privatevoid.net/depot
1
1
Fork 0
Code Issues 22 Pull requests 4 Projects 3 Releases Packages Wiki Activity Actions

Cluster secrets #100

Merged
max merged 17 commits from pr-cluster-secrets into master 2024-07-08 22:23:11 +03:00
Conversation 1 Commits 17 Files changed 90 +19 -18
5 changed files with 19 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 30c80b6942 - Show all commits

0
cluster/services/attic/attic-db-credentials.age → cluster/secrets/attic-dbCredentials.age
View file

0
cluster/services/attic/attic-s3-credentials.age → cluster/secrets/attic-s3Credentials.age
View file

0
cluster/services/attic/attic-server-token.age → cluster/secrets/attic-serverToken.age
View file

15
cluster/services/attic/default.nix
View file

@ -12,6 +12,21 @@
./nar-serve.nix ./nar-serve.nix
]; ];
}; };
secrets = let
inherit (config.services.attic) nodes;
in {
serverToken = {
nodes = nodes.server;
};
dbCredentials = {
nodes = nodes.server;
owner = "atticd";
};
s3Credentials = {
nodes = nodes.server;
owner = "atticd";
};
};
}; };
garage = { garage = {

22
cluster/services/attic/server.nix
View file

@ -1,7 +1,7 @@
{ cluster, config, depot, lib, ... }: { cluster, config, depot, lib, ... }:
let let
inherit (config.networking) hostName; inherit (cluster.config.services.attic) secrets;
in in
{ {
@ -9,26 +9,12 @@ in
depot.inputs.attic.nixosModules.atticd depot.inputs.attic.nixosModules.atticd
]; ];
age.secrets = {
atticServerToken.file = ./attic-server-token.age;
atticDBCredentials = {
file = ./attic-db-credentials.age;
owner = "atticd";
};
atticS3Credentials = {
file = ./attic-s3-credentials.age;
owner = "atticd";
};
};
links.atticServer.protocol = "http"; links.atticServer.protocol = "http";
services.atticd = { services.atticd = {
enable = true; enable = true;
credentialsFile = config.age.secrets.atticServerToken.path; credentialsFile = secrets.serverToken.path;
settings = { settings = {
listen = config.links.atticServer.tuple; listen = config.links.atticServer.tuple;
@ -74,8 +60,8 @@ in
DynamicUser = lib.mkForce false; DynamicUser = lib.mkForce false;
}; };
environment = { environment = {
AWS_SHARED_CREDENTIALS_FILE = config.age.secrets.atticS3Credentials.path; AWS_SHARED_CREDENTIALS_FILE = secrets.s3Credentials.path;
PGPASSFILE = config.age.secrets.atticDBCredentials.path; PGPASSFILE = secrets.dbCredentials.path;
}; };
}; };