diff --git a/.gitignore b/.gitignore index 0924889..333a597 100644 --- a/.gitignore +++ b/.gitignore @@ -13,6 +13,8 @@ !lib/ !secrets/ +!secrets/cube/ +!secrets/enka/ !.gitignore !flake.lock diff --git a/hosts/cube/default.nix b/hosts/cube/default.nix index 97b57ef..64f5d13 100644 --- a/hosts/cube/default.nix +++ b/hosts/cube/default.nix @@ -8,13 +8,13 @@ time.timeZone = "Europe/Amsterdam"; - users.users.root.passwordFile = config.age.secrets."cube.rgb.password.hash".path; + users.users.root.passwordFile = config.age.secrets."cube/password.hash.rgb".path; users.users.rgb = normalUser { description = "RGB"; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ keys.rgbcube ]; - hashedPasswordFile = config.age.secrets."cube.rgb.password.hash".path; + hashedPasswordFile = config.age.secrets."cube/password.hash.rgb".path; }; }) diff --git a/hosts/cube/grafana.nix b/hosts/cube/grafana.nix index 5bcf213..4f7dfa2 100644 --- a/hosts/cube/grafana.nix +++ b/hosts/cube/grafana.nix @@ -5,7 +5,7 @@ let fqdn = "metrics.${domain}"; in serverSystemConfiguration { - age.secrets."cube.grafana.password" = { + age.secrets."cube/password.grafana" = { owner = "grafana"; group = "grafana"; }; @@ -29,7 +29,7 @@ in serverSystemConfiguration { settings.security = { admin_email = "metrics@${domain}"; - admin_password = "$__file{${config.age.secrets."cube.grafana.password".path}}"; + admin_password = "$__file{${config.age.secrets."cube/passowrd.grafana".path}}"; }; }; diff --git a/hosts/cube/mail.nix b/hosts/cube/mail.nix index e114325..fa96e2b 100644 --- a/hosts/cube/mail.nix +++ b/hosts/cube/mail.nix @@ -42,7 +42,7 @@ in serverSystemConfiguration { loginAccounts."contact@${domain}" = { aliases = [ "@${domain}" ]; - hashedPasswordFile = config.age.secrets."cube.mail.password.hash".path; + hashedPasswordFile = config.age.secrets."cube/password.hash.mail".path; }; }; } diff --git a/hosts/cube/nextcloud.nix b/hosts/cube/nextcloud.nix index 6a516c0..04ab083 100644 --- a/hosts/cube/nextcloud.nix +++ b/hosts/cube/nextcloud.nix @@ -5,7 +5,7 @@ let fqdn = "cloud.${domain}"; in serverSystemConfiguration { - age.secrets."cube.nextcloud.password" = { + age.secrets."cube/password.nextcloud" = { owner = "nextcloud"; group = "nextcloud"; }; @@ -19,7 +19,7 @@ in serverSystemConfiguration { configureRedis = true; config.adminuser = "admin"; - config.adminpassFile = config.age.secrets."cube.nextcloud.password".path; + config.adminpassFile = config.age.secrets."cube/password.nextcloud".path; config.dbtype = "pgsql"; database.createLocally = true; diff --git a/hosts/enka/default.nix b/hosts/enka/default.nix index fba0ec3..094d0ed 100644 --- a/hosts/enka/default.nix +++ b/hosts/enka/default.nix @@ -7,18 +7,18 @@ time.timeZone = "Europe/Istanbul"; - users.users.root.hashedPasswordFile = config.age.secrets."enka.said.password.hash".path; + users.users.root.hashedPasswordFile = config.age.secrets."enka/password.hash.said".path; users.users.said = graphicalUser { description = "Said"; extraGroups = [ "wheel" ]; - hashedPasswordFile = config.age.secrets."enka.said.password.hash".path; + hashedPasswordFile = config.age.secrets."enka/password.hash.said".path; uid = 1000; }; users.users.orhan = graphicalUser { description = "Orhan"; - hashedPasswordFile = config.age.secrets."enka.orhan.password.hash".path; + hashedPasswordFile = config.age.secrets."enka/password.hash.orhan".path; uid = 1001; }; diff --git a/secrets/cube.grafana.password.age b/secrets/cube/grafana.password.age similarity index 100% rename from secrets/cube.grafana.password.age rename to secrets/cube/grafana.password.age diff --git a/secrets/cube.id.age b/secrets/cube/id.age similarity index 100% rename from secrets/cube.id.age rename to secrets/cube/id.age diff --git a/secrets/cube.mail.password.hash.age b/secrets/cube/mail.password.hash.age similarity index 100% rename from secrets/cube.mail.password.hash.age rename to secrets/cube/mail.password.hash.age diff --git a/secrets/cube.nextcloud.password.age b/secrets/cube/nextcloud.password.age similarity index 100% rename from secrets/cube.nextcloud.password.age rename to secrets/cube/nextcloud.password.age diff --git a/secrets/cube.rgb.password.hash.age b/secrets/cube/rgb.password.hash.age similarity index 100% rename from secrets/cube.rgb.password.hash.age rename to secrets/cube/rgb.password.hash.age diff --git a/secrets/enka.orhan.password.hash.age b/secrets/enka/orhan.password.hash.age similarity index 100% rename from secrets/enka.orhan.password.hash.age rename to secrets/enka/orhan.password.hash.age diff --git a/secrets/enka.said.password.hash.age b/secrets/enka/said.password.hash.age similarity index 100% rename from secrets/enka.said.password.hash.age rename to secrets/enka/said.password.hash.age diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 3d3b84c..dd34330 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -4,12 +4,15 @@ rec { cube = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINMkCJeHcD0SIOZ4HkyF6rqUmbvlKhSha3HWMZ0hbIjp rgb@cube"; }; - "acme.age".publicKeys = [ keys.cube ]; - "cube.id.age".publicKeys = [ keys.rgbcube ]; - "cube.grafana.password.age".publicKeys = [ keys.cube ]; - "cube.mail.password.hash.age".publicKeys = [ keys.cube ]; - "cube.nextcloud.password.age".publicKeys = [ keys.cube ]; - "cube.rgb.password.hash.age".publicKeys = [ keys.cube ]; - "enka.orhan.password.hash.age".publicKeys = [ keys.rgbcube ]; - "enka.said.password.hash.age".publicKeys = [ keys.rgbcube ]; + "cube/id.age".publicKeys = [ keys.rgbcube ]; + + "cube/password.hash.mail.age".publicKeys = [ keys.cube ]; + "cube/password.hash.rgb.age".publicKeys = [ keys.cube ]; + + "cube/password.acme.age".publicKeys = [ keys.cube ]; + "cube/password.grafana.age".publicKeys = [ keys.cube ]; + "cube/password.nextcloud.age".publicKeys = [ keys.cube ]; + + "enka/password.hash.orhan.age".publicKeys = [ keys.rgbcube ]; + "enka/password.hash.said.age".publicKeys = [ keys.rgbcube ]; }