From a788e9b95550b86933cda5a86343854746409082 Mon Sep 17 00:00:00 2001 From: RGBCube Date: Tue, 30 Apr 2024 18:06:37 +0300 Subject: [PATCH] Move acme env file to its own directory --- .gitignore | 1 + hosts/cube/{acme.nix => acme/default.nix} | 6 +++--- hosts/{password.acme.age => cube/acme/environment.age} | 0 hosts/cube/forgejo/default.nix | 2 +- hosts/cube/grafana/default.nix | 2 +- hosts/disk/site6.nix | 2 +- secrets.nix | 5 +++-- 7 files changed, 10 insertions(+), 8 deletions(-) rename hosts/cube/{acme.nix => acme/default.nix} (70%) rename hosts/{password.acme.age => cube/acme/environment.age} (100%) diff --git a/.gitignore b/.gitignore index 6d0debc..1bfd5d6 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ !hosts/ !hosts/cube/ +!hosts/cube/acme/ !hosts/cube/forgejo/ !hosts/cube/grafana/ !hosts/cube/matrix/ diff --git a/hosts/cube/acme.nix b/hosts/cube/acme/default.nix similarity index 70% rename from hosts/cube/acme.nix rename to hosts/cube/acme/default.nix index 0a76c91..cf05ff3 100644 --- a/hosts/cube/acme.nix +++ b/hosts/cube/acme/default.nix @@ -1,15 +1,15 @@ -{ self, config, lib, ... }: with lib; +{ config, lib, ... }: with lib; let inherit (config.networking) domain; in systemConfiguration { - secrets.acmePassword.file = self + /hosts/password.acme.age; + secrets.acmeEnvironment.file = ./environment.age; security.acme = { acceptTerms = true; defaults = { - environmentFile = config.secrets.acmePassword.path; + environmentFile = config.secrets.acmeEnvironment.path; dnsProvider = "cloudflare"; dnsResolver = "1.1.1.1"; email = "security@${domain}"; diff --git a/hosts/password.acme.age b/hosts/cube/acme/environment.age similarity index 100% rename from hosts/password.acme.age rename to hosts/cube/acme/environment.age diff --git a/hosts/cube/forgejo/default.nix b/hosts/cube/forgejo/default.nix index e9371f7..7e4c721 100644 --- a/hosts/cube/forgejo/default.nix +++ b/hosts/cube/forgejo/default.nix @@ -8,7 +8,7 @@ let port = 8001; in systemConfiguration { secrets.forgejoMailPassword = { - file = ../../disk/mail/password.plain.age; + file = self + /hosts/disk/mail/password.plain.age; owner = "forgejo"; }; secrets.forgejoRunnerPassword = { diff --git a/hosts/cube/grafana/default.nix b/hosts/cube/grafana/default.nix index 271777a..c603479 100644 --- a/hosts/cube/grafana/default.nix +++ b/hosts/cube/grafana/default.nix @@ -12,7 +12,7 @@ in systemConfiguration { owner = "grafana"; }; secrets.grafanaMailPassword = { - file = ../../disk/mail/password.plain.age; + file = self + /hosts/disk/mail/password.plain.age; owner = "grafana"; }; diff --git a/hosts/disk/site6.nix b/hosts/disk/site6.nix index a5e3c41..264091a 100644 --- a/hosts/disk/site6.nix +++ b/hosts/disk/site6.nix @@ -2,7 +2,7 @@ systemConfiguration { imports = [ - (self + /hosts/cube/acme.nix) + (self + /hosts/cube/acme) (self + /hosts/cube/nginx.nix) (self + /hosts/cube/site.nix) ]; diff --git a/secrets.nix b/secrets.nix index bd6c7bd..47791aa 100644 --- a/secrets.nix +++ b/secrets.nix @@ -7,6 +7,8 @@ in with keys; { "hosts/cube/id.age".publicKeys = [ cube enka ]; "hosts/cube/password.rgb.age".publicKeys = [ cube enka ]; + "hosts/cube/acme/environment.age".publicKeys = all; + "hosts/cube/forgejo/password.runner.age".publicKeys = [ cube enka ]; "hosts/cube/grafana/password.age".publicKeys = [ cube enka ]; @@ -22,7 +24,7 @@ in with keys; { "hosts/disk/id.age".publicKeys = [ disk enka ]; "hosts/disk/password.floppy.age".publicKeys = [ disk enka ]; - "hosts/disk/mail/password.plain.age".publicKeys = [ cube disk enka ]; # TODO: Move to shared. + "hosts/disk/mail/password.plain.age".publicKeys = all; "hosts/disk/mail/password.hash.age".publicKeys = [ disk enka ]; ### enka @@ -30,6 +32,5 @@ in with keys; { "hosts/enka/password.said.age".publicKeys = [ enka ]; ### shared - "hosts/password.acme.age".publicKeys = all; "modules/ssh/config.age".publicKeys = all; }