nixfiles/hosts/tablet/secrets.nix

{...}: {
  services.secrets = {
    enable = true;
    secrets = {
      usb_encryption_passphrase = {manual = true;};
      music_stream_password = {
        user = "chaos";
        group = "users";
        fetchScript = ''
          simple_get "/api-keys/music-stream" .password > $secretFile
        '';
      };
      wg_priv = {
        fetchScript = ''
          simple_get "/private-public-keys/wireguard/chaos-internal/tablet" .private > $secretFile
        '';
      };
      wg_preshared_hetzner-vm = {
        fetchScript = ''
          simple_get "/private-public-keys/wireguard/chaos-internal/tablet" .preshared_keys.hetzner_vm > $secretFile
        '';
      };
      wg_preshared_vault = {
        fetchScript = ''
          simple_get "/private-public-keys/wireguard/chaos-internal/tablet" .preshared_keys.vault > $secretFile
        '';
      };
      wg_preshared_storage = {
        fetchScript = ''
          simple_get "/private-public-keys/wireguard/chaos-internal/tablet" .preshared_keys.storage > $secretFile
        '';
      };
      wg_harry_priv = {
        fetchScript = ''
          simple_get "/private-public-keys/wireguard/harry/tablet" .private > $secretFile
        '';
      };
      wg_harry_preshared = {
        fetchScript = ''
          simple_get "/private-public-keys/wireguard/harry/tablet" .preshared_keys.main > $secretFile
        '';
      };
    };
  };
}
run deadnix on nixfiles 2022-12-04 16:10:00 +00:00			`{...}: {`
stuff & possibly things, maybe a shenanigan or two idk 2022-11-17 22:25:41 +00:00			`services.secrets = {`
			`enable = true;`
			`secrets = {`
tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`usb_encryption_passphrase = {manual = true;};`
stuff & possibly things, maybe a shenanigan or two idk 2022-11-17 22:25:41 +00:00			`music_stream_password = {`
			`user = "chaos";`
			`group = "users";`
			`fetchScript = ''`
			`simple_get "/api-keys/music-stream" .password > $secretFile`
			`'';`
			`};`
			`wg_priv = {`
			`fetchScript = ''`
			`simple_get "/private-public-keys/wireguard/chaos-internal/tablet" .private > $secretFile`
			`'';`
			`};`
			`wg_preshared_hetzner-vm = {`
			`fetchScript = ''`
			`simple_get "/private-public-keys/wireguard/chaos-internal/tablet" .preshared_keys.hetzner_vm > $secretFile`
			`'';`
			`};`
			`wg_preshared_vault = {`
			`fetchScript = ''`
			`simple_get "/private-public-keys/wireguard/chaos-internal/tablet" .preshared_keys.vault > $secretFile`
			`'';`
			`};`
			`wg_preshared_storage = {`
			`fetchScript = ''`
			`simple_get "/private-public-keys/wireguard/chaos-internal/tablet" .preshared_keys.storage > $secretFile`
			`'';`
			`};`
			`wg_harry_priv = {`
			`fetchScript = ''`
			`simple_get "/private-public-keys/wireguard/harry/tablet" .private > $secretFile`
			`'';`
			`};`
			`wg_harry_preshared = {`
			`fetchScript = ''`
			`simple_get "/private-public-keys/wireguard/harry/tablet" .preshared_keys.main > $secretFile`
			`'';`
			`};`
			`};`
			`};`
initial work on wireguard mess 2022-11-11 20:53:17 +00:00			`}`