sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: set new vm secret paths

Browse source
This commit is contained in:
oddlama 2023-07-01 01:20:17 +02:00
parent 80e7c1bdbf
commit 11ba487bf0
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
4 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/ward/microvms/grafana.nix
View file

@ -11,20 +11,20 @@ in {
meta.wireguard-proxy.sentinel.allowedTCPPorts = [config.services.grafana.settings.server.http_port]; meta.wireguard-proxy.sentinel.allowedTCPPorts = [config.services.grafana.settings.server.http_port];
age.secrets.grafana-secret-key = { age.secrets.grafana-secret-key = {
rekeyFile = ./secrets/grafana-secret-key.age; rekeyFile = config.node.secretsDir + "/grafana-secret-key.age";
mode = "440"; mode = "440";
group = "grafana"; group = "grafana";
}; };
age.secrets.grafana-loki-basic-auth-password = { age.secrets.grafana-loki-basic-auth-password = {
rekeyFile = ./secrets/grafana-loki-basic-auth-password.age; rekeyFile = config.node.secretsDir + "/grafana-loki-basic-auth-password.age";
generator = "alnum"; generator = "alnum";
mode = "440"; mode = "440";
group = "grafana"; group = "grafana";
}; };
age.secrets.grafana-influxdb-token = { age.secrets.grafana-influxdb-token = {
rekeyFile = ./secrets/grafana-influxdb-token.age; rekeyFile = config.node.secretsDir + "/grafana-influxdb-token.age";
mode = "440"; mode = "440";
group = "grafana"; group = "grafana";
}; };

4
hosts/ward/microvms/kanidm.nix
View file

@ -13,13 +13,13 @@ in {
meta.wireguard-proxy.sentinel.allowedTCPPorts = [kanidmPort]; meta.wireguard-proxy.sentinel.allowedTCPPorts = [kanidmPort];
age.secrets."kanidm-self-signed.crt" = { age.secrets."kanidm-self-signed.crt" = {
rekeyFile = ./secrets/kanidm-self-signed.crt.age; rekeyFile = config.node.secretsDir + "/kanidm-self-signed.crt.age";
mode = "440"; mode = "440";
group = "kanidm"; group = "kanidm";
}; };
age.secrets."kanidm-self-signed.key" = { age.secrets."kanidm-self-signed.key" = {
rekeyFile = ./secrets/kanidm-self-signed.key.age; rekeyFile = config.node.secretsDir + "/kanidm-self-signed.key.age";
mode = "440"; mode = "440";
group = "kanidm"; group = "kanidm";
}; };

2
hosts/ward/microvms/loki.nix
View file

@ -14,7 +14,7 @@ in {
networking.providedDomains.loki = lokiDomain; networking.providedDomains.loki = lokiDomain;
age.secrets.loki-basic-auth-hashes = { age.secrets.loki-basic-auth-hashes = {
rekeyFile = ./secrets/loki-basic-auth-hashes.age; rekeyFile = config.node.secretsDir + "/loki-basic-auth-hashes.age";
# Copy only the script so the dependencies can be added by the nodes # Copy only the script so the dependencies can be added by the nodes
# that define passwords (using distributed-config). # that define passwords (using distributed-config).
generator.script = config.age.generators.basic-auth.script; generator.script = config.age.generators.basic-auth.script;

2
hosts/ward/microvms/vaultwarden.nix
View file

@ -14,7 +14,7 @@ in {
]; ];
age.secrets.vaultwarden-env = { age.secrets.vaultwarden-env = {
rekeyFile = ./secrets/vaultwarden-env.age; rekeyFile = config.node.secretsDir + "/vaultwarden-env.age";
mode = "440"; mode = "440";
group = "vaultwarden"; group = "vaultwarden";
}; };