c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Reduce copy pasting of sops

This commit is contained in:
Sandro - 2023-11-11 04:34:05 +01:00
parent f2c012e9c9
commit df4d1abbdf
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
16 changed files with 6 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/blogs/default.nix
View File

@ -27,8 +27,6 @@
defaultSopsFile = ./secrets.yaml;
secrets = {
"plume/env".owner = config.systemd.services.plume.serviceConfig.User;
"restic/password".owner = "root";
"restic/repositories/server8".owner = "root";
};
};

2
hosts/buzzrelay/default.nix
View File

@ -22,8 +22,6 @@
"buzzrelay/privKey".owner = config.services.buzzrelay.user;
"buzzrelay/pubKey".owner = config.services.buzzrelay.user;
"buzzrelay/redis/password".owner = config.services.buzzrelay.user;
"restic/password".owner = "root";
"restic/repositories/server8".owner = "root";
};
};

2
hosts/caveman/default.nix
View File

@ -29,8 +29,6 @@
sops = {
defaultSopsFile = ./secrets.yaml;
secrets = {
"restic/password".owner = "root";
"restic/repositories/server8".owner = "root";
"redis/caveman/requirePass".mode = "0444";
# Must be readable for DynamicUser caveman-sieve
"caveman/sieve/privKey".mode = "0444";

2
hosts/drone/default.nix
View File

@ -91,8 +91,6 @@ in
secrets = {
"drone/runner/environmentFile".owner = "drone";
"drone/server/environmentFile".owner = "drone";
"restic/password".owner = "root";
"restic/repositories/server8".owner = "root";
};
};

2
hosts/gitea/default.nix
View File

@ -142,8 +142,6 @@
defaultSopsFile = ./secrets.yaml;
secrets = {
"gitea/ldapSearchUserPassword".owner = "gitea";
"restic/password".owner = "root";
"restic/repositories/server8".owner = "root";
};
};

2
hosts/hedgedoc/default.nix
View File

@ -86,8 +86,6 @@
defaultSopsFile = ./secrets.yaml;
secrets = {
"hedgedoc".owner = config.systemd.services.hedgedoc.serviceConfig.User;
"restic/password".owner = "root";
"restic/repositories/server8".owner = "root";
};
};

2
hosts/hydra/default.nix
View File

@ -308,8 +308,6 @@ in
mode = "440";
owner = config.users.users.hydra-queue-runner.name;
};
"restic/password".owner = "root";
"restic/repositories/server8".owner = "root";
"ssh-keys/hydra/private" = {
owner = "hydra";
path = "/var/lib/hydra/.ssh/id_ed25519";

2
hosts/jabber/default.nix
View File

@ -238,8 +238,6 @@ in
"acme/credentials-file" = { };
"coturn/static-auth-secret".owner = "turnserver";
"prosody/enviroment" = { };
"restic/password" = { };
"restic/repositories/server8" = { };
};
};

2
hosts/mastodon/default.nix
View File

@ -165,8 +165,6 @@
"mastodon/secret-key".owner = "mastodon";
"mastodon/vapid-private-key".owner = "mastodon";
"mastodon/vapid-public-key".owner = "mastodon";
"restic/password".owner = "root";
"restic/repositories/server8".owner = "root";
};
};

2
hosts/matemat/default.nix
View File

@ -56,8 +56,6 @@
defaultSopsFile = ./secrets.yaml;
secrets = {
"nginx/basic-auth".owner = "nginx";
"restic/password".owner = "root";
"restic/repositories/server8".owner = "root";
};
};

2
hosts/matrix/default.nix
View File

@ -120,8 +120,6 @@
"matterbridge/config".owner = "matterbridge";
"matrix-synapse/config".owner = "matrix-synapse";
"matrix-synapse/ldapSearchUserPassword".owner = "matrix-synapse";
"restic/password".owner = "root";
"restic/repositories/server8".owner = "root";
};
};

2
hosts/mediawiki/default.nix
View File

@ -218,8 +218,6 @@ in
path = "/var/lib/mediawiki/secret.key";
};
"mediawiki/upgradeKey".owner = config.systemd.services.mediawiki-init.serviceConfig.User;
"restic/password" = { };
"restic/repositories/server8" = { };
};
};

2
hosts/mobilizon/default.nix
View File

@ -99,8 +99,6 @@
defaultSopsFile = ./secrets.yaml;
secrets = {
"mobilizon/environment" = { };
"restic/password".owner = "root";
"restic/repositories/server8".owner = "root";
};
};

8
hosts/owncast/default.nix
View File

@ -54,13 +54,7 @@
};
};
sops = {
defaultSopsFile = ./secrets.yaml;
secrets = {
"restic/password".owner = "root";
"restic/repositories/server8".owner = "root";
};
};
sops.defaultSopsFile = ./secrets.yaml;
systemd.services.nginx.serviceConfig.ReadWritePaths = [
config.services.owncast-archiver.targetDir

8
hosts/ticker/default.nix
View File

@ -345,11 +345,5 @@
};
};
sops = {
defaultSopsFile = ./secrets.yaml;
secrets = {
"restic/password".owner = "root";
"restic/repositories/server8".owner = "root";
};
};
sops.defaultSopsFile = ./secrets.yaml;
}

4
modules/backup.nix
View File

@ -97,6 +97,10 @@ in
path = "/root/.ssh/config";
sopsFile = ./backup.yaml;
};
# relies on defaultSopsFile
"restic/password".owner = "root";
"restic/repositories/server8".owner = "root";
};
system.activationScripts.linkResticSSHConfigIntoVirtioFS = lib.mkIf cfg.enable ''