materus
/
nixos-config
mirror of https://github.com/materusPL/nixos-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

valkyrie: move certs to sops file

This commit is contained in:
Mateusz Słodkowicz 2024-03-23 15:21:13 +01:00
parent b9397c8fd4
commit bc4d4750c0
Signed by: materus
GPG Key ID: 28D140BCA60B4FD1
4 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
configurations/host/valkyrie/default.nix
View File

@ -2,7 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`). # and in the NixOS manual (accessible by running `nixos-help`).
{ pkgs, materusArg, ... }: { pkgs, materusArg, config, ... }:
{ {
imports = imports =
@ -74,6 +74,7 @@
]; ];
openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/materus.pub") ]; openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/materus.pub") ];
}; };
users.users.acme.openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/materus.pub") ];
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# $ nix search wget # $ nix search wget
@ -142,12 +143,12 @@
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
security.acme.defaults.email = "materus+acme@podkos.pl"; security.acme.defaults.email = "materus+acme@podkos.pl";
security.acme.defaults.credentialsFile = config.sops.secrets.certs.path ;
security.acme.certs."materus.pl" = { security.acme.certs."materus.pl" = {
domain = "materus.pl"; domain = "materus.pl";
group = "nginx"; group = "nginx";
extraDomainNames = [ "*.materus.pl" ]; extraDomainNames = [ "*.materus.pl" ];
dnsProvider = "ovh"; dnsProvider = "ovh";
credentialsFile = "/materus/config/private/valkyrie/certs.secret";
}; };
security.acme.certs."podkos.pl" = { security.acme.certs."podkos.pl" = {
@ -155,7 +156,6 @@
group = "nginx"; group = "nginx";
extraDomainNames = [ "*.podkos.pl" ]; extraDomainNames = [ "*.podkos.pl" ];
dnsProvider = "ovh"; dnsProvider = "ovh";
credentialsFile = "/materus/config/private/valkyrie/certs.secret";
}; };
security.acme.certs."podkos.xyz" = { security.acme.certs."podkos.xyz" = {
@ -163,7 +163,6 @@
group = "nginx"; group = "nginx";
extraDomainNames = [ "*.podkos.xyz" ]; extraDomainNames = [ "*.podkos.xyz" ];
dnsProvider = "ovh"; dnsProvider = "ovh";
credentialsFile = "/materus/config/private/valkyrie/certs.secret";
}; };
} }

1
configurations/host/valkyrie/secrets/default.nix
View File

@ -15,6 +15,7 @@
sops.secrets.spotify-client-id = {}; sops.secrets.spotify-client-id = {};
sops.secrets.spotify-client-secret = {}; sops.secrets.spotify-client-secret = {};
sops.secrets.youtube-api = {}; sops.secrets.youtube-api = {};
sops.secrets.certs = {};
services.openssh.hostKeys = [ services.openssh.hostKeys = [
{ {

5
configurations/host/valkyrie/secrets/secrets.yaml
View File

@ -3,6 +3,7 @@ discord-token: ENC[AES256_GCM,data:JQ/6MJvBlJpKzs/L0hFB1LPpQSfJvDdEB6YerVZyDqGo7
spotify-client-id: ENC[AES256_GCM,data:WK7CJGw6mtIG3Jfp59cWx3ool4z1P09TvHcpbOQ2JV0=,iv:EaJ5ecXdmx0Ky+43xZITM811IOo4EisvPSyogXrJXng=,tag:NYTI4vLsWGa695CJ+TIgbw==,type:str] spotify-client-id: ENC[AES256_GCM,data:WK7CJGw6mtIG3Jfp59cWx3ool4z1P09TvHcpbOQ2JV0=,iv:EaJ5ecXdmx0Ky+43xZITM811IOo4EisvPSyogXrJXng=,tag:NYTI4vLsWGa695CJ+TIgbw==,type:str]
spotify-client-secret: ENC[AES256_GCM,data:TnR+zLLklTfzMdR4woaZWuMVJQ9VIYsFM588GRO6WCY=,iv:cYiqw8ZdMgLeug4ptwPV3L+MeY6xIldfUBfiYg1mFD8=,tag:YDLh6BXFcBHnpdgM7e87wg==,type:str] spotify-client-secret: ENC[AES256_GCM,data:TnR+zLLklTfzMdR4woaZWuMVJQ9VIYsFM588GRO6WCY=,iv:cYiqw8ZdMgLeug4ptwPV3L+MeY6xIldfUBfiYg1mFD8=,tag:YDLh6BXFcBHnpdgM7e87wg==,type:str]
youtube-api: ENC[AES256_GCM,data:qmpFlFvudS9rXQfN+Th/UrPWCW0mg5GkpMucS/01AmOnlChqtojC,iv:q3bKwI2I6BNa3L9ezKCE1fWT/vZLiJ8uzug1z2z+TWA=,tag:gKG3HTz8jp2LAFh8e8O6sg==,type:str] youtube-api: ENC[AES256_GCM,data:qmpFlFvudS9rXQfN+Th/UrPWCW0mg5GkpMucS/01AmOnlChqtojC,iv:q3bKwI2I6BNa3L9ezKCE1fWT/vZLiJ8uzug1z2z+TWA=,tag:gKG3HTz8jp2LAFh8e8O6sg==,type:str]
certs: ENC[AES256_GCM,data:ttmSNTTx51a3L2HTC8RnSphDLHO2OSyIgXQ0YpZGySTdu69mgEyhaiSi+IAXg/1AHKRjpFJgE4fhsLAiW78pNYb+Zg7aDL47YtABO99sTZrZnBxZo6k6itpZ3oClDch2ZALzoXChLroc0tUbZKwsfOwGe3pw9lOJZJT34AhV+BVoXDDLQcpQoxz23Baa8oxklecT6wpJ1u1nW+aAHw33gm41Vw==,iv:b0aNZwaRKBg+ipe5+19BowyFbCjZt52S738om6emYGo=,tag:lUqtcc4vVWKx/fnc19vj7A==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -18,8 +19,8 @@ sops:
d2dMUUh1RDB3UnpEdFJsNHpQRXFWemMKc41dlOapTsvH91QLNhdPbrzerPFakOiX d2dMUUh1RDB3UnpEdFJsNHpQRXFWemMKc41dlOapTsvH91QLNhdPbrzerPFakOiX
J/uoZDMIhsmQxgQM7Fqxr05NywhI/ZjOtJS2bayp73O57xjjMYcyNQ== J/uoZDMIhsmQxgQM7Fqxr05NywhI/ZjOtJS2bayp73O57xjjMYcyNQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-22T18:29:22Z" lastmodified: "2024-03-23T14:02:11Z"
mac: ENC[AES256_GCM,data:X4SJZ4A7YwQGGvdjf0/hKSn6HuiwKC0DaswzAgA+sqfXnwTAFt1FPhak//BxkRKBqw5A+FTyRf/a4FnY5XG+gu3RxO6+np4AJwvKiA0Hwa9QImwrh9A1k9URE9mtGegqtw3wnZBw4XXA+vhEUIq10sGaVuy6outfvlfNM/TMlgc=,iv:WENShl1jCAUQggvssZMS+6vEgc8l+wzZLHXRkoYAV8I=,tag:2y6ltpwxUIOlaUMoWDRcxg==,type:str] mac: ENC[AES256_GCM,data:wMQCs0h/FOEe9zzaTJxrBqQh1KgEgr5J7tdBTIr4frUAUtsD6SCXQ0keVUQ1J5DYEKDTqFbXvM1IetwSKipfKscTbSt1u3hpe30f4EWqTZKRrJtJaiVozJSZ667YWRQu1uWv5VDGXfC4tosejUyJsVUkUEYDqLKEv3z/y3eNa80=,iv:i2PX9y4J1EbASCnbG1XVo+RcxbFV9VOwyRg+DKcUyVc=,tag:6BQkD8ikUHfHI4KhiC5UJA==,type:str]
pgp: pgp:
- created_at: "2024-03-21T22:55:36Z" - created_at: "2024-03-21T22:55:36Z"
enc: |- enc: |-

0
decrypted Normal file
View File