diff options
| author | Franck Cuny <franck@fcuny.net> | 2026-01-03 11:32:50 -0800 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2026-01-03 11:32:50 -0800 |
| commit | ed1268a6735d4339aad02fd560dd944167dcda3d (patch) | |
| tree | e2a9836d0fb8206298cbdcdaac0d8763eae7b2fd /machines | |
| parent | delete ollama (diff) | |
| download | infra-ed1268a6735d4339aad02fd560dd944167dcda3d.tar.gz | |
move secrets to the hosts instead of profiles
Diffstat (limited to '')
| -rw-r--r-- | machines/argonath.nix | 5 | ||||
| -rw-r--r-- | machines/bree.nix | 7 | ||||
| -rw-r--r-- | machines/rivendell.nix | 25 |
3 files changed, 33 insertions, 4 deletions
diff --git a/machines/argonath.nix b/machines/argonath.nix index 748ba78..cfefd46 100644 --- a/machines/argonath.nix +++ b/machines/argonath.nix @@ -17,7 +17,10 @@ wgPublicKey = "vTItDh9YPnA+8hL1kIK+7EHv0ol3qvhfAfz790miw1w="; - age.secrets.acme-cloudflare-env.file = ../secrets/acme-cloudflare-env.age; + age.secrets = { + wireguard.file = ../secrets/argonath/wireguard.age; + acme-cloudflare-env.file = ../secrets/acme-cloudflare-env.age; + }; system.stateVersion = "25.05"; # Did you read the comment? diff --git a/machines/bree.nix b/machines/bree.nix index f20d612..7fadda0 100644 --- a/machines/bree.nix +++ b/machines/bree.nix @@ -23,8 +23,11 @@ wgPublicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904="; - age.secrets.disk-unlock-key.file = ../secrets/bree/disk-unlock-key.age; - age.secrets.disk-passphrase.file = ../secrets/bree/disk-passphrase.age; + age.secrets = { + wireguard.file = ../secrets/bree/wireguard.age; + disk-unlock-key.file = ../secrets/bree/disk-unlock-key.age; + disk-passphrase.file = ../secrets/bree/disk-passphrase.age; + }; services.remoteDiskUnlock = { enable = true; diff --git a/machines/rivendell.nix b/machines/rivendell.nix index 99b03a5..d1b95aa 100644 --- a/machines/rivendell.nix +++ b/machines/rivendell.nix @@ -27,7 +27,30 @@ boot.kernelModules = [ "sg" ]; - age.secrets.rsync-ssh-key.file = ../secrets/rsync-ssh-nas.age; + age.secrets = { + wireguard.file = ../secrets/rivendell/wireguard.age; + restic-local-pw.file = ../secrets/restic-pw.age; + restic-nas-smb-config.file = ../secrets/restic-nas-smb-config.age; + grafana-oidc.file = ../secrets/grafana-oidc.age; + miniflux-oidc.file = ../secrets/miniflux-oidc.age; + rsync-ssh-key.file = ../secrets/rsync-ssh-nas.age; + authelia-storage-key = { + file = ../secrets/authelia-storage-key.age; + owner = "authelia-main"; + }; + authelia-jwt-key = { + file = ../secrets/authelia-jwt-key.age; + owner = "authelia-main"; + }; + authelia-users = { + file = ../secrets/authelia-users.yaml.age; + owner = "authelia-main"; + }; + authelia-jwks = { + file = ../secrets/authelia-jwks.age; + owner = "authelia-main"; + }; + }; networking.hostName = "rivendell"; networking.useDHCP = lib.mkDefault true; |