From 4b51890e0ab213f95b1903b68058f986f7d9a777 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Fri, 14 Nov 2025 10:54:51 +0800 Subject: [PATCH] refactor(sops): Move secret definitions to specific modules --- configuration/nginx/ssl.nix | 5 +++++ configuration/services/backups.nix | 13 +++++++++++++ configuration/sops.nix | 18 ------------------ 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/configuration/nginx/ssl.nix b/configuration/nginx/ssl.nix index 4cea508..7abc38e 100644 --- a/configuration/nginx/ssl.nix +++ b/configuration/nginx/ssl.nix @@ -64,5 +64,10 @@ in ''${pkgs.runtimeShell} -c '${confirm}' ''; }; + + sops.secrets = { + "porkbun/api-key".owner = "acme"; + "porkbun/secret-api-key".owner = "acme"; + }; }; } diff --git a/configuration/services/backups.nix b/configuration/services/backups.nix index 688f5f9..0ae8abf 100644 --- a/configuration/services/backups.nix +++ b/configuration/services/backups.nix @@ -265,5 +265,18 @@ in }; groups.backup = { }; }; + + sops.secrets = { + "restic/storagebox-backups" = { + owner = "root"; + group = "backup"; + mode = "0440"; + }; + "restic/storagebox-ssh-key" = { + owner = "backup"; + group = "backup"; + mode = "0040"; + }; + }; }; } diff --git a/configuration/sops.nix b/configuration/sops.nix index 0337438..a5b19f6 100644 --- a/configuration/sops.nix +++ b/configuration/sops.nix @@ -38,30 +38,12 @@ group = "nextcloud"; }; - # Porkbub/ACME - "porkbun/api-key" = { - owner = "acme"; - }; - "porkbun/secret-api-key" = { - owner = "acme"; - }; - # Restic "restic/local-backups" = { owner = "root"; group = "backup"; mode = "0440"; }; - "restic/storagebox-backups" = { - owner = "root"; - group = "backup"; - mode = "0440"; - }; - "restic/storagebox-ssh-key" = { - owner = "backup"; - group = "backup"; - mode = "0040"; - }; # Steam "steam/tlater" = { };