aboutsummaryrefslogtreecommitdiff
path: root/profiles
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2026-01-03 11:32:50 -0800
committerFranck Cuny <franck@fcuny.net>2026-01-03 11:32:50 -0800
commited1268a6735d4339aad02fd560dd944167dcda3d (patch)
treee2a9836d0fb8206298cbdcdaac0d8763eae7b2fd /profiles
parentdelete ollama (diff)
downloadinfra-ed1268a6735d4339aad02fd560dd944167dcda3d.tar.gz
move secrets to the hosts instead of profiles
Diffstat (limited to 'profiles')
-rw-r--r--profiles/authelia.nix19
-rw-r--r--profiles/miniflux.nix2
-rw-r--r--profiles/monitoring.nix3
-rw-r--r--profiles/restic-backup.nix5
-rw-r--r--profiles/wireguard.nix2
5 files changed, 0 insertions, 31 deletions
diff --git a/profiles/authelia.nix b/profiles/authelia.nix
index b5d2c94..4a80591 100644
--- a/profiles/authelia.nix
+++ b/profiles/authelia.nix
@@ -1,24 +1,5 @@
{ config, ... }:
{
- age.secrets = {
- authelia-storage-key = {
- file = ../secrets/authelia-storage-key.age;
- owner = "authelia-main";
- };
- authelia-jwt-key = {
- file = ../secrets/authelia-jwt-key.age;
- owner = "authelia-main";
- };
- authelia-users = {
- file = ../secrets/authelia-users.yaml.age;
- owner = "authelia-main";
- };
- authelia-jwks = {
- file = ../secrets/authelia-jwks.age;
- owner = "authelia-main";
- };
- };
-
services.authelia.instances.main = {
enable = true;
secrets.jwtSecretFile = config.age.secrets."authelia-jwt-key".path;
diff --git a/profiles/miniflux.nix b/profiles/miniflux.nix
index 7cc465b..94f86d6 100644
--- a/profiles/miniflux.nix
+++ b/profiles/miniflux.nix
@@ -4,8 +4,6 @@ let
port = 8002;
in
{
- age.secrets.miniflux-oidc.file = ../secrets/miniflux-oidc.age;
-
services.miniflux = {
enable = true;
config = {
diff --git a/profiles/monitoring.nix b/profiles/monitoring.nix
index 7c62b9e..bc33c11 100644
--- a/profiles/monitoring.nix
+++ b/profiles/monitoring.nix
@@ -1,8 +1,5 @@
{ config, ... }:
{
-
- age.secrets.grafana-oidc.file = ../secrets/grafana-oidc.age;
-
services.victoriametrics.enable = true;
services.grafana.enable = true;
diff --git a/profiles/restic-backup.nix b/profiles/restic-backup.nix
index 976bbcf..a50e5a3 100644
--- a/profiles/restic-backup.nix
+++ b/profiles/restic-backup.nix
@@ -1,10 +1,5 @@
{ config, pkgs, ... }:
{
- age.secrets = {
- restic-local-pw.file = ../secrets/restic-pw.age;
- restic-nas-smb-config.file = ../secrets/restic-nas-smb-config.age;
- };
-
environment.systemPackages = with pkgs; [
rclone
restic
diff --git a/profiles/wireguard.nix b/profiles/wireguard.nix
index 9c9b134..76586ba 100644
--- a/profiles/wireguard.nix
+++ b/profiles/wireguard.nix
@@ -46,8 +46,6 @@ let
in
{
- age.secrets.wireguard.file = ../secrets/${currentHostname}/wireguard.age;
-
networking.wireguard = {
enable = true;
interfaces.wg0 = {
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-20 11:07:08 +0000