freshrss: Store secrets using agenix
This commit is contained in:
parent
b2958aea7c
commit
c3edc30ee7
5 changed files with 21 additions and 2 deletions
|
@ -2,6 +2,14 @@
|
|||
age.secrets = {
|
||||
freshrss-user-password = {
|
||||
file = ./freshrss/userPassword.age;
|
||||
owner = "freshrss";
|
||||
group = "freshrss";
|
||||
};
|
||||
|
||||
freshrss-database-password = {
|
||||
file = ./freshrss/databasePassword.age;
|
||||
owner = "freshrss";
|
||||
group = "freshrss";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
9
agenix/hosts/sail/freshrss/databasePassword.age
Normal file
9
agenix/hosts/sail/freshrss/databasePassword.age
Normal file
|
@ -0,0 +1,9 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g KSyCSQHLSXPQ5jx4FqpF0l76YHh8UARYVJq88QtXvUA
|
||||
ZwpIKbT4/xqL9FxwkNe4dObZgH5jsaNWSl/+EIXHRbs
|
||||
-> ssh-ed25519 NbV4hw OArbXWqy7lhy+AZGmK3kJoBjvuPo3MPreT6USezOxU4
|
||||
9FBzw8f8OkK7GjsaQmGsxcA2psikM5m1PUH7y25FjJ8
|
||||
-> xcW-grease {
|
||||
AlrvkkEQarwKE6I3RwJNWZY
|
||||
--- ooZpCcqAvJlfd1J1Mig6D/9DfL8i3Yp2m0wmck0d/SE
|
||||
<EFBFBD>.¤¾W°‚<MŽÙ¥5‚Žçþ÷è¸s´:˜ŒŽèè8yYû_H‰1¨xrÎ`%mLñåÁÔf
|
Binary file not shown.
|
@ -6,5 +6,7 @@ let
|
|||
sail = [ user-daniel system-sail ];
|
||||
in
|
||||
{
|
||||
# sail
|
||||
"agenix/hosts/sail/freshrss/userPassword.age".publicKeys = sail;
|
||||
"agenix/hosts/sail/freshrss/databasePassword.age".publicKeys = sail;
|
||||
}
|
||||
|
|
|
@ -14,8 +14,8 @@
|
|||
type = "pgsql";
|
||||
host = "10.99.99.3";
|
||||
port = 5432;
|
||||
inherit (secret.freshrss.database) user;
|
||||
inherit (secret.freshrss.database) passFile;
|
||||
user = "freshrss";
|
||||
passFile = config.age.secrets.freshrss-database-password.path;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue