dot013/spacestation
1
0
Fork 0
Code Issues Pull Requests Activity
Files
master
spacestation/secrets.nix

92 lines
1.9 KiB
Nix
Raw Permalink Blame History

{
config,
inputs,
lib,
pkgs,
...
}:
with lib; {
imports = [
inputs.sops-nix.nixosModules.sops
];
environment.systemPackages = with pkgs; [
sops
];
sops.defaultSopsFile = ./secrets.yaml;
sops.defaultSopsFormat = "yaml";
sops.secrets =
concatMapAttrs (owner: secrets:
listToAttrs (map (s: {
name = s;
value = optionalAttrs (owner != "") {inherit owner;};
})
secrets))
{
"" = [
# Cloudflared
"cloudflared/tunnel_env"
];
# Anubis
${config.services.anubis.defaultOptions.user} = [
"anubis/gitea/hex_file"
"anubis/peertube/hex_file"
"anubis/medama/hex_file"
];
# Garage
"garage" = [
"garage/admin_key"
"garage/admin_secret"
"garage/admin_token"
"garage/metrics_token"
"garage/rpc_secret"
];
# Gitea
${config.services.gitea.user} = [
"gitea/actions/token"
"gitea/oauth2/jwt_secret"
"gitea/security/internal_token"
"gitea/security/secret_key"
"gitea/server/lfs_jwt_secret"
"gitea/storage/access_key_id"
"gitea/storage/secret_access_key"
];
# keikos.work
${config.services.keikos.web.user} = [
"keiko/env_file"
];
# Peertube
${config.services.peertube.user} = [
"peertube/database/password"
"peertube/environment"
"peertube/secretsFile"
];
# PostgreSQL
${config.users.users.postgres.name} = [
"postgresql/initialScript"
];
# Nextcloud
${config.services.phpfpm.pools.nextcloud.user} = [
"nextcloud/adminpass"
"nextcloud/s3/secret"
"nextcloud/s3/sseC"
];
# Users
${config.users.users."guz".name} = [
"guz/password"
];
};
sops.age.keyFile = "/home/guz/.config/sops/age/keys.txt";
}
Reference in New Issue View Git Blame Copy Permalink