Refactored secrets (each host has their own)
This commit is contained in:
marc
@@ -2,7 +2,7 @@
|
||||
** [[file:docs/install.org][Installing]]
|
||||
** Rebuilding
|
||||
#+BEGIN_SRC bash
|
||||
sudo nixos-rebuild switch --impure --flake '.#reykjavik'
|
||||
sudo nixos-rebuild switch --impure --flake ".#${HOST}"
|
||||
#+END_SRC
|
||||
** Modules
|
||||
*** Desktop environment
|
||||
|
||||
30
hosts/reykjavik/secrets.nix
Normal file
30
hosts/reykjavik/secrets.nix
Normal file
@@ -0,0 +1,30 @@
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
age.secrets = {
|
||||
# Consul -------------------------------
|
||||
"consul.d/gossip.json" = {
|
||||
file = ../secrets/consul.d/gossip.json.age;
|
||||
owner = "consul";
|
||||
group = "consul";
|
||||
mode = "644";
|
||||
};
|
||||
"consul.d/consul-agent-ca.pem" = {
|
||||
file = ../secrets/consul.d/consul-agent-ca.pem.age;
|
||||
owner = "consul";
|
||||
group = "consul";
|
||||
mode = "644";
|
||||
};
|
||||
"consul.d/agent-token-reykjavik.json" = {
|
||||
file = ../secrets/consul.d/agent-token-reykjavik.json.age;
|
||||
owner = "consul";
|
||||
group = "consul";
|
||||
mode = "644";
|
||||
};
|
||||
# Nomad -------------------------------
|
||||
"nomad.d/consul-token.json" = {
|
||||
file = ../secrets/nomad.d/consul-token.json.age;
|
||||
mode = "644";
|
||||
};
|
||||
};
|
||||
}
|
||||
30
hosts/thingvellir/secrets.nix
Normal file
30
hosts/thingvellir/secrets.nix
Normal file
@@ -0,0 +1,30 @@
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
age.secrets = {
|
||||
# Consul -------------------------------
|
||||
"consul.d/gossip.json" = {
|
||||
file = ../secrets/consul.d/gossip.json.age;
|
||||
owner = "consul";
|
||||
group = "consul";
|
||||
mode = "644";
|
||||
};
|
||||
"consul.d/consul-agent-ca.pem" = {
|
||||
file = ../secrets/consul.d/consul-agent-ca.pem.age;
|
||||
owner = "consul";
|
||||
group = "consul";
|
||||
mode = "644";
|
||||
};
|
||||
"consul.d/agent-token-thingvellir.json" = {
|
||||
file = ../secrets/consul.d/agent-token-thingvellir.json.age;
|
||||
owner = "consul";
|
||||
group = "consul";
|
||||
mode = "644";
|
||||
};
|
||||
# Nomad -------------------------------
|
||||
"nomad.d/consul-token.json" = {
|
||||
file = ../secrets/nomad.d/consul-token.json.age;
|
||||
mode = "644";
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,45 +0,0 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
consulCfg = config.samfelag.modules.server.consul;
|
||||
nomadCfg = config.samfelag.modules.server.nomad;
|
||||
in
|
||||
{
|
||||
config = {
|
||||
age.secrets = {
|
||||
} //
|
||||
# Consul -------------------------------
|
||||
lib.optionalAttrs consulCfg.enable {
|
||||
"consul.d/gossip.json" = {
|
||||
file = ../secrets/consul.d/gossip.json.age;
|
||||
owner = "consul";
|
||||
group = "consul";
|
||||
mode = "644";
|
||||
};
|
||||
"consul.d/consul-agent-ca.pem" = {
|
||||
file = ../secrets/consul.d/consul-agent-ca.pem.age;
|
||||
owner = "consul";
|
||||
group = "consul";
|
||||
mode = "644";
|
||||
};
|
||||
"consul.d/agent-token-reykjavik.json" = {
|
||||
file = ../secrets/consul.d/agent-token-reykjavik.json.age;
|
||||
owner = "consul";
|
||||
group = "consul";
|
||||
mode = "644";
|
||||
};
|
||||
"consul.d/agent-token-thingvellir.json" = {
|
||||
file = ../secrets/consul.d/agent-token-thingvellir.json.age;
|
||||
owner = "consul";
|
||||
group = "consul";
|
||||
mode = "644";
|
||||
};
|
||||
} //
|
||||
# Nomad -------------------------------
|
||||
lib.optionalAttrs nomadCfg.enable {
|
||||
"nomad.d/consul-token.json" = {
|
||||
file = ../secrets/nomad.d/consul-token.json.age;
|
||||
mode = "644";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user