nixfiles/hosts/hetzner-vm/containers/storage/profiles/auto-secrets.nix

{
  pkgs,
  config,
  ...
}: let
  secrets = config.services.secrets.secrets;
in {
  systemd.services.auto-secrets = {
    wantedBy = ["multi-user.target"];
    after = ["network.target"];
    path = with pkgs; [bash vault-bin getent];
    script = let
      vault_username = "storage";
      vault_password_file = "${secrets.vault_password.path}";
    in ''
      VAULT_ADDR="https://vault.owo.monster" \
        vault login -no-print -method=userpass username=${vault_username} password=$(cat ${vault_password_file})
      /run/current-system/sw/bin/secrets-init
    '';
  };
}
moved storage host to a container inside hetzner-vm 2022-12-15 14:33:39 +00:00			`{`
			`pkgs,`
			`config,`
			`...`
			`}: let`
			`secrets = config.services.secrets.secrets;`
			`in {`
			`systemd.services.auto-secrets = {`
			`wantedBy = ["multi-user.target"];`
			`after = ["network.target"];`
add vaultui flake, minor tidying, start work on raspberry machine 2023-09-13 16:21:54 +01:00			`path = with pkgs; [bash vault-bin getent];`
moved storage host to a container inside hetzner-vm 2022-12-15 14:33:39 +00:00			`script = let`
			`vault_username = "storage";`
			`vault_password_file = "${secrets.vault_password.path}";`
			`in ''`
			`VAULT_ADDR="https://vault.owo.monster" \`
			`vault login -no-print -method=userpass username=${vault_username} password=$(cat ${vault_password_file})`
			`/run/current-system/sw/bin/secrets-init`
			`'';`
			`};`
			`}`