chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Start using age for secret management

Browse source
This commit is contained in:
Charlotte Van Petegem 2021-06-20 00:18:20 +02:00
parent 276c8f33c8
commit da9160559c
No known key found for this signature in database
GPG key ID: 019E764B7184435A
39 changed files with 281 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

20
configurations/mounts.nix
View file

@ -1,7 +1,25 @@
{ pkgs, ... }:
let
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in
{
imports = [ ./mounts/secret.nix ];
fileSystems = {
"/mnt/ugent/files" = {
device = "//files.ugent.be/ecvpeteg";
fsType = "cifs";
options = [ "credentials=/run/secrets/passwords/ugent-mount-credentials,${automount_opts},users,vers=3.0,noperm,domain=UGENT,sec=ntlmv2i" ];
noCheck = true;
};
"/mnt/ugent/webhost" = {
device = "//webhost.ugent.be/ecvpeteg";
fsType = "cifs";
options = [ "credentials=/run/secrets/passwords/ugent-mount-credentials,${automount_opts},users,vers=3.0" ];
noCheck = true;
};
};
age.secrets."passwords/ugent-mount-credentials".file = ../secrets/passwords/ugent-mount-credentials.age;
environment.systemPackages = [ pkgs.keyutils ];
# Remove this once https://github.com/NixOS/nixpkgs/issues/34638 is resolved

BIN
configurations/mounts/secret.nix
View file

Binary file not shown.