29 lines
562 B
Nix
29 lines
562 B
Nix
{...}: {
|
|
services.secrets = {
|
|
enable = true;
|
|
|
|
vaultLogin = {
|
|
enable = true;
|
|
loginUsername = "raspberry";
|
|
};
|
|
|
|
autoSecrets = {
|
|
enable = true;
|
|
affectedSystemdServices = ["wg-quick-wg0"];
|
|
};
|
|
|
|
# some are also added from wireguard internal config
|
|
requiredVaultPaths = [
|
|
"private-public-keys/data/cryptsetup/raspberry-ext-drive" # used dynamically
|
|
|
|
"api-keys/data/hetzner/storagebox" # also used dynamically
|
|
];
|
|
|
|
secrets = {
|
|
vault_password = {
|
|
manual = true;
|
|
};
|
|
};
|
|
};
|
|
}
|