Move shared secrets definition to private submodule

This commit is contained in:
Fabian Hauser 2025-03-25 16:20:33 +02:00
parent 6734f07711
commit a990c33299
5 changed files with 6 additions and 18 deletions

View file

@ -41,7 +41,7 @@ git clone --recurse-submodules https://git.qo.is/qo.is/infrastructure.git
``` ```
Secrets are stored in `private/passwords.sops.yaml` (sysadmin passwords), Secrets are stored in `private/passwords.sops.yaml` (sysadmin passwords),
`private/nixos-configurations/secrets.sops.yaml` (shared secrets for all hosts) and `private/nixos-modules/shared-secrets/default.sops.yaml` (shared secrets for all hosts) and
`private/nixos-configurations/<hostname>/secrets.sops.yaml` (host specific secrets). `private/nixos-configurations/<hostname>/secrets.sops.yaml` (host specific secrets).
To modify secrets: To modify secrets:

8
flake.lock generated
View file

@ -170,11 +170,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742910348, "lastModified": 1742912471,
"narHash": "sha256-ChpGvxY5QN7otvTx4JknqIfDnnmWYHfHSVYvYG+ZJg8=", "narHash": "sha256-9d/7MRpDJMEguLyOnm6iuMObDc+uq09KdHJO3z8573U=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "f789cff29517e0240525f5a9f2007dbec3ae48e7", "rev": "95d25445a04f04e74266fb17412b78fc983023bd",
"revCount": 13, "revCount": 14,
"type": "git", "type": "git",
"url": "file:./private" "url": "file:./private"
}, },

View file

@ -11,7 +11,6 @@
./overlays.nix ./overlays.nix
./physical.nix ./physical.nix
./security.nix ./security.nix
./secrets.nix
./virtual-machine.nix ./virtual-machine.nix
]; ];

View file

@ -1,11 +0,0 @@
{ inputs, ... }:
{
sops.secrets =
let
allHostsSecretsFile = "${inputs.private}/nixos-configurations/secrets.sops.yaml";
in
{
"msmtp/password".sopsFile = allHostsSecretsFile;
"wgautomesh/gossip-secret".sopsFile = allHostsSecretsFile;
};
}

@ -1 +1 @@
Subproject commit f789cff29517e0240525f5a9f2007dbec3ae48e7 Subproject commit 95d25445a04f04e74266fb17412b78fc983023bd