cluster/services/storage: use locksmith secrets for external storage

This commit is contained in:
Max Headroom 2024-08-04 23:45:29 +02:00
parent 2d371d3815
commit 967c31fe42
3 changed files with 5 additions and 13 deletions

View file

@ -95,7 +95,10 @@ in
};
garage = {
keys.storage-prophet = {};
keys.storage-prophet.locksmith = {
nodes = [ "prophet" ];
format = "s3ql";
};
buckets.storage-prophet = {
allow.storage-prophet = [ "read" "write" ];
};

View file

@ -8,7 +8,7 @@ in
services.external-storage = {
fileSystems.external = {
mountpoint = "/srv/storage";
authFile = ./secrets/external-storage-auth-${hostName}.age;
locksmithSecret = "garage-storage-${hostName}";
backend = "s3c4://${cluster.config.links.garageS3.hostname}/storage-${hostName}";
backendOptions = [ "disable-expect100" ];
};

View file

@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A tC8lfwNJIXjVJImBq25v/NGIQ1Ns24NpCzksbw/eb3w
2hQltUYSO2Gpjd+49IQR1UJOhy33xWvNH6dx+uGDvFA
-> ssh-ed25519 5/zT0w dapxQ/VV0peQKMwghQJ91wQVahYOqxw2QrXqQCau82c
0DnIF5ISoB5htYA3X5DSTgLJXLSkqjz1O0CMcmnnrjQ
-> ssh-ed25519 YIaSKQ ehv+WWCLC/co9lhpa+cAdqJUG33L/Vkn6lUXOwNRV2w
LEobbvvpq6lPNbzasGeXf9NabN150ZVe5n5OJNgbyD4
--- FrT2CFmuWQ+vKGbBY2pGT90Mu8WzXfpbIAzYdR3Vb2w
™ªg¬NÑ 8´¨\K!p «ï…7ù¶käõ¯#ŒÏuµ*{}Tþ0·|@Éÿà E>z„'-RxK¸zB£ÿä©n*0¢÷~OVû®4¦qûÁ]^(ìì>-‡3ÌÙe0aí<61>¥ì.oòÙC)†4g¶ð»7NzÉ”ºnÒÃî®Mª†x6àöãö×'[Ô6ãw?ÿª€ãi=†vèEJˆB
µÿÂ9gÏi"Q –ÿ
™›Ù®à