sample-config/secrets.nix

77 lines
2.3 KiB
Nix
Raw Permalink Normal View History

{ config, ... }:
{
## @TODO: What to do about owner field an restartUnits?
## This file should probably be generated by the homefree repo
## In fact everything in this repo should be generated by
## the config editor in homefree repo.
sops.secrets = {
"authentik/authentik-env" = {
format = "yaml";
sopsFile = ./secrets/authentik.yaml;
owner = config.homefree.system.adminUsername;
path = "/run/secrets/authentik/authentik-env";
restartUnits = [ "authentik.service" ];
};
"authentik/authentik-ldap-env" = {
format = "yaml";
sopsFile = ./secrets/authentik.yaml;
owner = config.homefree.system.adminUsername;
path = "/run/secrets/authentik/authentik-ldap-env";
restartUnits = [ "authentik-ldap.service" ];
};
"authentik/postgres-password" = {
format = "yaml";
sopsFile = ./secrets/authentik.yaml;
};
"backup/restic-password" = {
format = "yaml";
sopsFile = ./secrets/backup.yaml;
owner = config.homefree.system.adminUsername;
path = "/run/secrets/backup/restic-password";
restartUnits = [ "restic.service" ];
};
"ddclient/ddclient-password" = {
format = "yaml";
sopsFile = ./secrets/ddclient.yaml;
owner = config.homefree.system.adminUsername;
path = "/run/secrets/ddclient/ddclient-password";
restartUnits = [ "ddclient.service" ];
};
"linkwarden/env" = {
format = "yaml";
sopsFile = ./secrets/linkwarden.yaml;
owner = config.homefree.system.adminUsername;
path = "/run/secrets/linkwarden/env";
restartUnits = [ "linkwarden.service" ];
};
"nextcloud/admin-password" = {
format = "yaml";
sopsFile = ./secrets/nextcloud.yaml;
owner = "nextcloud";
path = "/run/secrets/nextcloud/admin-password";
restartUnits = [ "nextcloud.service" ];
};
"nextcloud/secret-file" = {
format = "yaml";
sopsFile = ./secrets/nextcloud.yaml;
owner = "nextcloud";
path = "/run/secrets/nextcloud/secret-file";
restartUnits = [ "nextcloud.service" ];
};
"tailscale/key" = {
format = "yaml";
sopsFile = ./secrets/tailscale.yaml;
owner = config.homefree.system.adminUsername;
path = "/run/secrets/tailscale/key";
restartUnits = [ "tailscale.service" ];
};
};
}