Reduce copy pasting of sops
This commit is contained in:
parent
f2c012e9c9
commit
df4d1abbdf
|
@ -27,8 +27,6 @@
|
||||||
defaultSopsFile = ./secrets.yaml;
|
defaultSopsFile = ./secrets.yaml;
|
||||||
secrets = {
|
secrets = {
|
||||||
"plume/env".owner = config.systemd.services.plume.serviceConfig.User;
|
"plume/env".owner = config.systemd.services.plume.serviceConfig.User;
|
||||||
"restic/password".owner = "root";
|
|
||||||
"restic/repositories/server8".owner = "root";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -22,8 +22,6 @@
|
||||||
"buzzrelay/privKey".owner = config.services.buzzrelay.user;
|
"buzzrelay/privKey".owner = config.services.buzzrelay.user;
|
||||||
"buzzrelay/pubKey".owner = config.services.buzzrelay.user;
|
"buzzrelay/pubKey".owner = config.services.buzzrelay.user;
|
||||||
"buzzrelay/redis/password".owner = config.services.buzzrelay.user;
|
"buzzrelay/redis/password".owner = config.services.buzzrelay.user;
|
||||||
"restic/password".owner = "root";
|
|
||||||
"restic/repositories/server8".owner = "root";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -29,8 +29,6 @@
|
||||||
sops = {
|
sops = {
|
||||||
defaultSopsFile = ./secrets.yaml;
|
defaultSopsFile = ./secrets.yaml;
|
||||||
secrets = {
|
secrets = {
|
||||||
"restic/password".owner = "root";
|
|
||||||
"restic/repositories/server8".owner = "root";
|
|
||||||
"redis/caveman/requirePass".mode = "0444";
|
"redis/caveman/requirePass".mode = "0444";
|
||||||
# Must be readable for DynamicUser caveman-sieve
|
# Must be readable for DynamicUser caveman-sieve
|
||||||
"caveman/sieve/privKey".mode = "0444";
|
"caveman/sieve/privKey".mode = "0444";
|
||||||
|
|
|
@ -91,8 +91,6 @@ in
|
||||||
secrets = {
|
secrets = {
|
||||||
"drone/runner/environmentFile".owner = "drone";
|
"drone/runner/environmentFile".owner = "drone";
|
||||||
"drone/server/environmentFile".owner = "drone";
|
"drone/server/environmentFile".owner = "drone";
|
||||||
"restic/password".owner = "root";
|
|
||||||
"restic/repositories/server8".owner = "root";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -142,8 +142,6 @@
|
||||||
defaultSopsFile = ./secrets.yaml;
|
defaultSopsFile = ./secrets.yaml;
|
||||||
secrets = {
|
secrets = {
|
||||||
"gitea/ldapSearchUserPassword".owner = "gitea";
|
"gitea/ldapSearchUserPassword".owner = "gitea";
|
||||||
"restic/password".owner = "root";
|
|
||||||
"restic/repositories/server8".owner = "root";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -86,8 +86,6 @@
|
||||||
defaultSopsFile = ./secrets.yaml;
|
defaultSopsFile = ./secrets.yaml;
|
||||||
secrets = {
|
secrets = {
|
||||||
"hedgedoc".owner = config.systemd.services.hedgedoc.serviceConfig.User;
|
"hedgedoc".owner = config.systemd.services.hedgedoc.serviceConfig.User;
|
||||||
"restic/password".owner = "root";
|
|
||||||
"restic/repositories/server8".owner = "root";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -308,8 +308,6 @@ in
|
||||||
mode = "440";
|
mode = "440";
|
||||||
owner = config.users.users.hydra-queue-runner.name;
|
owner = config.users.users.hydra-queue-runner.name;
|
||||||
};
|
};
|
||||||
"restic/password".owner = "root";
|
|
||||||
"restic/repositories/server8".owner = "root";
|
|
||||||
"ssh-keys/hydra/private" = {
|
"ssh-keys/hydra/private" = {
|
||||||
owner = "hydra";
|
owner = "hydra";
|
||||||
path = "/var/lib/hydra/.ssh/id_ed25519";
|
path = "/var/lib/hydra/.ssh/id_ed25519";
|
||||||
|
|
|
@ -238,8 +238,6 @@ in
|
||||||
"acme/credentials-file" = { };
|
"acme/credentials-file" = { };
|
||||||
"coturn/static-auth-secret".owner = "turnserver";
|
"coturn/static-auth-secret".owner = "turnserver";
|
||||||
"prosody/enviroment" = { };
|
"prosody/enviroment" = { };
|
||||||
"restic/password" = { };
|
|
||||||
"restic/repositories/server8" = { };
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -165,8 +165,6 @@
|
||||||
"mastodon/secret-key".owner = "mastodon";
|
"mastodon/secret-key".owner = "mastodon";
|
||||||
"mastodon/vapid-private-key".owner = "mastodon";
|
"mastodon/vapid-private-key".owner = "mastodon";
|
||||||
"mastodon/vapid-public-key".owner = "mastodon";
|
"mastodon/vapid-public-key".owner = "mastodon";
|
||||||
"restic/password".owner = "root";
|
|
||||||
"restic/repositories/server8".owner = "root";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -56,8 +56,6 @@
|
||||||
defaultSopsFile = ./secrets.yaml;
|
defaultSopsFile = ./secrets.yaml;
|
||||||
secrets = {
|
secrets = {
|
||||||
"nginx/basic-auth".owner = "nginx";
|
"nginx/basic-auth".owner = "nginx";
|
||||||
"restic/password".owner = "root";
|
|
||||||
"restic/repositories/server8".owner = "root";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -120,8 +120,6 @@
|
||||||
"matterbridge/config".owner = "matterbridge";
|
"matterbridge/config".owner = "matterbridge";
|
||||||
"matrix-synapse/config".owner = "matrix-synapse";
|
"matrix-synapse/config".owner = "matrix-synapse";
|
||||||
"matrix-synapse/ldapSearchUserPassword".owner = "matrix-synapse";
|
"matrix-synapse/ldapSearchUserPassword".owner = "matrix-synapse";
|
||||||
"restic/password".owner = "root";
|
|
||||||
"restic/repositories/server8".owner = "root";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -218,8 +218,6 @@ in
|
||||||
path = "/var/lib/mediawiki/secret.key";
|
path = "/var/lib/mediawiki/secret.key";
|
||||||
};
|
};
|
||||||
"mediawiki/upgradeKey".owner = config.systemd.services.mediawiki-init.serviceConfig.User;
|
"mediawiki/upgradeKey".owner = config.systemd.services.mediawiki-init.serviceConfig.User;
|
||||||
"restic/password" = { };
|
|
||||||
"restic/repositories/server8" = { };
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -99,8 +99,6 @@
|
||||||
defaultSopsFile = ./secrets.yaml;
|
defaultSopsFile = ./secrets.yaml;
|
||||||
secrets = {
|
secrets = {
|
||||||
"mobilizon/environment" = { };
|
"mobilizon/environment" = { };
|
||||||
"restic/password".owner = "root";
|
|
||||||
"restic/repositories/server8".owner = "root";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -54,13 +54,7 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
sops = {
|
sops.defaultSopsFile = ./secrets.yaml;
|
||||||
defaultSopsFile = ./secrets.yaml;
|
|
||||||
secrets = {
|
|
||||||
"restic/password".owner = "root";
|
|
||||||
"restic/repositories/server8".owner = "root";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.nginx.serviceConfig.ReadWritePaths = [
|
systemd.services.nginx.serviceConfig.ReadWritePaths = [
|
||||||
config.services.owncast-archiver.targetDir
|
config.services.owncast-archiver.targetDir
|
||||||
|
|
|
@ -345,11 +345,5 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
sops = {
|
sops.defaultSopsFile = ./secrets.yaml;
|
||||||
defaultSopsFile = ./secrets.yaml;
|
|
||||||
secrets = {
|
|
||||||
"restic/password".owner = "root";
|
|
||||||
"restic/repositories/server8".owner = "root";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -97,6 +97,10 @@ in
|
||||||
path = "/root/.ssh/config";
|
path = "/root/.ssh/config";
|
||||||
sopsFile = ./backup.yaml;
|
sopsFile = ./backup.yaml;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# relies on defaultSopsFile
|
||||||
|
"restic/password".owner = "root";
|
||||||
|
"restic/repositories/server8".owner = "root";
|
||||||
};
|
};
|
||||||
|
|
||||||
system.activationScripts.linkResticSSHConfigIntoVirtioFS = lib.mkIf cfg.enable ''
|
system.activationScripts.linkResticSSHConfigIntoVirtioFS = lib.mkIf cfg.enable ''
|
||||||
|
|
Loading…
Reference in New Issue
Block a user