kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-16 10:11:08 +01:00
Code Releases Activity

chore: get secrets via input, mock for CI

Browse Source 
this fixes CI, yay!
This commit is contained in:
Kierán Meinhardt
2023-06-27 17:57:42 +02:00
parent d0edb9c915
commit 3138fd23ef
32 changed files with 203 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
systems/zaatar/configuration.nix
View File

@@ -1,7 +1,7 @@
{
config,
pkgs,
lib,
inputs,
...
}: let
inherit (import ../../lib) retiolumAddresses restic;
@@ -31,18 +31,18 @@ in {
age.secrets = {
retiolum-rsa = {
file = ../../secrets/zaatar-retiolum-privateKey-rsa.age;
file = inputs.secrets + "/zaatar-retiolum-privateKey-rsa.age";
mode = "400";
owner = "tinc.retiolum";
group = "tinc.retiolum";
};
retiolum-ed25519 = {
file = ../../secrets/zaatar-retiolum-privateKey-ed25519.age;
file = inputs.secrets + "/zaatar-retiolum-privateKey-ed25519.age";
mode = "400";
owner = "tinc.retiolum";
group = "tinc.retiolum";
};
restic.file = ../../secrets/restic.age;
restic.file = inputs.secrets + "/restic.age";
};
services.restic.backups.moodle-dl = {

5
systems/zaatar/moodle-dl-meinhark.nix
View File

@@ -2,6 +2,7 @@
config,
pkgs,
lib,
inputs,
...
}: let
moodle-dl-package = pkgs.moodle-dl.overrideAttrs (old:
@@ -13,14 +14,14 @@ in {
age.secrets = {
/*
moodle-dl-tokens = {
file = ../../secrets/zaatar-moodle-dl-tokens.json.age;
file = inputs.secrets + "/zaatar-moodle-dl-tokens.json.age";
owner = "moodle-dl";
group = "moodle-dl";
mode = "400";
};
*/
moodle-dl-basicAuth = {
file = ../../secrets/zaatar-moodle-dl-basicAuth.age;
file = inputs.secrets + "/zaatar-moodle-dl-basicAuth.age";
owner = "nginx";
group = "nginx";
mode = "400";

9
systems/zaatar/mpd.nix
View File

@@ -2,6 +2,7 @@
config,
pkgs,
lib,
inputs,
...
}: let
firewall = (import ../../lib).firewall lib;
@@ -102,14 +103,14 @@ in {
age.secrets = {
ympd-basicAuth = {
file = ../../secrets/zaatar-ympd-basicAuth.age;
file = inputs.secrets + "/zaatar-ympd-basicAuth.age";
owner = "nginx";
group = "nginx";
mode = "400";
};
syncthing-cert.file = ../../secrets/zaatar-syncthing-cert.age;
syncthing-key.file = ../../secrets/zaatar-syncthing-key.age;
di-fm-key.file = ../../secrets/di-fm-key.age;
syncthing-cert.file = inputs.secrets + "/zaatar-syncthing-cert.age";
syncthing-key.file = inputs.secrets + "/zaatar-syncthing-key.age";
di-fm-key.file = inputs.secrets + "/di-fm-key.age";
};
services.nginx = {

10
systems/zaatar/spotifyd.nix
View File

@@ -1,4 +1,8 @@
{config, ...}: {
{
config,
inputs,
...
}: {
services.spotifyd = {
enable = true;
settings = {
@@ -21,8 +25,8 @@
};
age.secrets = {
spotify-username.file = ../../secrets/spotify-username.age;
spotify-password.file = ../../secrets/spotify-password.age;
spotify-username.file = inputs.secrets + "/spotify-username.age";
spotify-password.file = inputs.secrets + "/spotify-password.age";
};
# ref https://github.com/NixOS/nixpkgs/issues/71362#issuecomment-753461502