use agenix

2025-02-11 22:15:44 +02:00
parent 8a1f2c4968
commit 0bc01cd2b1
20 changed files with 182 additions and 20 deletions
--- a/hosts/freun.dev/default.nix
+++ b/hosts/freun.dev/default.nix
@@ -4,5 +4,6 @@
    ./hardware-configuration.nix
    ./configuration.nix
    ./services.nix
+    ./secrets.nix
  ];
 }
--- a/hosts/freun.dev/secrets.nix
+++ b/hosts/freun.dev/secrets.nix
@@ -0,0 +1,22 @@
+{ lib, config, ... }:
+{
+  age.secrets = lib.listToAttrs
+    (
+      map (secret: { name = secret; value = { file = ../../secrets/${secret}.age; }; }) [
+        "gotosocial"
+        "hastebin-tokens"
+        "immich"
+        "storage-box-credentials"
+        "vaultwarden"
+      ]
+    ) // {
+    smtp-password = {
+      file = ../../secrets/smtp-password.age;
+      owner =
+        if (config.services.grafana.enable) then
+          config.systemd.services.grafana.serviceConfig.User
+        else
+          "root";
+    };
+  };
+}