tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 8 Pull requests Activity

refactor(sops): Move secret definitions to specific modules

Browse source
This commit is contained in:
Tristan Daniël Maat 2025-11-14 10:54:51 +08:00
parent 86e3ea7716
commit 3db98dd2b9
Signed by: tlater
GPG key ID: 02E935006CF2E8E7
12 changed files with 73 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

67
configuration/sops.nix
View file

@ -3,87 +3,20 @@
defaultSopsFile = ../keys/production.yaml;
secrets = {
"battery-manager/email" = { };
"battery-manager/password" = { };
# Gitea
"forgejo/metrics-token" = {
owner = "forgejo";
group = "metrics";
mode = "0440";
};
# Grafana
"grafana/adminPassword" = {
owner = "grafana";
group = "grafana";
};
"grafana/secretKey" = {
owner = "grafana";
group = "grafana";
};
# Heisenbridge
"heisenbridge/as-token" = { };
"heisenbridge/hs-token" = { };
# Matrix-hookshot
"matrix-hookshot/as-token" = { };
"matrix-hookshot/hs-token" = { };
# Nextcloud
"nextcloud/tlater" = {
owner = "nextcloud";
group = "nextcloud";
};
# Porkbub/ACME
"porkbun/api-key" = {
owner = "acme";
};
"porkbun/secret-api-key" = {
owner = "acme";
};
# Restic
"restic/local-backups" = {
owner = "root";
group = "backup";
mode = "0440";
};
"restic/storagebox-backups" = {
owner = "root";
group = "backup";
mode = "0440";
};
"restic/storagebox-ssh-key" = {
owner = "backup";
group = "backup";
mode = "0040";
};
# Steam
"steam/tlater" = { };
# Turn
"turn/env" = { };
"turn/secret" = {
owner = "turnserver";
};
"turn/ssl-key" = {
owner = "turnserver";
};
"turn/ssl-cert" = {
owner = "turnserver";
};
# Wireguard
"wireguard/server-key" = {
owner = "root";
group = "systemd-network";
mode = "0440";
};
};
};
}