tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 8 Pull requests Activity

refactor(sops): Move secret definitions to specific modules

Browse source
This commit is contained in:
Tristan Daniël Maat 2025-11-14 10:54:51 +08:00
parent 86e3ea7716
commit 4b51890e0a
Signed by: tlater
GPG key ID: 02E935006CF2E8E7
3 changed files with 18 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

5
configuration/nginx/ssl.nix
View file

@ -64,5 +64,10 @@
in in
''${pkgs.runtimeShell} -c '${confirm}' ''; ''${pkgs.runtimeShell} -c '${confirm}' '';
}; };
sops.secrets = {
"porkbun/api-key".owner = "acme";
"porkbun/secret-api-key".owner = "acme";
};
}; };
} }

13
configuration/services/backups.nix
View file

@ -265,5 +265,18 @@ in
}; };
groups.backup = { }; groups.backup = { };
}; };
sops.secrets = {
"restic/storagebox-backups" = {
owner = "root";
group = "backup";
mode = "0440";
};
"restic/storagebox-ssh-key" = {
owner = "backup";
group = "backup";
mode = "0040";
};
};
}; };
} }

18
configuration/sops.nix
View file

@ -38,30 +38,12 @@
group = "nextcloud"; group = "nextcloud";
}; };
# Porkbub/ACME
"porkbun/api-key" = {
owner = "acme";
};
"porkbun/secret-api-key" = {
owner = "acme";
};
# Restic # Restic
"restic/local-backups" = { "restic/local-backups" = {
owner = "root"; owner = "root";
group = "backup"; group = "backup";
mode = "0440"; mode = "0440";
}; };
"restic/storagebox-backups" = {
owner = "root";
group = "backup";
mode = "0440";
};
"restic/storagebox-ssh-key" = {
owner = "backup";
group = "backup";
mode = "0040";
};
# Steam # Steam
"steam/tlater" = { }; "steam/tlater" = { };