infrastructure/hosts/phoenix.lewd.wtf/secrets.nix

35 lines
923 B
Nix
Raw Normal View History

2024-02-04 00:11:26 +00:00
{ config, ... }:
{
2024-02-10 18:26:29 +00:00
sops.defaultSopsFile = ./secrets/services.yaml;
2024-02-04 00:11:26 +00:00
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
2024-02-10 18:26:29 +00:00
# Vaultwarden
sops.secrets."services/vaultwarden/.env" = {
mode = "0400";
owner = config.users.users.vaultwarden.name;
group = config.users.users.vaultwarden.group;
sopsFile = ./secrets/vaultwarden.env;
format = "dotenv";
};
2024-02-04 18:34:52 +00:00
# MSMTP
2024-02-04 00:11:26 +00:00
sops.secrets."services/msmtp/password" = {
mode = "0777";
sopsFile = ./secrets/msmtp.yaml;
};
2024-02-04 18:34:52 +00:00
# Wireguard
sops.secrets."services/wireguard/airvpn.private" = {
mode = "0400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
sopsFile = ./secrets/wireguard.yaml;
};
sops.secrets."services/wireguard/airvpn.psk" = {
mode = "0400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
sopsFile = ./secrets/wireguard.yaml;
};
2024-02-04 00:11:26 +00:00
}