thohlt/nixos-config
1
0
Fork 0
mirror of https://github.com/thiloho/nixos-config.git synced 2025-11-22 11:31:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Utilise Agenix for secret management

Browse Source
This commit is contained in:
thiloho
2023-11-01 00:09:25 +01:00
parent 45c6fbcea4
commit 358f84a1d1
6 changed files with 37 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
flake.lock generated
View File

@@ -112,11 +112,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1698250431, "lastModified": 1698670511,
"narHash": "sha256-qs2gTeH4wpnWPO6Oi6sOhp2IhG0i0DzcnrJxIY3/CP8=", "narHash": "sha256-jQIu3UhBMPHXzVkHQO1O2gg8SVo5lqAVoC6mOaLQcLQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "09587fbbc6a669f7725613e044c2577dc5d43ab5", "rev": "8e5416b478e465985eec274bc3a018024435c106",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -143,11 +143,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1698134075, "lastModified": 1698611440,
"narHash": "sha256-foCD+nuKzfh49bIoiCBur4+Fx1nozo+4C/6k8BYk4sg=", "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8efd5d1e283604f75a808a20e6cde0ef313d07d4", "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735",
"type": "github" "type": "github"
}, },
"original": { "original": {

7
nixos-configurations/server/default.nix
View File

@@ -1,4 +1,4 @@
{ inputs, pkgs, ... }: { inputs, pkgs, config, ... }:
{ {
imports = [ imports = [
@@ -9,6 +9,8 @@
nix.settings.trusted-users = [ "thiloho" ]; nix.settings.trusted-users = [ "thiloho" ];
age.secrets.hedgedoc-environment-file.file = ../../secrets/hedgedoc-environment-file.age;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
nodejs_20 nodejs_20
]; ];
@@ -93,7 +95,7 @@
allowEmailRegister = false; allowEmailRegister = false;
email = false; email = false;
}; };
environmentFile = "/var/lib/hedgedoc/hedgedoc.env"; environmentFile = config.age.secrets.hedgedoc-environment-file.path;
}; };
postgresql = { postgresql = {
enable = true; enable = true;
@@ -147,7 +149,6 @@
home-manager.users.thiloho = { pkgs, lib, ... }: { home-manager.users.thiloho = { pkgs, lib, ... }: {
home = { home = {
stateVersion = "23.05"; stateVersion = "23.05";
packages = [ inputs.agenix.packages."x86_64-linux".default ];
}; };
}; };
system.stateVersion = "23.05"; system.stateVersion = "23.05";

3
nixos-configurations/shared.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ... }: { inputs, pkgs, ... }:
{ {
boot = { boot = {
@@ -41,5 +41,6 @@
settings.theme = "ayu_dark"; settings.theme = "ayu_dark";
}; };
}; };
home.packages = [ inputs.agenix.packages."x86_64-linux".default ];
}; };
} }

9
secrets/discord-bot-token.age Normal file
View File

@@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 owVgDA GIWZXYxMprQgnKyf6eHbmdAbm2BQ8qmXcNOCx6xACAM
KxoFMCq6BqOW0ZL+mPz084AsrJiYwd65TQbT3lm5C7Q
-> ssh-ed25519 dRl0SQ 0lwzyhATdftLsGB+9yk3MWIjROdVDNiXUZ3zlSGMtXQ
C1PQpcq6mftSr9nWP7wteHQnK4/jNEzWBDPrVdlYg5Q
-> H\-grease ika_t} ('9'r F[ z6"b$
FjkIPhH4Cd1a
--- ERGBSp2uqfpO5fYXK8QfCmM6MOb2oGJ/PchtAV4INdA
7<EFBFBD><EFBFBD><1E>><3E>q<EFBFBD><02> bk<><6B><EFBFBD>q>$<24><>[<5B><<<+뺣w <0B><><18>rt<72>;u<>_R<08><>(<28><>0za.<2E>ɼ<7F><C9BC><EFBFBD>4f<34>,<2C>y<EFBFBD>kk<6B>7<EFBFBD><37><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><C4BC><EFBFBD>5<EFBFBD>ߋޮW<DEAE>7!

12
secrets/hedgedoc-environment-file.age Normal file
View File

@@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 owVgDA DHtVqT+j5nA9m0rjCHkipHlwubKbpJT67M+01uoUwjw
3wYaa6cLvxMLtOEnplSQKUhG17NJc/okijfjfAjSDoo
-> ssh-ed25519 dRl0SQ LnEnUGEQcjePdVdnERB77IFCmVXiio1G21/PStdOz38
kutyH8M+aDP+FbLvspsq253b8CmjMNGf4IjS8Wn3oIM
-> ,v2y-grease w_I$#z,I
dUd0PGzi1W34mBbAeuTssZkrTzdLUMDuk/N1OeDNitZkwpphJ999ZSgRRAgU7+nX
teshu7G0l5dAv8L/1Orso1zFj14DeDGWlQa/MOsFKO1cEntb1SIUHcQBWN0jpICE
qJ+y
--- /p24yOUx4CNTSq/1sdYPbFo5/knQeVk37A6fZva0n3c
<EFBFBD>|J9*<2A>vb<62><7F>hFU@<40><>0<EFBFBD><30><EFBFBD>6<EFBFBD><36>]}j<><6A><EFBFBD><05>[Ǘn<C797>i=5Zi<5A>@<40>V
<EFBFBD>z<EFBFBD><EFBFBD><EFBFBD>;k<05><17><>Q<EFBFBD>F<>ԗ8<D497><38><EFBFBD><EFBFBD><EFBFBD><11>"<22>Dj<44>dGFs n><3E><>z<EFBFBD><7A> Ē<><C492><EFBFBD>MT<4D><0F><><EFBFBD><EFBFBD><EFBFBD>W<EFBFBD><57><1E>,l<05><16>#<23><><15><>b<EFBFBD>ti#<23><>

7
secrets/secrets.nix
View File

@@ -1,7 +1,8 @@
let let
server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHzBBw5pNpuCg1e9cJcQfcxKuTFZ0cleMkEiRZDxE+qQ thiloho@server"; server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN82ukcaWQZcihgh+n0h+ihwTafm64SO1wngibOA6Vro root@server";
pc = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkvr+vT7Ik0fjquxb9xQBfVVWJPgrfC+vJZsyG2V+/G thiloho@pc";
in in
{ {
"hedgedoc-environment-file.age".publicKeys = [ server ]; "hedgedoc-environment-file.age".publicKeys = [ server pc ];
"discord-bot-token.age".publicKeys = [ server ]; "discord-bot-token.age".publicKeys = [ server pc ];
} }