kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-19 19:41:08 +01:00
Code Releases Activity

Revert "chore: get secrets via input, mock for CI"

Browse Source 
This reverts commit 3138fd23ef.
This commit is contained in:
Kierán Meinhardt
2023-07-04 16:28:26 +02:00
parent 17bf958923
commit 9148ab5ba8
32 changed files with 101 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
systems/zaatar/configuration.nix
View File

@@ -1,7 +1,7 @@
{
config,
pkgs,
inputs,
lib,
...
}: let
inherit (import ../../lib) retiolumAddresses restic;
@@ -31,18 +31,18 @@ in {
age.secrets = {
retiolum-rsa = {
file = inputs.secrets + "/zaatar-retiolum-privateKey-rsa.age";
file = ../../secrets/zaatar-retiolum-privateKey-rsa.age;
mode = "400";
owner = "tinc.retiolum";
group = "tinc.retiolum";
};
retiolum-ed25519 = {
file = inputs.secrets + "/zaatar-retiolum-privateKey-ed25519.age";
file = ../../secrets/zaatar-retiolum-privateKey-ed25519.age;
mode = "400";
owner = "tinc.retiolum";
group = "tinc.retiolum";
};
restic.file = inputs.secrets + "/restic.age";
restic.file = ../../secrets/restic.age;
};
services.restic.backups.moodle-dl = {

5
systems/zaatar/moodle-dl-meinhark.nix
View File

@@ -2,7 +2,6 @@
config,
pkgs,
lib,
inputs,
...
}: let
moodle-dl-package = pkgs.moodle-dl.overrideAttrs (old:
@@ -14,14 +13,14 @@ in {
age.secrets = {
/*
moodle-dl-tokens = {
file = inputs.secrets + "/zaatar-moodle-dl-tokens.json.age";
file = ../../secrets/zaatar-moodle-dl-tokens.json.age;
owner = "moodle-dl";
group = "moodle-dl";
mode = "400";
};
*/
moodle-dl-basicAuth = {
file = inputs.secrets + "/zaatar-moodle-dl-basicAuth.age";
file = ../../secrets/zaatar-moodle-dl-basicAuth.age;
owner = "nginx";
group = "nginx";
mode = "400";

9
systems/zaatar/mpd.nix
View File

@@ -2,7 +2,6 @@
config,
pkgs,
lib,
inputs,
...
}: let
firewall = (import ../../lib).firewall lib;
@@ -103,14 +102,14 @@ in {
age.secrets = {
ympd-basicAuth = {
file = inputs.secrets + "/zaatar-ympd-basicAuth.age";
file = ../../secrets/zaatar-ympd-basicAuth.age;
owner = "nginx";
group = "nginx";
mode = "400";
};
syncthing-cert.file = inputs.secrets + "/zaatar-syncthing-cert.age";
syncthing-key.file = inputs.secrets + "/zaatar-syncthing-key.age";
di-fm-key.file = inputs.secrets + "/di-fm-key.age";
syncthing-cert.file = ../../secrets/zaatar-syncthing-cert.age;
syncthing-key.file = ../../secrets/zaatar-syncthing-key.age;
di-fm-key.file = ../../secrets/di-fm-key.age;
};
services.nginx = {

10
systems/zaatar/spotifyd.nix
View File

@@ -1,8 +1,4 @@
{
config,
inputs,
...
}: {
{config, ...}: {
services.spotifyd = {
enable = true;
settings = {
@@ -25,8 +21,8 @@
};
age.secrets = {
spotify-username.file = inputs.secrets + "/spotify-username.age";
spotify-password.file = inputs.secrets + "/spotify-password.age";
spotify-username.file = ../../secrets/spotify-username.age;
spotify-password.file = ../../secrets/spotify-password.age;
};
# ref https://github.com/NixOS/nixpkgs/issues/71362#issuecomment-753461502