mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 23:00:39 +02:00
Code Activity

fix: set new vm secret paths

Browse source
This commit is contained in:
oddlama 2023-07-01 01:20:17 +02:00
parent 80e7c1bdbf
commit 11ba487bf0
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
4 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/ward/microvms/grafana.nix
View file

@ -11,20 +11,20 @@ in {
meta.wireguard-proxy.sentinel.allowedTCPPorts = [config.services.grafana.settings.server.http_port];
age.secrets.grafana-secret-key = {
rekeyFile = ./secrets/grafana-secret-key.age;
rekeyFile = config.node.secretsDir + "/grafana-secret-key.age";
mode = "440";
group = "grafana";
};
age.secrets.grafana-loki-basic-auth-password = {
rekeyFile = ./secrets/grafana-loki-basic-auth-password.age;
rekeyFile = config.node.secretsDir + "/grafana-loki-basic-auth-password.age";
generator = "alnum";
mode = "440";
group = "grafana";
};
age.secrets.grafana-influxdb-token = {
rekeyFile = ./secrets/grafana-influxdb-token.age;
rekeyFile = config.node.secretsDir + "/grafana-influxdb-token.age";
mode = "440";
group = "grafana";
};

4
hosts/ward/microvms/kanidm.nix
View file

@ -13,13 +13,13 @@ in {
meta.wireguard-proxy.sentinel.allowedTCPPorts = [kanidmPort];
age.secrets."kanidm-self-signed.crt" = {
rekeyFile = ./secrets/kanidm-self-signed.crt.age;
rekeyFile = config.node.secretsDir + "/kanidm-self-signed.crt.age";
mode = "440";
group = "kanidm";
};
age.secrets."kanidm-self-signed.key" = {
rekeyFile = ./secrets/kanidm-self-signed.key.age;
rekeyFile = config.node.secretsDir + "/kanidm-self-signed.key.age";
mode = "440";
group = "kanidm";
};

2
hosts/ward/microvms/loki.nix
View file

@ -14,7 +14,7 @@ in {
networking.providedDomains.loki = lokiDomain;
age.secrets.loki-basic-auth-hashes = {
rekeyFile = ./secrets/loki-basic-auth-hashes.age;
rekeyFile = config.node.secretsDir + "/loki-basic-auth-hashes.age";
# Copy only the script so the dependencies can be added by the nodes
# that define passwords (using distributed-config).
generator.script = config.age.generators.basic-auth.script;

2
hosts/ward/microvms/vaultwarden.nix
View file

@ -14,7 +14,7 @@ in {
];
age.secrets.vaultwarden-env = {
rekeyFile = ./secrets/vaultwarden-env.age;
rekeyFile = config.node.secretsDir + "/vaultwarden-env.age";
mode = "440";
group = "vaultwarden";
};