RGBCube/ncc
1
Fork 0
mirror of https://github.com/RGBCube/ncc synced 2025-07-30 11:37:44 +00:00
Code Issues Activity

Fix secret persm

Browse source
This commit is contained in:
RGBCube 2024-01-13 12:32:30 +03:00
parent cb802cabd7
commit 481617ce28
No known key found for this signature in database
5 changed files with 22 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

4
hosts/cube/grafana.nix
View file

@ -5,7 +5,7 @@ let
fqdn = "metrics.${domain}";
in serverSystemConfiguration {
age.secrets."cube.mail.password" = {
age.secrets."cube.mail.password.grafana" = {
owner = "grafana";
group = "grafana";
};
@ -33,7 +33,7 @@ in serverSystemConfiguration {
settings.security = {
admin_email = "metrics@${domain}";
admin_password = "$__file{${config.age.secrets."cube.mail.password".path}}";
admin_password = "$__file{${config.age.secrets."cube.mail.password.grafana".path}}";
};
};

7
hosts/cube/mail.nix
View file

@ -5,10 +5,15 @@ let
fqdn = "mail.${domain}";
in serverSystemConfiguration {
age.secrets."cube.mail.password.dmarc" = {
owner = "dmarc-exporter";
group = "dmarc-exporter";
};
services.prometheus.exporters = {
dmarc = enabled {
imap.host = domain;
imap.passwordFile = config.age.secrets."cube.mail.password".path;
imap.passwordFile = config.age.secrets."cube.mail.password.dmarc".path;
imap.username = "contact@${domain}";
listenAddress = "::";

0
secrets/cube.mail.password.age → secrets/cube.mail.password.dmarc.age
View file

5
secrets/cube.mail.password.grafana.age Normal file
View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw 9dsCOc/hpTof2yjqGKzAJozjXnc0RPgnv3pNaccmBAQ
s6+1D/Sn6tuIh3aIbgBHYKTATyGbQKcaKPW+6HvMNFQ
--- pr1ZimpiaA8RO8Oayn6tHJN+rTGSLxcaddmYWpSiWLs
"LÜàPœw5¿Û&<26>Ž C"Â\ø¬íòŽTQD¯IZdê¤ìˆÂ\d

10
secrets/secrets.nix
View file

@ -5,10 +5,12 @@ rec {
};
"acme.age".publicKeys = [ keys.cube ];
"cube.rgb.password.hash.age".publicKeys = [ keys.cube ];
"cube.mail.password.age".publicKeys = [ keys.cube ];
"cube.mail.password.hash.age".publicKeys = [ keys.cube ];
"cube.id.age".publicKeys = [ keys.rgbcube ];
"enka.said.password.hash.age".publicKeys = [ keys.rgbcube ];
"cube.mail.password.dmarc.age".publicKeys = [ keys.cube ];
"cube.mail.password.grafana.age".publicKeys = [ keys.cube ];
"cube.mail.password.hash.age".publicKeys = [ keys.cube ];
"cube.nextcloud.password.age".publicKeys = [ keys.cube ];
"cube.rgb.password.hash.age".publicKeys = [ keys.cube ];
"enka.orhan.password.hash.age".publicKeys = [ keys.rgbcube ];
"enka.said.password.hash.age".publicKeys = [ keys.rgbcube ];
}