ghost: split secrets for server and local

This commit is contained in:
Leonardo Eugênio 2023-10-22 14:55:39 -03:00
parent 32b1771867
commit b00b4e322f
2 changed files with 17 additions and 14 deletions

View file

@ -3,7 +3,6 @@
"${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-image.nix" "${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-image.nix"
inputs.agenix.nixosModules.default inputs.agenix.nixosModules.default
../system/nix.nix ../system/nix.nix
../system/secrets.nix
]; ];
# Use more aggressive compression then the default. # Use more aggressive compression then the default.
@ -102,6 +101,22 @@
size = (1024 * 2); # 2 GB size = (1024 * 2); # 2 GB
}]; }];
age = {
identityPaths = [ "/root/.ssh/id_rsa" ];
secrets.ghost-nextcloud = {
file = ../secrets/ghost-nextcloud.age;
mode = "400";
owner = "nextcloud";
group = "nextcloud";
};
secrets.ghost-writefreely = {
file = ../secrets/ghost-writefreely.age;
mode = "400";
owner = "writefreely";
group = "writefreely";
};
};
system.stateVersion = "23.05"; # Never change this system.stateVersion = "23.05"; # Never change this
} }

View file

@ -1,6 +1,6 @@
{ pkgs, ... }: { { pkgs, ... }: {
age = { age = {
identityPaths = [ "/home/lelgenio/.ssh/id_rsa" "/root/.ssh/id_rsa" ]; identityPaths = [ "/home/lelgenio/.ssh/id_rsa" ];
secrets.lelgenio-cachix.file = ../secrets/lelgenio-cachix.age; secrets.lelgenio-cachix.file = ../secrets/lelgenio-cachix.age;
secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.file = secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.file =
../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age; ../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
@ -10,17 +10,5 @@
../secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age; ../secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
secrets.monolith-nix-serve-privkey.file = secrets.monolith-nix-serve-privkey.file =
../secrets/monolith-nix-serve-privkey.age; ../secrets/monolith-nix-serve-privkey.age;
secrets.ghost-nextcloud = {
file = ../secrets/ghost-nextcloud.age;
mode = "400";
owner = "nextcloud";
group = "nextcloud";
};
secrets.ghost-writefreely = {
file = ../secrets/ghost-writefreely.age;
mode = "400";
owner = "writefreely";
group = "writefreely";
};
}; };
} }