60 lines
1.8 KiB
Nix
60 lines
1.8 KiB
Nix
{...}: {
|
|
services.secrets = {
|
|
enable = true;
|
|
secrets = {
|
|
usb_encryption_passphrase = {manual = true;};
|
|
|
|
music_stream_password = {
|
|
user = 1000;
|
|
group = "users";
|
|
fetchScript = ''
|
|
simple_get "/api-keys/music-stream" .password > "$secretFile"
|
|
'';
|
|
};
|
|
|
|
# Required for home.apps.manual-backup-apps
|
|
gitlab_archiver_token = {
|
|
user = "chaos";
|
|
group = "users";
|
|
|
|
fetchScript = ''
|
|
simple_get "/api-keys/gitlab/gitlab_archiver" .token > "$secretFile"
|
|
'';
|
|
};
|
|
|
|
# Required for home.apps.manual-backup-apps
|
|
restic_music_env = {
|
|
user = "chaos";
|
|
group = "users";
|
|
|
|
fetchScript = ''
|
|
api_username=$(simple_get "/api-keys/storage/restic/Music" .username)
|
|
api_password=$(simple_get "/api-keys/storage/restic/Music" .password)
|
|
restic_password=$(simple_get "/private-public-keys/restic/Music" .password)
|
|
|
|
echo > "$secretFile"
|
|
echo "RESTIC_REPOSITORY=rest:https://''${api_username}:''${api_password}@storage-restic.owo.monster/Music" >> "$secretFile"
|
|
echo "RESTIC_PASSWORD=''${restic_password}" >> "$secretFile"
|
|
'';
|
|
};
|
|
|
|
# for internal wireguard VPN
|
|
wg_priv = {
|
|
fetchScript = ''
|
|
simple_get "/private-public-keys/wireguard/chaos-internal/lappy-t495" .private > "$secretFile"
|
|
'';
|
|
};
|
|
wg_preshared_hetzner-vm = {
|
|
fetchScript = ''
|
|
simple_get "/private-public-keys/wireguard/chaos-internal/lappy-t495" .preshared_keys.hetzner_vm > "$secretFile"
|
|
'';
|
|
};
|
|
wg_preshared_vault = {
|
|
fetchScript = ''
|
|
simple_get "/private-public-keys/wireguard/chaos-internal/lappy-t495" .preshared_keys.vault > "$secretFile"
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
}
|