66 lines
1.2 KiB
Nix
66 lines
1.2 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
# Configure all agenix secrets
|
|
age.secrets = {
|
|
# ZFS encryption key
|
|
zfs-key = {
|
|
file = ./secrets/zfs-key.age;
|
|
mode = "0400";
|
|
owner = "root";
|
|
group = "root";
|
|
};
|
|
|
|
# Secureboot keys archive
|
|
secureboot-tar = {
|
|
file = ./secrets/secureboot.tar.age;
|
|
mode = "0400";
|
|
owner = "root";
|
|
group = "root";
|
|
};
|
|
|
|
# System passwords
|
|
hashedPass = {
|
|
file = ./secrets/hashedPass.age;
|
|
mode = "0400";
|
|
owner = "root";
|
|
group = "root";
|
|
};
|
|
|
|
# Service authentication
|
|
caddy_auth = {
|
|
file = ./secrets/caddy_auth.age;
|
|
mode = "0400";
|
|
owner = "caddy";
|
|
group = "caddy";
|
|
};
|
|
|
|
# TODO! fix permissions
|
|
jellyfin-api-key = {
|
|
file = ./secrets/jellyfin-api-key.age;
|
|
mode = "0444";
|
|
owner = "root";
|
|
group = "root";
|
|
};
|
|
|
|
slskd_env = {
|
|
file = ./secrets/slskd_env.age;
|
|
mode = "0400";
|
|
owner = "root";
|
|
group = "root";
|
|
};
|
|
|
|
# Network configuration
|
|
wg0-conf = {
|
|
file = ./secrets/wg0.conf.age;
|
|
mode = "0400";
|
|
owner = "root";
|
|
group = "root";
|
|
};
|
|
};
|
|
}
|