diff --git a/cluster/services/storage/default.nix b/cluster/services/storage/default.nix index 4565c5a..7d7b723 100644 --- a/cluster/services/storage/default.nix +++ b/cluster/services/storage/default.nix @@ -32,6 +32,8 @@ in heresy = [ ./heresy.nix ./s3ql-upgrades.nix + ] ++ lib.optionals config.simulacrum [ + ./simulacrum/snakeoil-heresy-passphrase.nix ]; garage = [ ./garage.nix diff --git a/cluster/services/storage/heresy.nix b/cluster/services/storage/heresy.nix index ace3343..ed428d7 100644 --- a/cluster/services/storage/heresy.nix +++ b/cluster/services/storage/heresy.nix @@ -11,6 +11,7 @@ unitDescription = "Heresy Filesystem"; authFile = ./secrets/heresy-encryption-key.age; underlay = "heresy"; + encrypt = true; }; }; } diff --git a/cluster/services/storage/simulacrum/snakeoil-heresy-passphrase.nix b/cluster/services/storage/simulacrum/snakeoil-heresy-passphrase.nix new file mode 100644 index 0000000..bcfb410 --- /dev/null +++ b/cluster/services/storage/simulacrum/snakeoil-heresy-passphrase.nix @@ -0,0 +1,8 @@ +{ + environment.etc."dummy-secrets/storageAuth-heresy".text = '' + [local] + storage-url: local:// + fs-passphrase: simulacrum + ''; +} +