nixfiles/hosts/lappy-t495/secrets.nix

{...}: {
  services.secrets = {
    enable = true;
    secrets = {
      usb_encryption_passphrase = {
        manual = true;
      };

      music_stream_password = {
        user = "chaos";
        group = "users";
        fetchScript = ''
          simple_get "/api-keys/music-stream" .password > "$secretFile"
        '';
      };

      # Required for home.apps.manualBackupApps
      restic_music_env = {
        user = "chaos";
        fetchScript = ''
          api_username=restic
          api_password=$(simple_get "/api-keys/storage/restic/Music" ".$api_username")
          restic_password=$(simple_get "/private-public-keys/restic/Music" .password)

          echo > "$secretFile"
          echo "RESTIC_REPOSITORY=rest:https://$api_username:$api_password@storage-restic.owo.monster/Music" >> "$secretFile"
          echo "RESTIC_PASSWORD=''${restic_password}" >> "$secretFile"
        '';
      };

      restic_backups_password = {
        fetchScript = ''
          simple_get "/private-public-keys/restic/Lappy-T495" .password >> "$secretFile"
        '';
      };
      restic_backups_repository_file = {
        fetchScript = ''
          api_username=restic
          api_password=$(simple_get "/api-keys/storage/restic/Lappy-T495" ".$api_username")

          echo "rest:https://$api_username:$api_password@storage-restic.owo.monster/Lappy-T495" > "$secretFile"
        '';
      };
    };
  };
}
added new host lappy-t495 2023-07-21 11:48:07 +01:00			`{...}: {`
			`services.secrets = {`
			`enable = true;`
			`secrets = {`
add remaining devices to chaosInternalWireguard and fix partOf behaviour 2023-09-18 15:40:33 +01:00			`usb_encryption_passphrase = {`
			`manual = true;`
			`};`
add more home folders, enhance manual-backup-apps, add toot-cli, remove harry-vpn 2023-08-01 18:48:59 +01:00
added new host lappy-t495 2023-07-21 11:48:07 +01:00			`music_stream_password = {`
migrate hetzner-vm to hetzner-arm; piped currently dead 2023-09-21 05:06:27 +01:00			`user = "chaos";`
added new host lappy-t495 2023-07-21 11:48:07 +01:00			`group = "users";`
			`fetchScript = ''`
allow generating secrets init scripts outside of module, run deadnix&formatter, update state versions 2023-09-11 23:22:18 +01:00			`simple_get "/api-keys/music-stream" .password > "$secretFile"`
added new host lappy-t495 2023-07-21 11:48:07 +01:00			`'';`
			`};`
add more home folders, enhance manual-backup-apps, add toot-cli, remove harry-vpn 2023-08-01 18:48:59 +01:00
more work on piped stuff 2023-09-19 17:53:44 +01:00			`# Required for home.apps.manualBackupApps`
add more home folders, enhance manual-backup-apps, add toot-cli, remove harry-vpn 2023-08-01 18:48:59 +01:00			`restic_music_env = {`
			`user = "chaos";`
			`fetchScript = ''`
add caldav/carddav server & redo some htpasswd stuff 2023-10-10 22:22:54 +01:00			`api_username=restic`
			`api_password=$(simple_get "/api-keys/storage/restic/Music" ".$api_username")`
add more home folders, enhance manual-backup-apps, add toot-cli, remove harry-vpn 2023-08-01 18:48:59 +01:00			`restic_password=$(simple_get "/private-public-keys/restic/Music" .password)`

allow generating secrets init scripts outside of module, run deadnix&formatter, update state versions 2023-09-11 23:22:18 +01:00			`echo > "$secretFile"`
add caldav/carddav server & redo some htpasswd stuff 2023-10-10 22:22:54 +01:00			`echo "RESTIC_REPOSITORY=rest:https://$api_username:$api_password@storage-restic.owo.monster/Music" >> "$secretFile"`
allow generating secrets init scripts outside of module, run deadnix&formatter, update state versions 2023-09-11 23:22:18 +01:00			`echo "RESTIC_PASSWORD=''${restic_password}" >> "$secretFile"`
add more home folders, enhance manual-backup-apps, add toot-cli, remove harry-vpn 2023-08-01 18:48:59 +01:00			`'';`
			`};`
Add backups for Lappy-T495 2024-03-10 17:17:05 +00:00
			`restic_backups_password = {`
			`fetchScript = ''`
			`simple_get "/private-public-keys/restic/Lappy-T495" .password >> "$secretFile"`
			`'';`
			`};`
			`restic_backups_repository_file = {`
			`fetchScript = ''`
			`api_username=restic`
			`api_password=$(simple_get "/api-keys/storage/restic/Lappy-T495" ".$api_username")`

			`echo "rest:https://$api_username:$api_password@storage-restic.owo.monster/Lappy-T495" > "$secretFile"`
			`'';`
			`};`
added new host lappy-t495 2023-07-21 11:48:07 +01:00			`};`
			`};`
			`}`