sample-config/secrets.nix

{ config, ... }:
{
  ## @TODO: What to do about owner field an restartUnits?
  ## This file should probably be generated by the homefree repo
  ## In fact everything in this repo should be generated by
  ## the config editor in homefree repo.
  sops.secrets = {
    "authentik/authentik-env" = {
      format = "yaml";
      sopsFile = ./secrets/authentik.yaml;
      owner = config.homefree.system.adminUsername;
      path = "/run/secrets/authentik/authentik-env";
      restartUnits = [ "authentik.service" ];
    };
    "authentik/authentik-ldap-env" = {
      format = "yaml";
      sopsFile = ./secrets/authentik.yaml;

      owner = config.homefree.system.adminUsername;
      path = "/run/secrets/authentik/authentik-ldap-env";
      restartUnits = [ "authentik-ldap.service" ];
    };
    "authentik/postgres-password" = {
      format = "yaml";
      sopsFile = ./secrets/authentik.yaml;
    };
    "backup/restic-password" = {
      format = "yaml";
      sopsFile = ./secrets/backup.yaml;

      owner = config.homefree.system.adminUsername;
      path = "/run/secrets/backup/restic-password";
      restartUnits = [ "restic.service" ];
    };
    "ddclient/ddclient-password" = {
      format = "yaml";
      sopsFile = ./secrets/ddclient.yaml;

      owner = config.homefree.system.adminUsername;
      path = "/run/secrets/ddclient/ddclient-password";
      restartUnits = [ "ddclient.service" ];
    };
    "linkwarden/env" = {
      format = "yaml";
      sopsFile = ./secrets/linkwarden.yaml;

      owner = config.homefree.system.adminUsername;
      path = "/run/secrets/linkwarden/env";
      restartUnits = [ "linkwarden.service" ];
    };
    "nextcloud/admin-password" = {
      format = "yaml";
      sopsFile = ./secrets/nextcloud.yaml;

      owner = "nextcloud";
      path = "/run/secrets/nextcloud/admin-password";
      restartUnits = [ "nextcloud.service" ];
    };
    "nextcloud/secret-file" = {
      format = "yaml";
      sopsFile = ./secrets/nextcloud.yaml;

      owner = "nextcloud";
      path = "/run/secrets/nextcloud/secret-file";
      restartUnits = [ "nextcloud.service" ];
    };
    "tailscale/key" = {
      format = "yaml";
      sopsFile = ./secrets/tailscale.yaml;

      owner = config.homefree.system.adminUsername;
      path = "/run/secrets/tailscale/key";
      restartUnits = [ "tailscale.service" ];
    };
  };
}
HF-7: Move out sops config * Updated configuration.nix to match latest homefree * Added secrets config 2024-12-13 17:14:13 -08:00			`{ config, ... }:`
			`{`
			`## @TODO: What to do about owner field an restartUnits?`
			`## This file should probably be generated by the homefree repo`
			`## In fact everything in this repo should be generated by`
			`## the config editor in homefree repo.`
			`sops.secrets = {`
			`"authentik/authentik-env" = {`
			`format = "yaml";`
			`sopsFile = ./secrets/authentik.yaml;`
			`owner = config.homefree.system.adminUsername;`
			`path = "/run/secrets/authentik/authentik-env";`
			`restartUnits = [ "authentik.service" ];`
			`};`
			`"authentik/authentik-ldap-env" = {`
			`format = "yaml";`
			`sopsFile = ./secrets/authentik.yaml;`

			`owner = config.homefree.system.adminUsername;`
			`path = "/run/secrets/authentik/authentik-ldap-env";`
			`restartUnits = [ "authentik-ldap.service" ];`
			`};`
			`"authentik/postgres-password" = {`
			`format = "yaml";`
			`sopsFile = ./secrets/authentik.yaml;`
			`};`
			`"backup/restic-password" = {`
			`format = "yaml";`
			`sopsFile = ./secrets/backup.yaml;`

			`owner = config.homefree.system.adminUsername;`
			`path = "/run/secrets/backup/restic-password";`
			`restartUnits = [ "restic.service" ];`
			`};`
			`"ddclient/ddclient-password" = {`
			`format = "yaml";`
			`sopsFile = ./secrets/ddclient.yaml;`

			`owner = config.homefree.system.adminUsername;`
			`path = "/run/secrets/ddclient/ddclient-password";`
			`restartUnits = [ "ddclient.service" ];`
			`};`
			`"linkwarden/env" = {`
			`format = "yaml";`
			`sopsFile = ./secrets/linkwarden.yaml;`

			`owner = config.homefree.system.adminUsername;`
			`path = "/run/secrets/linkwarden/env";`
			`restartUnits = [ "linkwarden.service" ];`
			`};`
			`"nextcloud/admin-password" = {`
			`format = "yaml";`
			`sopsFile = ./secrets/nextcloud.yaml;`

			`owner = "nextcloud";`
			`path = "/run/secrets/nextcloud/admin-password";`
			`restartUnits = [ "nextcloud.service" ];`
			`};`
			`"nextcloud/secret-file" = {`
			`format = "yaml";`
			`sopsFile = ./secrets/nextcloud.yaml;`

			`owner = "nextcloud";`
			`path = "/run/secrets/nextcloud/secret-file";`
			`restartUnits = [ "nextcloud.service" ];`
			`};`
			`"tailscale/key" = {`
			`format = "yaml";`
			`sopsFile = ./secrets/tailscale.yaml;`

			`owner = config.homefree.system.adminUsername;`
			`path = "/run/secrets/tailscale/key";`
			`restartUnits = [ "tailscale.service" ];`
			`};`
			`};`
			`}`