clerie/nixfiles
1
0
Fork 0
Code Activity

secrets.nix: Remove age secrets management

Browse Source
This commit is contained in:
clerie
2024-05-10 16:23:41 +02:00
parent e094afc4a0
commit d0bd09896a
12 changed files with 9 additions and 203 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
modules/backup/default.nix
View File

@@ -23,12 +23,10 @@ let
backupServiceUnits = listToAttrs (map ({jobName, jobOptions, targetName, targetOptions}: let
jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else
if builtins.elem "clerie-backup-job-${jobName}" (attrNames config.sops.secrets) then config.sops.secrets."clerie-backup-job-${jobName}".path else
config.age.secrets."clerie-backup-job-${jobName}".path;
config.sops.secrets."clerie-backup-job-${jobName}".path;
repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;
targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else
if builtins.elem "clerie-backup-target-${targetName}" (attrNames config.sops.secrets) then config.sops.secrets."clerie-backup-target-${targetName}".path else
config.age.secrets."clerie-backup-target-${targetName}".path;
config.sops.secrets."clerie-backup-target-${targetName}".path;
targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;
in
nameValuePair "clerie-backup-${jobName}-${targetName}" {
@@ -73,12 +71,10 @@ let
backupCommands = map ({jobName, jobOptions, targetName, targetOptions}: let
jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else
if builtins.elem "clerie-backup-job-${jobName}" (attrNames config.sops.secrets) then config.sops.secrets."clerie-backup-job-${jobName}".path else
config.age.secrets."clerie-backup-job-${jobName}".path;
config.sops.secrets."clerie-backup-job-${jobName}".path;
repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;
targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else
if builtins.elem "clerie-backup-target-${targetName}" (attrNames config.sops.secrets) then config.sops.secrets."clerie-backup-target-${targetName}".path else
config.age.secrets."clerie-backup-target-${targetName}".path;
config.sops.secrets."clerie-backup-target-${targetName}".path;
targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;
in pkgs.writeShellApplication {
name = "clerie-backup-${jobName}-${targetName}";

3
modules/monitoring/default.nix
View File

@@ -55,8 +55,7 @@ in
}
];
privateKeyFile = if cfg.privateKeyFile != null then cfg.privateKeyFile else
if builtins.elem "wg-monitoring" (attrNames config.sops.secrets) then config.sops.secrets.wg-monitoring.path else
config.age.secrets.wg-monitoring.path;
config.sops.secrets.wg-monitoring.path;
};
};

3
modules/wg-clerie/default.nix
View File

@@ -66,8 +66,7 @@ in
networking.wireguard.interfaces = {
wg-clerie = {
privateKeyFile = if cfg.privateKeyFile != null then cfg.privateKeyFile else
if builtins.elem "wg-clerie" (attrNames config.sops.secrets) then config.sops.secrets.wg-clerie.path else
config.age.secrets.wg-clerie.path;
config.sops.secrets.wg-clerie.path;
ips = cfg.ipv6s ++ cfg.ipv4s;
table = "wg-clerie";
peers = [

2
modules/wireguard-initrd/default.nix
View File

@@ -98,7 +98,7 @@ in
'';
boot.initrd.secrets = {
"/var/src/secrets/wireguard/wg-initrd" = if cfg.privateKeyFile == null then config.age.secrets.wg-clerie.path else cfg.privateKeyFile;
"/var/src/secrets/wireguard/wg-initrd" = cfg.privateKeyFile;
};
};
}