diff options
Diffstat (limited to '')
| -rw-r--r-- | machines/argonath.nix | 5 | ||||
| -rw-r--r-- | machines/bree.nix | 7 | ||||
| -rw-r--r-- | machines/rivendell.nix | 25 | ||||
| -rw-r--r-- | profiles/authelia.nix | 19 | ||||
| -rw-r--r-- | profiles/miniflux.nix | 2 | ||||
| -rw-r--r-- | profiles/monitoring.nix | 3 | ||||
| -rw-r--r-- | profiles/restic-backup.nix | 5 | ||||
| -rw-r--r-- | profiles/wireguard.nix | 2 |
8 files changed, 33 insertions, 35 deletions
diff --git a/machines/argonath.nix b/machines/argonath.nix index 748ba78..cfefd46 100644 --- a/machines/argonath.nix +++ b/machines/argonath.nix @@ -17,7 +17,10 @@ wgPublicKey = "vTItDh9YPnA+8hL1kIK+7EHv0ol3qvhfAfz790miw1w="; - age.secrets.acme-cloudflare-env.file = ../secrets/acme-cloudflare-env.age; + age.secrets = { + wireguard.file = ../secrets/argonath/wireguard.age; + acme-cloudflare-env.file = ../secrets/acme-cloudflare-env.age; + }; system.stateVersion = "25.05"; # Did you read the comment? diff --git a/machines/bree.nix b/machines/bree.nix index f20d612..7fadda0 100644 --- a/machines/bree.nix +++ b/machines/bree.nix @@ -23,8 +23,11 @@ wgPublicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904="; - age.secrets.disk-unlock-key.file = ../secrets/bree/disk-unlock-key.age; - age.secrets.disk-passphrase.file = ../secrets/bree/disk-passphrase.age; + age.secrets = { + wireguard.file = ../secrets/bree/wireguard.age; + disk-unlock-key.file = ../secrets/bree/disk-unlock-key.age; + disk-passphrase.file = ../secrets/bree/disk-passphrase.age; + }; services.remoteDiskUnlock = { enable = true; diff --git a/machines/rivendell.nix b/machines/rivendell.nix index 99b03a5..d1b95aa 100644 --- a/machines/rivendell.nix +++ b/machines/rivendell.nix @@ -27,7 +27,30 @@ boot.kernelModules = [ "sg" ]; - age.secrets.rsync-ssh-key.file = ../secrets/rsync-ssh-nas.age; + age.secrets = { + wireguard.file = ../secrets/rivendell/wireguard.age; + restic-local-pw.file = ../secrets/restic-pw.age; + restic-nas-smb-config.file = ../secrets/restic-nas-smb-config.age; + grafana-oidc.file = ../secrets/grafana-oidc.age; + miniflux-oidc.file = ../secrets/miniflux-oidc.age; + rsync-ssh-key.file = ../secrets/rsync-ssh-nas.age; + authelia-storage-key = { + file = ../secrets/authelia-storage-key.age; + owner = "authelia-main"; + }; + authelia-jwt-key = { + file = ../secrets/authelia-jwt-key.age; + owner = "authelia-main"; + }; + authelia-users = { + file = ../secrets/authelia-users.yaml.age; + owner = "authelia-main"; + }; + authelia-jwks = { + file = ../secrets/authelia-jwks.age; + owner = "authelia-main"; + }; + }; networking.hostName = "rivendell"; networking.useDHCP = lib.mkDefault true; diff --git a/profiles/authelia.nix b/profiles/authelia.nix index b5d2c94..4a80591 100644 --- a/profiles/authelia.nix +++ b/profiles/authelia.nix @@ -1,24 +1,5 @@ { config, ... }: { - age.secrets = { - authelia-storage-key = { - file = ../secrets/authelia-storage-key.age; - owner = "authelia-main"; - }; - authelia-jwt-key = { - file = ../secrets/authelia-jwt-key.age; - owner = "authelia-main"; - }; - authelia-users = { - file = ../secrets/authelia-users.yaml.age; - owner = "authelia-main"; - }; - authelia-jwks = { - file = ../secrets/authelia-jwks.age; - owner = "authelia-main"; - }; - }; - services.authelia.instances.main = { enable = true; secrets.jwtSecretFile = config.age.secrets."authelia-jwt-key".path; diff --git a/profiles/miniflux.nix b/profiles/miniflux.nix index 7cc465b..94f86d6 100644 --- a/profiles/miniflux.nix +++ b/profiles/miniflux.nix @@ -4,8 +4,6 @@ let port = 8002; in { - age.secrets.miniflux-oidc.file = ../secrets/miniflux-oidc.age; - services.miniflux = { enable = true; config = { diff --git a/profiles/monitoring.nix b/profiles/monitoring.nix index 7c62b9e..bc33c11 100644 --- a/profiles/monitoring.nix +++ b/profiles/monitoring.nix @@ -1,8 +1,5 @@ { config, ... }: { - - age.secrets.grafana-oidc.file = ../secrets/grafana-oidc.age; - services.victoriametrics.enable = true; services.grafana.enable = true; diff --git a/profiles/restic-backup.nix b/profiles/restic-backup.nix index 976bbcf..a50e5a3 100644 --- a/profiles/restic-backup.nix +++ b/profiles/restic-backup.nix @@ -1,10 +1,5 @@ { config, pkgs, ... }: { - age.secrets = { - restic-local-pw.file = ../secrets/restic-pw.age; - restic-nas-smb-config.file = ../secrets/restic-nas-smb-config.age; - }; - environment.systemPackages = with pkgs; [ rclone restic diff --git a/profiles/wireguard.nix b/profiles/wireguard.nix index 9c9b134..76586ba 100644 --- a/profiles/wireguard.nix +++ b/profiles/wireguard.nix @@ -46,8 +46,6 @@ let in { - age.secrets.wireguard.file = ../secrets/${currentHostname}/wireguard.age; - networking.wireguard = { enable = true; interfaces.wg0 = { |