57 lines
1 KiB
Nix
57 lines
1 KiB
Nix
{
|
|
sops = {
|
|
defaultSopsFile = ../keys/production.yaml;
|
|
|
|
secrets = {
|
|
# Grafana
|
|
"grafana/adminPassword" = {
|
|
owner = "grafana";
|
|
group = "grafana";
|
|
};
|
|
"grafana/secretKey" = {
|
|
owner = "grafana";
|
|
group = "grafana";
|
|
};
|
|
|
|
# Heisenbridge
|
|
"heisenbridge/as-token" = {};
|
|
"heisenbridge/hs-token" = {};
|
|
|
|
# Nextcloud
|
|
"nextcloud/tlater" = {
|
|
owner = "nextcloud";
|
|
group = "nextcloud";
|
|
};
|
|
|
|
# Restic
|
|
"restic/local-backups" = {
|
|
owner = "root";
|
|
group = "backup";
|
|
mode = "0440";
|
|
};
|
|
|
|
# Steam
|
|
"steam/tlater" = {};
|
|
|
|
# Turn
|
|
"turn/env" = {};
|
|
"turn/secret" = {
|
|
owner = "turnserver";
|
|
};
|
|
"turn/ssl-key" = {
|
|
owner = "turnserver";
|
|
};
|
|
"turn/ssl-cert" = {
|
|
owner = "turnserver";
|
|
};
|
|
|
|
# Wireguard
|
|
"wireguard/server-key" = {
|
|
owner = "root";
|
|
group = "systemd-network";
|
|
mode = "0440";
|
|
};
|
|
};
|
|
};
|
|
}
|