cluster/services/storage: use locksmith secrets for external storage
This commit is contained in:
parent
2d371d3815
commit
967c31fe42
3 changed files with 5 additions and 13 deletions
|
@ -95,7 +95,10 @@ in
|
|||
};
|
||||
|
||||
garage = {
|
||||
keys.storage-prophet = {};
|
||||
keys.storage-prophet.locksmith = {
|
||||
nodes = [ "prophet" ];
|
||||
format = "s3ql";
|
||||
};
|
||||
buckets.storage-prophet = {
|
||||
allow.storage-prophet = [ "read" "write" ];
|
||||
};
|
||||
|
|
|
@ -8,7 +8,7 @@ in
|
|||
services.external-storage = {
|
||||
fileSystems.external = {
|
||||
mountpoint = "/srv/storage";
|
||||
authFile = ./secrets/external-storage-auth-${hostName}.age;
|
||||
locksmithSecret = "garage-storage-${hostName}";
|
||||
backend = "s3c4://${cluster.config.links.garageS3.hostname}/storage-${hostName}";
|
||||
backendOptions = [ "disable-expect100" ];
|
||||
};
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 NO562A tC8lfwNJIXjVJImBq25v/NGIQ1Ns24NpCzksbw/eb3w
|
||||
2hQltUYSO2Gpjd+49IQR1UJOhy33xWvNH6dx+uGDvFA
|
||||
-> ssh-ed25519 5/zT0w dapxQ/VV0peQKMwghQJ91wQVahYOqxw2QrXqQCau82c
|
||||
0DnIF5ISoB5htYA3X5DSTgLJXLSkqjz1O0CMcmnnrjQ
|
||||
-> ssh-ed25519 YIaSKQ ehv+WWCLC/co9lhpa+cAdqJUG33L/Vkn6lUXOwNRV2w
|
||||
LEobbvvpq6lPNbzasGeXf9NabN150ZVe5n5OJNgbyD4
|
||||
--- FrT2CFmuWQ+vKGbBY2pGT90Mu8WzXfpbIAzYdR3Vb2w
|
||||
™ªg¬NÑ8´¨\K!p
«ï…7ù¶›käõ¯#ŒÏu›µ*{}Tþ0·|@ÉÿàE>z„'-RxK¸zB£ÿä©n*0¢÷~OVû®4¦qûÁ]^(ìì>-‡3ÌÙe0aí<61>¥ì.oòÙC)†‡4g¶ð»7NzÉ”ºnÒÃî®Mª†x6àöãö×'[Ô6ãw?ÿª€ãi=†vèEJˆB
|
||||
µÿÂ9gÏi"Q
–ÿ
|
||||
™›Ù®à
|
Loading…
Reference in a new issue