Move shared secrets definition to private submodule
This commit is contained in:
parent
6734f07711
commit
a990c33299
5 changed files with 6 additions and 18 deletions
|
@ -41,7 +41,7 @@ git clone --recurse-submodules https://git.qo.is/qo.is/infrastructure.git
|
|||
```
|
||||
|
||||
Secrets are stored in `private/passwords.sops.yaml` (sysadmin passwords),
|
||||
`private/nixos-configurations/secrets.sops.yaml` (shared secrets for all hosts) and
|
||||
`private/nixos-modules/shared-secrets/default.sops.yaml` (shared secrets for all hosts) and
|
||||
`private/nixos-configurations/<hostname>/secrets.sops.yaml` (host specific secrets).
|
||||
|
||||
To modify secrets:
|
||||
|
|
8
flake.lock
generated
8
flake.lock
generated
|
@ -170,11 +170,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1742910348,
|
||||
"narHash": "sha256-ChpGvxY5QN7otvTx4JknqIfDnnmWYHfHSVYvYG+ZJg8=",
|
||||
"lastModified": 1742912471,
|
||||
"narHash": "sha256-9d/7MRpDJMEguLyOnm6iuMObDc+uq09KdHJO3z8573U=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "f789cff29517e0240525f5a9f2007dbec3ae48e7",
|
||||
"revCount": 13,
|
||||
"rev": "95d25445a04f04e74266fb17412b78fc983023bd",
|
||||
"revCount": 14,
|
||||
"type": "git",
|
||||
"url": "file:./private"
|
||||
},
|
||||
|
|
|
@ -11,7 +11,6 @@
|
|||
./overlays.nix
|
||||
./physical.nix
|
||||
./security.nix
|
||||
./secrets.nix
|
||||
./virtual-machine.nix
|
||||
];
|
||||
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
{ inputs, ... }:
|
||||
{
|
||||
sops.secrets =
|
||||
let
|
||||
allHostsSecretsFile = "${inputs.private}/nixos-configurations/secrets.sops.yaml";
|
||||
in
|
||||
{
|
||||
"msmtp/password".sopsFile = allHostsSecretsFile;
|
||||
"wgautomesh/gossip-secret".sopsFile = allHostsSecretsFile;
|
||||
};
|
||||
}
|
2
private
2
private
|
@ -1 +1 @@
|
|||
Subproject commit f789cff29517e0240525f5a9f2007dbec3ae48e7
|
||||
Subproject commit 95d25445a04f04e74266fb17412b78fc983023bd
|
Loading…
Add table
Reference in a new issue