nix-serve: port secrets to sops
This commit is contained in:
parent
e188db9344
commit
46b0f10b9d
|
@ -1,12 +1,15 @@
|
|||
# docs: https://nixos.wiki/wiki/Binary_Cache
|
||||
# to copy something to this machine's nix cache, do:
|
||||
# nix copy --to ssh://nixcache.uninsane.org PACKAGE
|
||||
{ secrets, ... }:
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
services.nix-serve = {
|
||||
enable = true;
|
||||
secretKeyFile = builtins.toFile "nix-serve-priv-key.pem" secrets.nix-serve.cache-priv-key;
|
||||
# "/var/cache-priv-key.pem";
|
||||
secretKeyFile = config.sops.secrets.nix_serve_privkey.path;
|
||||
};
|
||||
|
||||
sops.secrets.nix_serve_privkey = {
|
||||
sopsFile = ../../../secrets/uninsane.yaml;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -9,7 +9,4 @@
|
|||
|
||||
# keep this synchronized with the dovecot auth
|
||||
matrix-synapse.smtp_pass = "<REPLACEME>";
|
||||
|
||||
# generate with nix-store --generate-binary-cache-key nixcache.uninsane.org cache-priv-key.pem cache-pub-key.pem
|
||||
nix-serve.cache-priv-key = "<REPLACEME>";
|
||||
} // import ./local.nix
|
||||
|
|
|
@ -12,6 +12,9 @@ wg_ovpns_privkey: ENC[AES256_GCM,data:+SdnhsPyg6Vbl0itNLq4fBPONLBknkjFCr/4shTr2H
|
|||
#ENC[AES256_GCM,data:857w7AqbAbVTOKFLxKcMkcQjJ7EkHZFwBRwtCJFspOk8do2f,iv:bIrXzdrhRYk79ZV+JCdIw4UVxq11/tTZUDL6Bwf+NoE=,tag:igMRz5UPX//JrF9NGCOwHQ==,type:comment]
|
||||
#ENC[AES256_GCM,data:KzCOrdCiXHrVx+oGj2mz/+zkZ8eRRnFhHadx6FlXj8OXQDMvDkSPi6G2f6j5FE//G2F321mZCiMJ1Mf32tItGb0SxoEhyO9wxTesNn45hmA7M0z5HqTxACU=,iv:ksdz8j2fq1W/xnzu0y1JaIgbKzjiqj2KHCEYhkEKsrM=,tag:dbH/vy4JgL1eUeNpv7afSQ==,type:comment]
|
||||
dovecot_passwd: ENC[AES256_GCM,data:GsXT6PQjCibzyr5G4W3IOIRL4xBuYqFYHpRJOjS2TvXIlTSwVrHbx5Vw5wLHI0zN14rvYy5sycJvEMiCC1YPVphAYNm7VHdo97sUGLpjZ1BpUaJ2KBx77jErxbPrJUSpAroojQFtXFYA2t2bTpOSjZGH7UeyZoLckZtdDqXmnBDvirwVDPNaPv04RrhnqehGyh8EN+b2b5KAm99U9H1oyxIL6mAMJo6FtduVejiVqJB2sl/myI5fJ+bvwkW1CLRmVi0JdVHs4BlTQpi5Q8Kx2SMOH02TP+QDSHv/O8ROpbZ8m0oTk2YbgAG7U8K0t55j8jjWX/7OD4nMv485PgzAMINdzI46g9l9afzo,iv:8MqpUkRPpGJiuWtrdTJAIDXrKZMI73LcwzOiqVMWR88=,tag:+zXmEPV90loAMJtL/+v3vA==,type:str]
|
||||
#ENC[AES256_GCM,data:1zQ8X9W4ZGquYEjEsN8YNLhwBt6kaRCKYMjM8GiZbKzsaqwt/cFk+4cC85+QKWF0FNlX38Uba7bI2FvC8fTIO8eoZ5VymJ9Du3NcExE1976FSIze44FhtkSKQkm/vQw5cb2sPNKBGFLSNV/IpdPu,iv:xwv2+Fns0k2STkS760v9p1XZ5s2HAz3wLb8xyIOGTGA=,tag:OGtHxQgyWxGKtg5I9nJAag==,type:comment]
|
||||
nix_serve_privkey: ENC[AES256_GCM,data:JlLuslwyjKARo3Mo36SeRz6ctVuV+jzDMXACekaGs/UjP+Jm8PoxZsWjMcN+qq0tJB9xGMfi7TKHDi+XnK2k60h+7+yDyeqJQfjID6axMYmgxYUivq4CugutFVB27FmDPljUs2M7CRqe1IHrdjc=,iv:1iQVr9rP80hHCRSVD95KW7bpOWj3oZReJAvqa9TllJ8=,tag:6DDGtHF4suOyy2kcnqSDsQ==,type:str]
|
||||
#ENC[AES256_GCM,data:cyptbs4VfXY4P4+W5e2LRZOHkpqvWzn2JEpV80w8cIaQ0lTZa/Hg7IwDNQcsYobmBFO2yLrKawHDKlDos2fMy0KgIhUrw4f8WksxdC06oMqS0mDtgA==,iv:StB34bvA8GWR+7nwOOpsiJ3yqGgeSg5frAgRMhff8nw=,tag:b1LYFzII2Ik1nmGXxgMZuw==,type:comment]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -45,8 +48,8 @@ sops:
|
|||
U0ZlOUljcE9BL1lhcmIrVVl6eFdTUmMKBHmv96FmkL/oQw9//ATfem6HtORRjcce
|
||||
xJNwnsdrEqrBS3sG6xDkmJYOjaFrg1pwxYZRG87zeLShgkXkMNvz2A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-06-08T22:19:57Z"
|
||||
mac: ENC[AES256_GCM,data:is+X0WOPSehNSjHzMInBtn0Sjzv11SDWL+JMc5Pj0i0GsM8ogSlpPCEsi0HiTMSnEZIvMQf83WRe7oRymUDPdmkz0XRGTBYuLGAd/IOMKEeKe8L8+kDeiWu6d9XgA5TaNxEdj0xUYZ4sC/PZo0pG/NuzMOeTtzK8WFOTy69R+oM=,iv:LnHLL0sucI0NeQu9waHV23/HHZCbk2kTXYq0sPC1n0o=,tag:abLJvbCZeYHl8/2rb/aVGA==,type:str]
|
||||
lastmodified: "2022-06-08T23:22:55Z"
|
||||
mac: ENC[AES256_GCM,data:jFaqskot1Zft5qKoJpaz/0sDSDldw7wIJi4DuUapgVLKKhTxb+gu8FM77bF8yxLqDdAWD2rOQFakFohPFeSLoKXRtVsJi5nrl8dPXdSmcbw7fvaFpeGVY3mX9EoSXyh7aS1lwllvpg0A4bXWaj6VfNbb3NIyXzuGpioVjY5PgXo=,iv:dmGSTtHeCyjQHkaM7oO9WhZSWwSXL2UD5HXm4PMMYsA=,tag:8qyb6RiYj77Hz614t/qGCg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
|
Loading…
Reference in New Issue
Block a user