chore: reorganize secrets

2026-03-16 10:11:08 +01:00 · 2020-09-24 19:25:47 +02:00
parent 676a76ea16
commit 7132aeac86
8 changed files with 17 additions and 17 deletions
--- a/configs/calcurse.nix
+++ b/configs/calcurse.nix
@@ -27,7 +27,7 @@
        };
        Auth = {
          Username = "kieran.meinhardt@posteo.net";
-          Password = lib.strings.fileContents <shared-secrets/posteo/password>;
+          Password = lib.strings.fileContents <secrets/mail/posteo>;
        };
      };
    };
--- a/configs/cloud.nix
+++ b/configs/cloud.nix
@@ -30,8 +30,8 @@
    configDir = "/home/kfm/.config/syncthing";
    dataDir = "/home/kfm/.config/syncthing";
    declarative = rec {
-      cert = toString <secrets/syncthing/cert.pem>;
-      key = toString <secrets/syncthing/key.pem>;
+      cert = toString <system-secrets/syncthing/cert.pem>;
+      key = toString <system-secrets/syncthing/key.pem>;
      devices = {
        homeros.id =
          "HSOL72W-MMN346W-C3WCWCH-OTRKJYG-MY2WWV6-P7JUHN7-5WYYYRV-ZMH4KAA";
--- a/configs/hu-berlin.nix
+++ b/configs/hu-berlin.nix
@@ -2,8 +2,8 @@
 let
  inherit (lib.strings) fileContents;
  eduroam = {
-    identity = fileContents <shared-secrets/eduroam/identity>;
-    password = fileContents <shared-secrets/eduroam/password>;
+    identity = fileContents <secrets/eduroam/identity>;
+    password = fileContents <secrets/eduroam/password>;
  };
  eduroamAuth = ''
    key_mgmt=WPA-EAP
--- a/configs/mail.nix
+++ b/configs/mail.nix
@@ -104,7 +104,7 @@ in {
        userName = "kieran@fysi.tech";
        address = "kieran@fysi.tech";
        realName = config.niveum.user.name;
-        passwordCommand = pass_ <shared-secrets/fastmail/fysi>;
+        passwordCommand = pass_ <secrets/mail/fastmail>;
      };
      cock = enableDefaults {
        primary = false;
@@ -124,7 +124,7 @@ in {
        userName = "2210@cock.li";
        address = "2210@cock.li";
        realName = "2210";
-        passwordCommand = pass_ <shared-secrets/cock/2210>;
+        passwordCommand = pass_ <secrets/mail/cock>;
      };
      kieran-gmail = enableDefaults {
        primary = false;
@@ -132,7 +132,7 @@ in {
        address = "kieran.meinhardt@gmail.com";
        realName = config.niveum.user.name;
        userName = "kieran.meinhardt";
-        passwordCommand = pass_ <shared-secrets/gmail/kieran.meinhardt>;
+        passwordCommand = pass_ <secrets/mail/gmail/kieran.meinhardt>;
        folders = {
          drafts = "[Gmail]/Entw&APw-rfe";
          sent = "[Gmail]/Gesendet";
@@ -145,7 +145,7 @@ in {
        address = "amroplay@gmail.com";
        realName = config.niveum.user.name;
        userName = "amroplay";
-        passwordCommand = pass_ <shared-secrets/gmail/amroplay>;
+        passwordCommand = pass_ <secrets/mail/gmail/amroplay>;
        folders = {
          drafts = "[Gmail]/Drafts";
          sent = "[Gmail]/Sent Mail";
@@ -170,14 +170,14 @@ in {
        address = "kieran.meinhardt@posteo.net";
        realName = config.niveum.user.name;
        userName = "kieran.meinhardt@posteo.net";
-        passwordCommand = pass_ <shared-secrets/posteo/password>;
+        passwordCommand = pass_ <secrets/mail/posteo>;
      };
      hu-berlin = enableDefaults {
        primary = false;
        address = "meinhark@hu-berlin.de";
        realName = config.niveum.user.name;
        userName = "meinhark";
-        passwordCommand = pass_ <shared-secrets/eduroam/password>;
+        passwordCommand = pass_ <secrets/eduroam/password>;
        smtp = {
          host = "mailhost.cms.hu-berlin.de";
          port = 25;
--- a/configs/retiolum.nix
+++ b/configs/retiolum.nix
@@ -4,7 +4,7 @@
  networking.hosts = { "42:0:ca48:f98f:63d7:31ce:922b:245d" = [ "go" ]; };

  environment.etc."tinc/retiolum/rsa_key.priv" = {
-    text = builtins.readFile <secrets/retiolum.key>;
+    text = builtins.readFile <system-secrets/retiolum.key>;
    mode = "400";
  };
 }
--- a/configs/spotify.nix
+++ b/configs/spotify.nix
@@ -13,8 +13,8 @@ in {
    };
    spotifydConf = pkgs.writeText "spotifyd.conf" (lib.generators.toINI { } {
      global = {
-        username = fileContents <shared-secrets/spotify/username>;
-        password = fileContents <shared-secrets/spotify/password>;
+        username = fileContents <secrets/spotify/username>;
+        password = fileContents <secrets/spotify/password>;
        backend = "pulseaudio";
        on_song_change_hook = toString (pkgs.writers.writeDash "songinfo" ''
          PATH=$PATH:${
--- a/configs/traadfri.nix
+++ b/configs/traadfri.nix
@@ -5,7 +5,7 @@
    enable = true;
    user = "kmein";
    host = "192.168.178.28";
-    key = lib.strings.fileContents <shared-secrets/traadfri.key>;
+    key = lib.strings.fileContents <secrets/traadfri.key>;
    rooms = {
      corridor = 131080;
      kitchen = 131081;
--- a/deploy.nix
+++ b/deploy.nix
@@ -20,11 +20,11 @@ let
      nixos-unstable.git = gitFromJson .versions/nixpkgs-unstable.json;
      home-manager.git = gitFromJson .versions/home-manager.json;
      stockholm.git = gitFromJson .versions/stockholm.json;
-      secrets.pass = {
+      system-secrets.pass = {
        dir = toString ~/.password-store/systems;
        inherit name;
      };
-      shared-secrets.pass = {
+      secrets.pass = {
        dir = toString ~/.password-store;
        name = "shared";
      };