chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Start using age for secret management

Browse source
This commit is contained in:
Charlotte Van Petegem 2021-06-20 00:18:20 +02:00
parent 276c8f33c8
commit da9160559c
No known key found for this signature in database
GPG key ID: 019E764B7184435A
39 changed files with 281 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

4
containers/data-access/config.nix
View file

@ -16,8 +16,8 @@
enable = true;
permitRootLogin = "no";
hostKeys = [
{ bits = 4096; path = "/var/secrets/ssh_host_rsa_key"; type = "rsa"; }
{ path = "/var/secrets/ssh_host_ed25519_key"; type = "ed25519"; }
{ bits = 4096; path = "/run/secrets/ssh_host_rsa_key"; type = "rsa"; }
{ path = "/run/secrets/ssh_host_ed25519_key"; type = "ed25519"; }
];
};
}

9
containers/data-access/default.nix
View file

@ -14,8 +14,8 @@
hostPath = "/srv/data";
isReadOnly = false;
};
"/var/secrets" = {
hostPath = "${config.chvp.dataPrefix}/var/secrets/data-access";
"/run/secrets" = {
hostPath = "/run/secrets/data-access";
isReadOnly = true;
};
};
@ -26,5 +26,10 @@
localAddress6 = "fc00::2";
config = import ./config.nix;
};
age.secrets."data-access/ssh_host_rsa_key".file = ../../secrets/data-access/ssh_host_rsa_key.age;
age.secrets."data-access/ssh_host_rsa_key.pub".file = ../../secrets/data-access/ssh_host_rsa_key.pub.age;
age.secrets."data-access/ssh_host_ed25519_key".file = ../../secrets/data-access/ssh_host_ed25519_key.age;
age.secrets."data-access/ssh_host_ed25519_key.pub".file = ../../secrets/data-access/ssh_host_ed25519_key.pub.age;
};
}