Cluster secrets #100

Merged
max merged 17 commits from pr-cluster-secrets into master 2024-07-08 22:23:11 +03:00
5 changed files with 19 additions and 18 deletions
Showing only changes of commit 30c80b6942 - Show all commits

View file

@ -12,6 +12,21 @@
./nar-serve.nix
];
};
secrets = let
inherit (config.services.attic) nodes;
in {
serverToken = {
nodes = nodes.server;
};
dbCredentials = {
nodes = nodes.server;
owner = "atticd";
};
s3Credentials = {
nodes = nodes.server;
owner = "atticd";
};
};
};
garage = {

View file

@ -1,7 +1,7 @@
{ cluster, config, depot, lib, ... }:
let
inherit (config.networking) hostName;
inherit (cluster.config.services.attic) secrets;
in
{
@ -9,26 +9,12 @@ in
depot.inputs.attic.nixosModules.atticd
];
age.secrets = {
atticServerToken.file = ./attic-server-token.age;
atticDBCredentials = {
file = ./attic-db-credentials.age;
owner = "atticd";
};
atticS3Credentials = {
file = ./attic-s3-credentials.age;
owner = "atticd";
};
};
links.atticServer.protocol = "http";
services.atticd = {
enable = true;
credentialsFile = config.age.secrets.atticServerToken.path;
credentialsFile = secrets.serverToken.path;
settings = {
listen = config.links.atticServer.tuple;
@ -74,8 +60,8 @@ in
DynamicUser = lib.mkForce false;
};
environment = {
AWS_SHARED_CREDENTIALS_FILE = config.age.secrets.atticS3Credentials.path;
PGPASSFILE = config.age.secrets.atticDBCredentials.path;
AWS_SHARED_CREDENTIALS_FILE = secrets.s3Credentials.path;
PGPASSFILE = secrets.dbCredentials.path;
};
};