daniel/dotfiles
1
0
Fork 0
Code Activity Actions

mastodon: use agenix

Browse source
This commit is contained in:
Daniel Kempkens 2023-02-05 20:32:19 +01:00
parent c3edc30ee7
commit 93939f4664
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
4 changed files with 49 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
agenix/hosts/sail/config.nix
View file

@ -1,5 +1,41 @@
{ {
age.secrets = { age.secrets = {
mastodon-database-password = {
file = ./mastodon/databasePassword.age;
owner = "mastodon";
group = "mastodon";
};
mastodon-smtp-password = {
file = ./mastodon/smtpPassword.age;
owner = "mastodon";
group = "mastodon";
};
mastodon-otp-secret = {
file = ./mastodon/otpSecret.age;
owner = "mastodon";
group = "mastodon";
};
mastodon-secret-key-base = {
file = ./mastodon/secretKeyBase.age;
owner = "mastodon";
group = "mastodon";
};
mastodon-vapid-private-key = {
file = ./mastodon/vapidPrivateKey.age;
owner = "mastodon";
group = "mastodon";
};
mastodon-vapid-public-key = {
file = ./mastodon/vapidPublicKey.age;
owner = "mastodon";
group = "mastodon";
};
freshrss-user-password = { freshrss-user-password = {
file = ./freshrss/userPassword.age; file = ./freshrss/userPassword.age;
owner = "freshrss"; owner = "freshrss";

BIN
secret/hosts/sail.nix
View file

Binary file not shown.

7
secrets.nix
View file

@ -7,6 +7,13 @@ let
in in
{ {
# sail # sail
"agenix/hosts/sail/mastodon/databasePassword.age".publicKeys = sail;
"agenix/hosts/sail/mastodon/smtpPassword.age".publicKeys = sail;
"agenix/hosts/sail/mastodon/otpSecret.age".publicKeys = sail;
"agenix/hosts/sail/mastodon/secretKeyBase.age".publicKeys = sail;
"agenix/hosts/sail/mastodon/vapidPrivateKey.age".publicKeys = sail;
"agenix/hosts/sail/mastodon/vapidPublicKey.age".publicKeys = sail;
"agenix/hosts/sail/freshrss/userPassword.age".publicKeys = sail; "agenix/hosts/sail/freshrss/userPassword.age".publicKeys = sail;
"agenix/hosts/sail/freshrss/databasePassword.age".publicKeys = sail; "agenix/hosts/sail/freshrss/databasePassword.age".publicKeys = sail;
} }

12
system/nixos/mastodon.nix
View file

@ -30,10 +30,10 @@ in
trustedProxy = "127.0.0.1"; trustedProxy = "127.0.0.1";
vapidPublicKeyFile = "/var/lib/mastodon/secrets/vapid-public-key"; vapidPublicKeyFile = config.age.secrets.mastodon-vapid-public-key.path;
secretKeyBaseFile = "/var/lib/mastodon/secrets/secret-key-base"; secretKeyBaseFile = config.age.secrets.mastodon-secret-key-base.path;
otpSecretFile = "/var/lib/mastodon/secrets/otp-secret"; otpSecretFile = config.age.secrets.mastodon-otp-secret.path;
vapidPrivateKeyFile = "/var/lib/mastodon/secrets/vapid-private-key"; vapidPrivateKeyFile = config.age.secrets.mastodon-vapid-private-key.path;
database = { database = {
createLocally = false; createLocally = false;
@ -41,7 +41,7 @@ in
port = 5432; port = 5432;
name = "mastodon"; name = "mastodon";
inherit (secret.mastodon.database) user; inherit (secret.mastodon.database) user;
inherit (secret.mastodon.database) passwordFile; passwordFile = config.age.secrets.mastodon-database-password.path;
}; };
redis = { redis = {
@ -62,7 +62,7 @@ in
port = 587; port = 587;
fromAddress = "mastodon@mg.kempkens.io"; fromAddress = "mastodon@mg.kempkens.io";
inherit (secret.mastodon.smtp) user; inherit (secret.mastodon.smtp) user;
inherit (secret.mastodon.smtp) passwordFile; passwordFile = config.age.secrets.mastodon-smtp-password.path;
}; };
automaticMigrations = true; automaticMigrations = true;