daylin/oizys
1
0
Fork 0
mirror of https://github.com/daylinmorgan/oizys.git synced 2025-02-02 11:04:17 -06:00
Code Issues Projects Releases Packages Wiki Activity

add some secrets

Browse source
This commit is contained in:
Daylin Morgan 2025-01-31 10:15:45 -06:00
parent 8391ef801c
commit 06dd891b6a
Signed by: daylin
GPG key ID: 950D13E9719334AD
5 changed files with 23 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
flake.lock
View file

@ -789,11 +789,11 @@
}, },
"locked": { "locked": {
"dir": "nix", "dir": "nix",
"lastModified": 1738281090, "lastModified": 1738337180,
"narHash": "sha256-WLdHHGCSaLjQ1DbZVsphHysWjnhs26JzXUaS+7RYfrg=", "narHash": "sha256-XXT8rGyMd1ow4jnir8qfLfYIwU2TgzDjpz6amMvs8ac=",
"owner": "daylinmorgan", "owner": "daylinmorgan",
"repo": "tsm", "repo": "tsm",
"rev": "2aab7c23de890700a1ce1c7f651c04478105393b", "rev": "9a22c559c5b13472528fc2f814149af7b341dfe5",
"type": "github" "type": "github"
}, },
"original": { "original": {

7
hosts/algiz/default.nix
View file

@ -36,11 +36,4 @@
# git user handles the forgjo ssh authentication # git user handles the forgjo ssh authentication
users.users.git.isNormalUser = true; users.users.git.isNormalUser = true;
sops = {
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = ./secrets.yaml;
# by default is accessible only by root:root which should work with above service
secrets.restic-algiz = { };
};
} }

12
hosts/algiz/secrets.nix Normal file
View file

@ -0,0 +1,12 @@
{ ... }:
{
sops = {
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = ./secrets.yaml;
# by default is accessible only by root:root which should work with above service
secrets.restic-algiz = { };
secrets.atticd-env = { };
};
}

7
hosts/algiz/secrets.yaml
View file

File diff suppressed because one or more lines are too long

7
hosts/algiz/services.nix
View file

@ -1,6 +1,8 @@
{ {
config,
pkgs, pkgs,
enabled, enabled,
flake,
... ...
}: }:
let let
@ -24,7 +26,7 @@ in
}; };
security.polkit = enabled; # attic was looking for this... security.polkit = enabled; # attic was looking for this...
environment.systemPackages = with pkgs; [ attic-client ]; environment.systemPackages = [ (flake.pkg "lix-atttic").attic-client ];
# allow docker to forward the request to the host running attic # allow docker to forward the request to the host running attic
# https://discourse.nixos.org/t/docker-container-not-resolving-to-host/30259/6 # https://discourse.nixos.org/t/docker-container-not-resolving-to-host/30259/6
@ -32,8 +34,7 @@ in
services.atticd = enabled // { services.atticd = enabled // {
# Replace with absolute path to your credentials file # Replace with absolute path to your credentials file
# TODO: replace with sops-secret! environmentFile = config.sops.secrets."atticd-env".path;
environmentFile = "/etc/atticd.env";
settings = { settings = {
listen = "[::]:${atticPort}"; listen = "[::]:${atticPort}";