nginx/basic-auth".owner = "nginx";
|
||||
"restic/password".owner = "root";
|
||||
"restic/repositories/server8".owner = "root";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -120,8 +120,6 @@
|
|||
"matterbridge/config".owner = "matterbridge";
|
||||
"matrix-synapse/config".owner = "matrix-synapse";
|
||||
"matrix-synapse/ldapSearchUserPassword".owner = "matrix-synapse";
|
||||
"restic/password".owner = "root";
|
||||
"restic/repositories/server8".owner = "root";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -218,8 +218,6 @@ in
|
|||
path = "/var/lib/mediawiki/secret.key";
|
||||
};
|
||||
"mediawiki/upgradeKey".owner = config.systemd.services.mediawiki-init.serviceConfig.User;
|
||||
"restic/password" = { };
|
||||
"restic/repositories/server8" = { };
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -99,8 +99,6 @@
|
|||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
"mobilizon/environment" = { };
|
||||
"restic/password".owner = "root";
|
||||
"restic/repositories/server8".owner = "root";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -54,13 +54,7 @@
|
|||
};
|
||||
};
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
"restic/password".owner = "root";
|
||||
"restic/repositories/server8".owner = "root";
|
||||
};
|
||||
};
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
|
||||
systemd.services.nginx.serviceConfig.ReadWritePaths = [
|
||||
config.services.owncast-archiver.targetDir
|
||||
|
|
|
@ -345,11 +345,5 @@
|
|||
};
|
||||
};
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
"restic/password".owner = "root";
|
||||
"restic/repositories/server8".owner = "root";
|
||||
};
|
||||
};
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
}
|
||||
|
|
|
@ -97,6 +97,10 @@ in
|
|||
path = "/root/.ssh/config";
|
||||
sopsFile = ./backup.yaml;
|
||||
};
|
||||
|
||||
# relies on defaultSopsFile
|
||||
"restic/password".owner = "root";
|
||||
"restic/repositories/server8".owner = "root";
|
||||
};
|
||||
|
||||
system.activationScripts.linkResticSSHConfigIntoVirtioFS = lib.mkIf cfg.enable ''
|
||||
|
|
Loading…
Reference in New Issue