freshrss: Store secrets using agenix

2023-02-05 18:06:51 +01:00 · 2023-02-05 18:06:51 +01:00 · c3edc30ee7
commit c3edc30ee7
parent b2958aea7c
5 changed files with 21 additions and 2 deletions
--- a/agenix/hosts/sail/config.nix
+++ b/agenix/hosts/sail/config.nix
@ -2,6 +2,14 @@
  age.secrets = {
    freshrss-user-password = {
      file = ./freshrss/userPassword.age;
+      owner = "freshrss";
+      group = "freshrss";
+    };
+
+    freshrss-database-password = {
+      file = ./freshrss/databasePassword.age;
+      owner = "freshrss";
+      group = "freshrss";
    };
  };
 }
--- a/agenix/hosts/sail/freshrss/databasePassword.age
+++ b/agenix/hosts/sail/freshrss/databasePassword.age
@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 MtGp6g KSyCSQHLSXPQ5jx4FqpF0l76YHh8UARYVJq88QtXvUA
+ZwpIKbT4/xqL9FxwkNe4dObZgH5jsaNWSl/+EIXHRbs
+-> ssh-ed25519 NbV4hw OArbXWqy7lhy+AZGmK3kJoBjvuPo3MPreT6USezOxU4
+9FBzw8f8OkK7GjsaQmGsxcA2psikM5m1PUH7y25FjJ8
+-> xcW-grease {
+AlrvkkEQarwKE6I3RwJNWZY
+--- ooZpCcqAvJlfd1J1Mig6D/9DfL8i3Yp2m0wmck0d/SE
+<EFBFBD>.¤¾W°‚<MŽÙ¥5‚Žçþ÷è¸s´:˜ŒŽèè8yYû_H‰1¨xrÎ`%mLñåÁÔf
--- a/secret/hosts/sail.nix
+++ b/secret/hosts/sail.nix
--- a/secrets.nix
+++ b/secrets.nix
@ -6,5 +6,7 @@ let
  sail = [ user-daniel system-sail ];
 in
 {
+  # sail
  "agenix/hosts/sail/freshrss/userPassword.age".publicKeys = sail;
+  "agenix/hosts/sail/freshrss/databasePassword.age".publicKeys = sail;
 }
--- a/system/nixos/freshrss.nix
+++ b/system/nixos/freshrss.nix
@ -14,8 +14,8 @@
      type = "pgsql";
      host = "10.99.99.3";
      port = 5432;
-      inherit (secret.freshrss.database) user;
-      inherit (secret.freshrss.database) passFile;
+      user = "freshrss";
+      passFile = config.age.secrets.freshrss-database-password.path;
    };
  };
 }