60 lines
1.6 KiB
Nix
60 lines
1.6 KiB
Nix
{ lib, config, ... }:
|
|
{
|
|
age.secrets =
|
|
lib.listToAttrs (
|
|
map
|
|
(secret: {
|
|
name = secret;
|
|
value = {
|
|
file = ../../secrets/${secret}.age;
|
|
};
|
|
})
|
|
[
|
|
"gotosocial"
|
|
"immich"
|
|
"readeck"
|
|
"storage-box-credentials"
|
|
"vaultwarden"
|
|
"donetick"
|
|
"dnote"
|
|
"mealie"
|
|
"mosquitto/homie"
|
|
"mosquitto/telegraf"
|
|
"mosquitto/openhab"
|
|
"mosquitto/shelly"
|
|
"mosquitto/mokkimaatti"
|
|
"gitlab-runner/default"
|
|
"gitlab-runner/docker"
|
|
"glance/reddit/app-id"
|
|
"glance/reddit/app-secret"
|
|
"hetzner"
|
|
"actual"
|
|
"voidauth"
|
|
"gitea"
|
|
"gitea-actions-runner"
|
|
]
|
|
)
|
|
// {
|
|
smtp-password = {
|
|
file = ../../secrets/smtp-password.age;
|
|
owner =
|
|
if (config.services.grafana.enable) then
|
|
config.systemd.services.grafana.serviceConfig.User
|
|
else
|
|
"root";
|
|
};
|
|
hastebin-tokens = {
|
|
file = ../../secrets/hastebin-tokens.age;
|
|
owner = if (config.services.hastebin.enable) then config.users.users.hastebin.name else "root";
|
|
};
|
|
hledger-basic-auth = {
|
|
file = ../../secrets/hledger-basic-auth.age;
|
|
owner = if (config.services.hledger-web.enable) then "nginx" else "root";
|
|
};
|
|
invidious = lib.mkIf config.services.invidious.enable {
|
|
file = ../../secrets/invidious.age;
|
|
owner = config.systemd.services.invidious.serviceConfig.User;
|
|
};
|
|
};
|
|
}
|