secrets.nix

{
  config,
  inputs,
  lib,
  pkgs,
  ...
}:
with lib; {
  imports = [
    inputs.sops-nix.nixosModules.sops
  ];

  environment.systemPackages = with pkgs; [
    sops
  ];

  sops.defaultSopsFile = ./secrets.yaml;
  sops.defaultSopsFormat = "yaml";

  sops.secrets =
    concatMapAttrs (owner: secrets:
      listToAttrs (map (s: {
          name = s;
          value = optionalAttrs (owner != "") {inherit owner;};
        })
        secrets))
    {
      "" = [
        # Cloudflared
        "cloudflared/tunnel_env"
      ];

      # Anubis
      ${config.services.anubis.defaultOptions.user} = [
        "anubis/forgejo/hex_file"
        "anubis/medama/hex_file"
      ];

      # Forgejo
      ${config.services.forgejo.user} = [
        "forgejo/actions/token"
        "forgejo/git_password"
        "forgejo/s3/key"
        "forgejo/s3/secret"
      ];

      # Garage
      "garage" = [
        "garage/admin_key"
        "garage/admin_secret"
        "garage/admin_token"
        "garage/metrics_token"
        "garage/rpc_secret"
      ];


      # keikos.work
      ${config.services.keikos.web.user} = [
        "keiko/env_file"
      ];

      # Nextcloud
      ${config.services.phpfpm.pools.nextcloud.user} = [
        "nextcloud/adminpass"
        "nextcloud/s3/secret"
        "nextcloud/s3/sseC"
      ];

      # Users
      ${config.users.users."guz".name} = [
        "guz/password"
      ];
    };

  sops.age.keyFile = "/home/guz/.config/sops/age/keys.txt";
}
feat: initial commit, migrate main config from dot013/.nix 2024-06-15 18:29:36 -03:00			`{`
			`config,`
			`inputs,`
			`lib,`
			`pkgs,`
			`...`
refactor: remove lesser secrets 2025-09-13 11:29:15 -03:00			`}:`
			`with lib; {`
feat: initial commit, migrate main config from dot013/.nix 2024-06-15 18:29:36 -03:00			`imports = [`
			`inputs.sops-nix.nixosModules.sops`
			`];`

refactor: remove lesser secrets 2025-09-13 11:29:15 -03:00			`environment.systemPackages = with pkgs; [`
			`sops`
			`];`
feat: initial commit, migrate main config from dot013/.nix 2024-06-15 18:29:36 -03:00
refactor: remove lesser secrets 2025-09-13 11:29:15 -03:00			`sops.defaultSopsFile = ./secrets.yaml;`
			`sops.defaultSopsFormat = "yaml";`
feat: initial commit, migrate main config from dot013/.nix 2024-06-15 18:29:36 -03:00
refactor(secrets): make secrets casing and declaration consistent 2025-10-09 21:51:59 -03:00			`sops.secrets =`
			`concatMapAttrs (owner: secrets:`
			`listToAttrs (map (s: {`
			`name = s;`
			`value = optionalAttrs (owner != "") {inherit owner;};`
			`})`
			`secrets))`
			`{`
			`"" = [`
			`# Cloudflared`
			`"cloudflared/tunnel_env"`
			`];`
fix: missing envFile secret definition 2025-04-01 10:07:35 -03:00
refactor(secrets): make secrets casing and declaration consistent 2025-10-09 21:51:59 -03:00			`# Anubis`
			`${config.services.anubis.defaultOptions.user} = [`
			`"anubis/forgejo/hex_file"`
			`"anubis/medama/hex_file"`
			`];`
fix: set hex file for anubis instances 2025-04-05 17:22:44 -03:00
refactor(secrets): make secrets casing and declaration consistent 2025-10-09 21:51:59 -03:00			`# Forgejo`
			`${config.services.forgejo.user} = [`
			`"forgejo/actions/token"`
			`"forgejo/git_password"`
			`"forgejo/s3/key"`
			`"forgejo/s3/secret"`
			`];`
feat(common): setup garagehq for self hosted object storage (S3) 2025-09-16 16:16:35 -03:00
refactor(secrets): make secrets casing and declaration consistent 2025-10-09 21:51:59 -03:00			`# Garage`
			`"garage" = [`
			`"garage/admin_key"`
			`"garage/admin_secret"`
			`"garage/admin_token"`
			`"garage/metrics_token"`
			`"garage/rpc_secret"`
			`];`
feat: initial commit, migrate main config from dot013/.nix 2024-06-15 18:29:36 -03:00
feat: refactor network configuration and add TLS support 2024-10-03 16:24:14 -03:00
refactor(secrets): make secrets casing and declaration consistent 2025-10-09 21:51:59 -03:00			`# keikos.work`
			`${config.services.keikos.web.user} = [`
			`"keiko/env_file"`
			`];`
feat(abaduh): setup nextcloud instance 2025-09-16 16:18:06 -03:00
refactor(secrets): make secrets casing and declaration consistent 2025-10-09 21:51:59 -03:00			`# Nextcloud`
			`${config.services.phpfpm.pools.nextcloud.user} = [`
			`"nextcloud/adminpass"`
			`"nextcloud/s3/secret"`
			`"nextcloud/s3/sseC"`
			`];`
feat(abaduh): setup nextcloud instance 2025-09-16 16:18:06 -03:00
refactor(secrets): make secrets casing and declaration consistent 2025-10-09 21:51:59 -03:00			`# Users`
			`${config.users.users."guz".name} = [`
			`"guz/password"`
			`];`
refactor: remove lesser secrets 2025-09-13 11:29:15 -03:00			`};`

			`sops.age.keyFile = "/home/guz/.config/sops/age/keys.txt";`
feat: initial commit, migrate main config from dot013/.nix 2024-06-15 18:29:36 -03:00			`}`