Refactored secrets (each host has their own)

2024-02-12 22:14:24 +01:00
parent 360adace1e
commit ea276bb6d1
4 changed files with 61 additions and 46 deletions
--- a/hosts/reykjavik/secrets.nix
+++ b/hosts/reykjavik/secrets.nix
@@ -0,0 +1,30 @@
+{ ... }:
+
+{
+  age.secrets = {
+    # Consul -------------------------------
+    "consul.d/gossip.json" = {
+      file = ../secrets/consul.d/gossip.json.age;
+      owner = "consul";
+      group = "consul";
+      mode = "644";
+    };
+    "consul.d/consul-agent-ca.pem" = {
+      file = ../secrets/consul.d/consul-agent-ca.pem.age;
+      owner = "consul";
+      group = "consul";
+      mode = "644";
+    };
+    "consul.d/agent-token-reykjavik.json" = {
+      file = ../secrets/consul.d/agent-token-reykjavik.json.age;
+      owner = "consul";
+      group = "consul";
+      mode = "644";
+    };
+    # Nomad -------------------------------
+    "nomad.d/consul-token.json" = {
+      file = ../secrets/nomad.d/consul-token.json.age;
+      mode = "644";
+    };
+  };
+}