chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity
nixfiles/hosts/hetzner-arm/containers/caldav/secrets.nix

59 lines
1.4 KiB
Nix
Raw Blame History

{pkgs, ...}: {
services.secrets = {
enable = true;
packages = with pkgs; [
apacheHttpd
];
vaultLogin = {
enable = true;
loginUsername = "hetzner-arm-container-caldav";
};
requiredVaultPaths = [
"api-keys/data/caldav"
"api-keys/data/backblaze/Chaos-Backups"
"private-public-keys/data/restic/CalDAV"
];
secrets = {
vault_password = {
manual = true;
};
radicale_htpasswd = {
user = "radicale";
group = "radicale";
fetchScript = ''
if [ -f "$secretFile" ]; then
rm "$secretFile"
fi
touch "$secretFile"
data=$(kv_get "/api-keys/caldav" | base64)
for username in $(echo "$data" | base64 -d | jq -r ".data.data | keys | .[]"); do
password=$(echo "$data" | base64 -d | jq -r ".data.data.\"$username\"")
htpasswd -bB "$secretFile" "$username" "$password" 2>/dev/null
done
'';
};
restic_password = {
fetchScript = ''
simple_get "/private-public-keys/restic/CalDAV" .password > "$secretFile"
'';
};
restic_env = {
fetchScript = ''
cat << EOF > "$secretFile"
AWS_ACCESS_KEY_ID=$(simple_get "/api-keys/backblaze/Chaos-Backups" .keyID)
AWS_SECRET_ACCESS_KEY=$(simple_get "/api-keys/backblaze/Chaos-Backups" .applicationKey)
EOF
'';
};
};
};
}
Reference in a new issue View git blame Copy permalink