foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-02-07 12:19:07 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

hosts/plover: refactor secrets owner

Browse Source
This commit is contained in:
Gabriel Arazas 2023-01-17 16:55:25 +08:00
parent 58d5c8c15c
commit effdc8d927
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
hosts/plover/default.nix
View File

@ -76,24 +76,25 @@ in
((getKey secret) // config))
secrets;
giteaUserGroup = config.users.users."${config.services.gitea.user}".group;
giteaUser = config.users.users."${config.services.gitea.user}".name;
portunusUser = config.users.users."${config.services.portunus.user}".name;
# It is hardcoded but as long as the module is stable that way.
vaultwardenUserGroup = config.users.groups.vaultwarden.name;
postgresUserGroup = config.users.groups.postgres.name;
vaultwardenUser = config.users.groups.vaultwarden.name;
postgresUser = config.users.groups.postgres.name;
in
getSecrets {
"ssh-key" = { };
"lego/env" = { };
"gitea/db/password".owner = giteaUserGroup;
"gitea/smtp/password".owner = giteaUserGroup;
"vaultwarden/env".owner = vaultwardenUserGroup;
"gitea/db/password".owner = giteaUser;
"gitea/smtp/password".owner = giteaUser;
"vaultwarden/env".owner = vaultwardenUser;
"borg/repos/host/patterns/keys" = { };
"borg/repos/host/password" = { };
"borg/repos/services/password" = { };
"borg/ssh-key" = { };
"keycloak/db/password".owner = postgresUserGroup;
"ldap/users/foodogsquared/password".owner = config.services.portunus.user;
"keycloak/db/password".owner = postgresUser;
"ldap/users/foodogsquared/password".owner = portunusUser;
"wireguard/private-key" = {
group = config.users.users.systemd-network.group;
reloadUnits = [ "systemd-networkd.service" ];