refactor(sops): Move secret definitions to specific modules

2025-11-14 10:54:51 +08:00 · 2025-11-14 10:54:51 +08:00 · 4b51890e0a
commit 4b51890e0a
parent 86e3ea7716
3 changed files with 18 additions and 18 deletions
--- a/configuration/nginx/ssl.nix
+++ b/configuration/nginx/ssl.nix
@ -64,5 +64,10 @@
        in
        ''${pkgs.runtimeShell} -c '${confirm}' '';
    };
+
+    sops.secrets = {
+      "porkbun/api-key".owner = "acme";
+      "porkbun/secret-api-key".owner = "acme";
+    };
  };
 }
--- a/configuration/services/backups.nix
+++ b/configuration/services/backups.nix
@ -265,5 +265,18 @@ in
      };
      groups.backup = { };
    };
+
+    sops.secrets = {
+      "restic/storagebox-backups" = {
+        owner = "root";
+        group = "backup";
+        mode = "0440";
+      };
+      "restic/storagebox-ssh-key" = {
+        owner = "backup";
+        group = "backup";
+        mode = "0040";
+      };
+    };
  };
 }
--- a/configuration/sops.nix
+++ b/configuration/sops.nix
@ -38,30 +38,12 @@
        group = "nextcloud";
      };

-      # Porkbub/ACME
-      "porkbun/api-key" = {
-        owner = "acme";
-      };
-      "porkbun/secret-api-key" = {
-        owner = "acme";
-      };
-
      # Restic
      "restic/local-backups" = {
        owner = "root";
        group = "backup";
        mode = "0440";
      };
-      "restic/storagebox-backups" = {
-        owner = "root";
-        group = "backup";
-        mode = "0440";
-      };
-      "restic/storagebox-ssh-key" = {
-        owner = "backup";
-        group = "backup";
-        mode = "0040";
-      };

      # Steam
      "steam/tlater" = { };