cluster/services/storage: define snakeoil passphrase for heresy, ensure encryption

This commit is contained in:
Max Headroom 2024-08-11 01:29:19 +02:00
parent 9272c555bc
commit ad65ad500e
3 changed files with 11 additions and 0 deletions

View file

@ -32,6 +32,8 @@ in
heresy = [ heresy = [
./heresy.nix ./heresy.nix
./s3ql-upgrades.nix ./s3ql-upgrades.nix
] ++ lib.optionals config.simulacrum [
./simulacrum/snakeoil-heresy-passphrase.nix
]; ];
garage = [ garage = [
./garage.nix ./garage.nix

View file

@ -11,6 +11,7 @@
unitDescription = "Heresy Filesystem"; unitDescription = "Heresy Filesystem";
authFile = ./secrets/heresy-encryption-key.age; authFile = ./secrets/heresy-encryption-key.age;
underlay = "heresy"; underlay = "heresy";
encrypt = true;
}; };
}; };
} }

View file

@ -0,0 +1,8 @@
{
environment.etc."dummy-secrets/storageAuth-heresy".text = ''
[local]
storage-url: local://
fs-passphrase: simulacrum
'';
}