mirror of
https://github.com/oddlama/nix-config.git
synced 2025-10-11 07:10:39 +02:00
refactor: move relevant secrets to microvms
This commit is contained in:
parent
dfe1abdfde
commit
f33fa54b65
11 changed files with 7 additions and 17 deletions
|
@ -6,8 +6,6 @@
|
|||
utils,
|
||||
...
|
||||
}: {
|
||||
age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBXXjI6uB26xOF0DPy/QyLladoGIKfAtofyqPgIkCH/g";
|
||||
|
||||
extra.wireguard.proxy-sentinel.client.via = "sentinel";
|
||||
|
||||
networking.nftables.firewall = {
|
||||
|
@ -35,13 +33,15 @@
|
|||
group = "grafana";
|
||||
};
|
||||
|
||||
age.secrets.loki-basic-auth-password = {
|
||||
rekeyFile = ./secrets/loki-basic-auth-password.age;
|
||||
age.secrets.grafana-loki-basic-auth-password = {
|
||||
rekeyFile = ./secrets/grafana-loki-basic-auth-password.age;
|
||||
generator = "alnum";
|
||||
mode = "440";
|
||||
group = "grafana";
|
||||
};
|
||||
|
||||
nodes.sentinel.age.secrets.loki-basic-auth-hashes.generator.dependencies = [config.age.secrets.grafana-loki-basic-auth-password];
|
||||
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
settings = {
|
||||
|
|
1
hosts/ward/microvms/grafana/secrets/host.pub
Normal file
1
hosts/ward/microvms/grafana/secrets/host.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBXXjI6uB26xOF0DPy/QyLladoGIKfAtofyqPgIkCH/g
|
|
@ -6,8 +6,6 @@
|
|||
utils,
|
||||
...
|
||||
}: {
|
||||
age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN2TxWynLb8V9SP45kFqsoCWhe/dG8N1xWNuJG5VQndq";
|
||||
|
||||
extra.wireguard.proxy-sentinel.client.via = "sentinel";
|
||||
|
||||
# TODO this as includable module?
|
||||
|
|
1
hosts/ward/microvms/kanidm/secrets/host.pub
Normal file
1
hosts/ward/microvms/kanidm/secrets/host.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN2TxWynLb8V9SP45kFqsoCWhe/dG8N1xWNuJG5VQndq
|
|
@ -5,8 +5,6 @@
|
|||
utils,
|
||||
...
|
||||
}: {
|
||||
age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDDvvF3+KwfoZrPAUAt2HS7y5FM9S5Mr1iRkBUqoXno";
|
||||
|
||||
extra.wireguard.proxy-sentinel.client.via = "sentinel";
|
||||
|
||||
networking.nftables.firewall = {
|
||||
|
|
1
hosts/ward/microvms/loki/secrets/host.pub
Normal file
1
hosts/ward/microvms/loki/secrets/host.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDDvvF3+KwfoZrPAUAt2HS7y5FM9S5Mr1iRkBUqoXno
|
Binary file not shown.
|
@ -1,9 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> X25519 WrGssql6ABmtiNPFxIuKmjEjNWp8yQ9CbIdaPkE1BmU
|
||||
lX/mIQPjjBp62RZyZV3WZrzzM/RAVEVMslOvQiO3ztw
|
||||
-> piv-p256 xqSe8Q A+/jWovwGhsvkNHNvfnhEOSKu6qkfQGCKnVYRJo1IWFM
|
||||
oWybJl7iZ6pkBAGmv3SmE9q1eEpkDtnIxR+3MCKi6bo
|
||||
-> a6-grease O~| \B n <1fV!LUr
|
||||
y0AAIziu
|
||||
--- 0K+cIttoHGYTWwzdoYJn1rIdtDqiBGz/jLOvPnns2CM
|
||||
Bu ¶;{þº:qJ�6„¼’]rL(@Û�¨×£C8Áñ¸ì*ü¾–]ªù¡¾£=j1îãØ€kk¯â<4"[�Üj©bLÅ;U�2wc-4
|
Loading…
Add table
Add a link
Reference in a new issue