44 lines
1.1 KiB
Nix
44 lines
1.1 KiB
Nix
{ config, ... }:
|
|
{
|
|
sops.defaultSopsFile = ./secrets/services.yaml;
|
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
|
|
# Vaultwarden
|
|
sops.secrets."services/vaultwarden/.env" = {
|
|
mode = "0400";
|
|
owner = config.users.users.vaultwarden.name;
|
|
group = config.users.users.vaultwarden.group;
|
|
sopsFile = ./secrets/vaultwarden.env;
|
|
format = "dotenv";
|
|
};
|
|
|
|
# Attic
|
|
sops.secrets."services/attic/creds.env" = {
|
|
mode = "0400";
|
|
owner = config.users.users.root.name;
|
|
group = config.users.users.root.group;
|
|
sopsFile = ./secrets/attic.env;
|
|
format = "dotenv";
|
|
};
|
|
|
|
# MSMTP
|
|
sops.secrets."services/msmtp/password" = {
|
|
mode = "0777";
|
|
sopsFile = ./secrets/msmtp.yaml;
|
|
};
|
|
|
|
# Wireguard
|
|
sops.secrets."services/wireguard/airvpn.private" = {
|
|
mode = "0400";
|
|
owner = config.users.users.root.name;
|
|
group = config.users.users.root.group;
|
|
sopsFile = ./secrets/wireguard.yaml;
|
|
};
|
|
sops.secrets."services/wireguard/airvpn.psk" = {
|
|
mode = "0400";
|
|
owner = config.users.users.root.name;
|
|
group = config.users.users.root.group;
|
|
sopsFile = ./secrets/wireguard.yaml;
|
|
};
|
|
}
|