1
0
Fork 0

freshrss: Store secrets using agenix

This commit is contained in:
Daniel Kempkens 2023-02-05 18:06:51 +01:00
parent b2958aea7c
commit c3edc30ee7
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
5 changed files with 21 additions and 2 deletions

View file

@ -2,6 +2,14 @@
age.secrets = {
freshrss-user-password = {
file = ./freshrss/userPassword.age;
owner = "freshrss";
group = "freshrss";
};
freshrss-database-password = {
file = ./freshrss/databasePassword.age;
owner = "freshrss";
group = "freshrss";
};
};
}

View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g KSyCSQHLSXPQ5jx4FqpF0l76YHh8UARYVJq88QtXvUA
ZwpIKbT4/xqL9FxwkNe4dObZgH5jsaNWSl/+EIXHRbs
-> ssh-ed25519 NbV4hw OArbXWqy7lhy+AZGmK3kJoBjvuPo3MPreT6USezOxU4
9FBzw8f8OkK7GjsaQmGsxcA2psikM5m1PUH7y25FjJ8
-> xcW-grease {
AlrvkkEQarwKE6I3RwJNWZY
--- ooZpCcqAvJlfd1J1Mig6D/9DfL8i3Yp2m0wmck0d/SE
<EFBFBD>.¤¾W°<MŽÙ¥5Žçþ÷è¸s´:˜ŒŽèè8yYû_H‰1¨xrÎ`%mLñåÁÔf

Binary file not shown.

View file

@ -6,5 +6,7 @@ let
sail = [ user-daniel system-sail ];
in
{
# sail
"agenix/hosts/sail/freshrss/userPassword.age".publicKeys = sail;
"agenix/hosts/sail/freshrss/databasePassword.age".publicKeys = sail;
}

View file

@ -14,8 +14,8 @@
type = "pgsql";
host = "10.99.99.3";
port = 5432;
inherit (secret.freshrss.database) user;
inherit (secret.freshrss.database) passFile;
user = "freshrss";
passFile = config.age.secrets.freshrss-database-password.path;
};
};
}