Fix secret persm

2025-07-29 19:17:45 +00:00 · 2024-01-13 12:32:30 +03:00 · 2024-01-13 12:32:30 +03:00 · 481617ce28
commit 481617ce28
parent cb802cabd7
5 changed files with 22 additions and 10 deletions
--- a/hosts/cube/grafana.nix
+++ b/hosts/cube/grafana.nix
@ -5,7 +5,7 @@ let

  fqdn = "metrics.${domain}";
 in serverSystemConfiguration {
-  age.secrets."cube.mail.password" = {
+  age.secrets."cube.mail.password.grafana" = {
    owner = "grafana";
    group = "grafana";
  };
@ -33,7 +33,7 @@ in serverSystemConfiguration {

    settings.security = {
      admin_email    = "metrics@${domain}";
-      admin_password = "$__file{${config.age.secrets."cube.mail.password".path}}";
+      admin_password = "$__file{${config.age.secrets."cube.mail.password.grafana".path}}";
    };
  };

--- a/hosts/cube/mail.nix
+++ b/hosts/cube/mail.nix
@ -5,10 +5,15 @@ let

  fqdn = "mail.${domain}";
 in serverSystemConfiguration {
+  age.secrets."cube.mail.password.dmarc" = {
+    owner = "dmarc-exporter";
+    group = "dmarc-exporter";
+  };
+
  services.prometheus.exporters = {
    dmarc = enabled {
      imap.host         = domain;
-      imap.passwordFile = config.age.secrets."cube.mail.password".path;
+      imap.passwordFile = config.age.secrets."cube.mail.password.dmarc".path;
      imap.username     = "contact@${domain}";

      listenAddress = "::";
--- a/secrets/cube.mail.password.dmarc.age
+++ b/secrets/cube.mail.password.dmarc.age
--- a/secrets/cube.mail.password.grafana.age
+++ b/secrets/cube.mail.password.grafana.age
@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 +rZ0Tw 9dsCOc/hpTof2yjqGKzAJozjXnc0RPgnv3pNaccmBAQ
+s6+1D/Sn6tuIh3aIbgBHYKTATyGbQKcaKPW+6HvMNFQ
+--- pr1ZimpiaA8RO8Oayn6tHJN+rTGSLxcaddmYWpSiWLs
+"LÜàPœw5¿Û&<26>Ž C"Â\ø¬íòŽTQD¯IZdê¤ìˆV÷Â\d
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -4,11 +4,13 @@ rec {
    cube     = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINMkCJeHcD0SIOZ4HkyF6rqUmbvlKhSha3HWMZ0hbIjp rgb@cube";
  };

-  "acme.age".publicKeys                     = [ keys.cube ];
-  "cube.rgb.password.hash.age".publicKeys   = [ keys.cube ];
-  "cube.mail.password.age".publicKeys       = [ keys.cube ];
-  "cube.mail.password.hash.age".publicKeys  = [ keys.cube ];
-  "cube.id.age".publicKeys                  = [ keys.rgbcube ];
-  "enka.said.password.hash.age".publicKeys  = [ keys.rgbcube ];
-  "enka.orhan.password.hash.age".publicKeys = [ keys.rgbcube ];
+  "acme.age".publicKeys                       = [ keys.cube ];
+  "cube.id.age".publicKeys                    = [ keys.rgbcube ];
+  "cube.mail.password.dmarc.age".publicKeys   = [ keys.cube ];
+  "cube.mail.password.grafana.age".publicKeys = [ keys.cube ];
+  "cube.mail.password.hash.age".publicKeys    = [ keys.cube ];
+  "cube.nextcloud.password.age".publicKeys    = [ keys.cube ];
+  "cube.rgb.password.hash.age".publicKeys     = [ keys.cube ];
+  "enka.orhan.password.hash.age".publicKeys   = [ keys.rgbcube ];
+  "enka.said.password.hash.age".publicKeys    = [ keys.rgbcube ];
 }