Don't duplicate mail password files

2025-07-29 19:17:45 +00:00 · 2024-04-22 16:29:27 +03:00 · 2024-04-22 16:29:27 +03:00 · b42ab9860c
commit b42ab9860c
parent 0be6e3650f
10 changed files with 29 additions and 38 deletions
--- a/.gitignore
+++ b/.gitignore
@ -7,7 +7,6 @@
 !hosts/cube/
 !hosts/cube/forgejo/
 !hosts/cube/grafana/
 !hosts/cube/mail/
 !hosts/cube/matrix/
 !hosts/cube/nextcloud/
--- a/hosts/cube/forgejo/default.nix
+++ b/hosts/cube/forgejo/default.nix
@ -8,7 +8,7 @@ let
  port = 8004;
 in systemConfiguration {
  secrets.forgejoMailPassword = {
-    file  = ./password.mail.age;
+    file  = ../password.plain.mail.age;
    owner = "forgejo";
  };
  secrets.forgejoRunnerPassword = {
--- a/hosts/cube/forgejo/password.mail.age
+++ b/hosts/cube/forgejo/password.mail.age
@ -1,15 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 +rZ0Tw UdpGG1O9oC4Z3OasaGJyU3TM9FkwcaXQX9+QT4Wqrjs
 RX+NdBYD+/GtOSGun8Y04S48MKLDHkQsfqjJQ0vVj18
 -> ssh-rsa jPaU3Q
 EVX4PE+5bBQm3tzrUkbPBfG7Ech9dS2Ix8ZLLWYW2DFp30F49tJvYUDLGgpRARa+
 dh0+tuiOdPHENVbyhM8pob+Jk4Ii1+ZYwQdah0bAmewJ88NAHgfNCPMuAZFsR2w7
 r+KeuMa+1PtX3llIVWqTc+pdfrPVnG/DcbQqSgs5a2NVQauMgFgT9eCrwvuWCTSQ
 dlUWdysSTYsnGHSKxSgS/MmMIFsrlxqoUUBYTFdS6yU/w6b7VFSJdGczmzD9zFMJ
 ywkregpi5y0Z8K5byroRMR1IfIl7B0CHcZbsTFqSrlDSX9Rq2D84TGwdhwBK0L17
 Yy1UM3mFIDWgWe2lBY2KRterzxF/XxfDgbDc+1d8NWANVDinoXIOLYg3QBCSupwR
 QmgjfvMcqjDSeg/QaV3PXtK/GyzVk8ehAFQpCyi+XofuavhBzP+9yk6IoHQupEAx
 mQkm1ZXRc//C5w7Svjf6DmR5KKbF/mTRr7QqJp4XuCNCHA4Bf5BQEw5p8NtfqiWh
 --- iRy3XLKWkh6sUOkUS79ZRtRAjGdvvlKRZ6L6h6cKzjE
 ¢lÚ£YÁ~‡Ï¬¶	¼šb‚Q“/¾ÐÖo×3‡ª^ùsï“¸‹}+ø‰º,B
--- a/hosts/cube/grafana/default.nix
+++ b/hosts/cube/grafana/default.nix
@ -12,7 +12,7 @@ in systemConfiguration {
    owner = "grafana";
  };
  secrets.grafanaMailPassword = {
-    file  = ./password.mail.age;
+    file  = ../password.plain.mail.age;
    owner = "grafana";
  };
--- a/hosts/cube/grafana/password.mail.age
+++ b/hosts/cube/grafana/password.mail.age
@ -1,15 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 +rZ0Tw O0H0h+hSKjcOPaWE8iDSpYsR0TGigDeyBUmHtFTCNjQ
 EHORIYFfRAoYEME9SM6l3ef6jfYmLBXEgGxZ7L+wZyA
 -> ssh-rsa jPaU3Q
 bG32pycqaE13cyS0OVqd3mI3lmP91UOgBrhnIhUv6WCDxJdQoshrUNhfF93JAI9+
 HSAsAOM1UHeffdNuucCQsoTxENCFonldrK8+cQwPyQlPSGIP5yE4hFFRUjoct0X5
 qdJsjgHAP53c5707mdwsx7lbpRLFPhW6JvA90wn1LKZPgMHBD5yQRPc+qM0NQ10b
 sOqNU8dVuuIwWGtzHm9vrw3jUZMNiH+AUJ8IcaEC8+5FFAHr1cib3+rzyUmbzrxr
 n2dXsIICLmQZVXoNPMYltcHyM6jf1a+cxh9Z7ZKhVxJvD2jXh9CqrHw5Z2xbQJTL
 rwKNE85xxwQNzldYPMGLWyfn25j08/Jx4uZHXQIGrjVQCRRy+Mmn9d05MY2BNPNC
 vpA848kn1IIM5ybBdsEXSqywoE2+r+J39JVUcQgTdXhjQwfZWcXiaq3haD6mhtRp
 0VIqnBeu4vuvgtOEnWzvqVj0k64sYs+uPVjuXrW6szcSBcHj/QLfIQ//Tw4sRpQy
 --- DRdJx69Bkj+MVtk3dlZ0gMQmHG7NC7ZbzuMGbEbNVUQ
 ¹
¦ˆñ¥ÈŽ^@„éü%˜”,ƒqå\4a©EÆQEi>ðRÛvêðÞ 
--- a/hosts/cube/mail/default.nix
+++ b/hosts/cube/mail/default.nix
@ -7,7 +7,7 @@ let
  prometheusPort = 9040;
 in systemConfiguration {
-  secrets.mailPassword.file = ./password.age;
+  secrets.mailPassword.file = ./password.plain.mail.age;
  services.prometheus = {
    exporters.postfix = enabled {
--- a/hosts/cube/mail/password.age
+++ b/hosts/cube/mail/password.age
--- a/hosts/cube/password.hash.mail.age
+++ b/hosts/cube/password.hash.mail.age
--- a/hosts/cube/password.plain.mail.age
+++ b/hosts/cube/password.plain.mail.age
@ -0,0 +1,16 @@
 age-encryption.org/v1
 -> ssh-ed25519 +rZ0Tw lq/rDwjTA4jnScCGxGy1GWRaowo0Mw3nbabRlEyQznU
 CVk3OU1TKX/kJJwKLbHsR8yX30PKRiRd9meZfd3q//U
 -> ssh-rsa jPaU3Q
 sHWdz6gQGl9SpMbNH3iwuBIXsymMTAQH/r76bMuG/q9ieSf3sLg5ylQUcZuNHWJ3
 F4LGXlzXxmn1qdqmKQY4i0Hk3CbkWUa3RmUQGwqLZHIHPPBGN1qSifUkyOJz2J1j
 cUl4mYNDeVrP3Ya5AHLdfnix11Ftmva/Bw9wSzUCCaORdGvFlprMdjI1ESKFqOM0
 sBvcGwcVovWoi/n4f4VASELUSErq5JgfHz5U58ytEZc2BEzJVXbJHEh2fo1MDSpt
 oLupdIOTTKeeLU6bwdNCbU3HoBsAjrG4GFlHr2ib9+cF+mXBd1XxSi/MmsnbPH59
 Ni88ab/dQ1INgkBzLjTurXQmMa8ZaQ5dOhd6vA72SGoRzL3p0/adHrtf6oI8Kpjn
 eYeql9Ifl475RTQSyCbqR8Y0xWGCHysNG3qPcRtt/MiclX50nrB1IUvJMxLNd2Tx
 HrBMurl8aOeOIfm1hs3eAdrxsChTbIEWvD4g9JHZg+t4fd0eSeWC9P9Za/5XXAuf
 --- 0v8HOdMoYyvq1YKwSdgBCho2WJ3KKX/S5YOD5gkBObA
 ¾×pŠ4EÌ42Cn&JËzåÖ°'´Íð
 ]<5D>=ÃÙ¸ä}{Èmãw‡àŸÊ›
--- a/secrets.nix
+++ b/secrets.nix
@ -1,24 +1,30 @@
 let
  keys = import ./keys.nix;
 in with keys; {
  ### cube
  "hosts/cube/password.rgb.age".publicKeys       = [ cube enka ];
-  "hosts/cube/forgejo/password.mail.age".publicKeys   = [ cube enka ];
+  "hosts/cube/password.plain.mail.age".publicKeys = [ cube enka ];
  "hosts/cube/password.hash.mail.age".publicKeys  = [ cube enka ];
  "hosts/cube/forgejo/password.runner.age".publicKeys = [ cube enka ];
  "hosts/cube/grafana/password.age".publicKeys      = [ cube enka ];
  "hosts/cube/grafana/password.mail.age".publicKeys = [ cube enka ];
  "hosts/cube/matrix/password.secret.age".publicKeys = [ cube enka ];
  "hosts/cube/matrix/password.sync.age".publicKeys   = [ cube enka ];
-  "hosts/cube/mail/password.age".publicKeys      = [ cube enka ];
+  "hosts/cube/nextcloud/password.age".publicKeys  = [ cube enka ];
-  "hosts/cube/nextcloud/password.age".publicKeys = [ cube enka ];
+
  ### disk
  "hosts/disk/password.floppy.age".publicKeys = [ disk enka ];
  ### enka
  "hosts/enka/password.orhan.age".publicKeys = [ enka ];
  "hosts/enka/password.said.age".publicKeys  = [ enka ];
  ### shared
  "hosts/password.acme.age".publicKeys = [ cube disk enka ];
 }