old
1{
2 lib,
3 config,
4 ...
5}: let
6 secretFileConf = {
7 format = "yaml";
8 sopsFile = ./secrets.yaml;
9 };
10in
11 lib.mkMerge (
12 [
13 {
14 sops.secrets = builtins.listToAttrs (builtins.map (x: {
15 name = "pardofelis-${x}";
16 value =
17 {
18 key = x;
19 }
20 // secretFileConf;
21 }) ["ipv4" "ipv6" "gateway" "gateway6"]);
22 }
23 ]
24 ++ lib.map (nvp: {
25 sops.secrets.${nvp.name} =
26 lib.mkIf
27 (config.modules.currentHost == "pardofelis")
28 nvp.value;
29 }) (
30 let
31 artalkConf = {
32 owner = "root";
33 group = "artalk";
34 mode = "0440";
35 };
36 autheliaMainConf = {
37 owner = "root";
38 group = "authelia-main";
39 mode = "0440";
40 };
41 in [
42 {
43 name = "freshrss-admin-password";
44 value =
45 {
46 key = "services/freshrss/defaultUserPassword";
47 owner = "root";
48 group = "freshrss";
49 mode = "0440";
50 }
51 // secretFileConf;
52 }
53 {
54 name = "grafana-admin-password";
55 value =
56 {
57 key = "services/grafana/adminPassword";
58 owner = "root";
59 group = "grafana";
60 mode = "0440";
61 }
62 // secretFileConf;
63 }
64 {
65 name = "forgejo-mailer-password";
66 value =
67 {
68 key = "services/forgejo/mailerPassword";
69 owner = "root";
70 group = "forgejo";
71 mode = "0440";
72 }
73 // secretFileConf;
74 }
75 {
76 name = "restic-backup-password";
77 value = {key = "services/restic/password";} // secretFileConf;
78 }
79 {
80 name = "forgejo-runner-token";
81 value = {key = "services/forgejo-runner/token";} // secretFileConf;
82 }
83 # === GoToSocial === #
84 {
85 name = "gotosocial-s3-endpoint";
86 value = {key = "services/gotosocial/s3Endpoint";} // secretFileConf;
87 }
88 {
89 name = "gotosocial-s3-access-key";
90 value = {key = "services/gotosocial/s3AccessKey";} // secretFileConf;
91 }
92 {
93 name = "gotosocial-s3-secret-key";
94 value = {key = "services/gotosocial/s3SecretKey";} // secretFileConf;
95 }
96 {
97 name = "gotosocial-oidc-secret";
98 value = {key = "services/gotosocial/oidcSecret";} // secretFileConf;
99 }
100 {
101 name = "gotosocial-smtp-password";
102 value = {key = "services/gotosocial/smtpPassword";} // secretFileConf;
103 }
104 {
105 name = "gotosocial-metrics-password";
106 value = {key = "services/gotosocial/metricsPassword";} // secretFileConf;
107 }
108 # === Authelia === #
109 {
110 name = "authelia-main-oidc-hmac-secret";
111 value =
112 {key = "services/authelia/main/oidcHmacSecret";}
113 // autheliaMainConf
114 // secretFileConf;
115 }
116 {
117 name = "authelia-main-oidc-issuer-private-key";
118 value =
119 {key = "services/authelia/main/oidcIssuerPrivateKey";}
120 // autheliaMainConf
121 // secretFileConf;
122 }
123 {
124 name = "authelia-main-session-secret";
125 value =
126 {key = "services/authelia/main/sessionSecret";}
127 // autheliaMainConf
128 // secretFileConf;
129 }
130 {
131 name = "authelia-main-jwt-secret";
132 value =
133 {key = "services/authelia/main/jwtSecret";}
134 // autheliaMainConf
135 // secretFileConf;
136 }
137 {
138 name = "authelia-main-storage-encryption-key";
139 value =
140 {key = "services/authelia/main/storageEncryptionKey";}
141 // autheliaMainConf
142 // secretFileConf;
143 }
144 {
145 name = "authelia-main-client-secrets-forgejo";
146 value =
147 {key = "services/authelia/main/clientSecrets/forgejo";}
148 // autheliaMainConf
149 // secretFileConf;
150 }
151 {
152 name = "authelia-main-client-secrets-gokapi";
153 value =
154 {key = "services/authelia/main/clientSecrets/gokapi";}
155 // autheliaMainConf
156 // secretFileConf;
157 }
158 {
159 name = "authelia-main-client-secrets-gts-trinnon";
160 value =
161 {key = "services/authelia/main/clientSecrets/gts-trinnon";}
162 // autheliaMainConf
163 // secretFileConf;
164 }
165 # === Artalk === #
166 {
167 name = "artalk-akismet-key";
168 value =
169 {key = "services/artalk/akismetKey";}
170 // artalkConf
171 // secretFileConf;
172 }
173 {
174 name = "artalk-app-key";
175 value =
176 {key = "services/artalk/appKey";}
177 // artalkConf
178 // secretFileConf;
179 }
180 {
181 name = "artalk-email-password";
182 value =
183 {key = "services/artalk/emailPassword";}
184 // artalkConf
185 // secretFileConf;
186 }
187 {
188 name = "artalk-github-client-id";
189 value =
190 {key = "services/artalk/githubClientId";}
191 // artalkConf
192 // secretFileConf;
193 }
194 {
195 name = "artalk-github-client-secret";
196 value =
197 {key = "services/artalk/githubClientSecret";}
198 // artalkConf
199 // secretFileConf;
200 }
201 # === Gokapi === #
202 {
203 name = "gokapi-salt-admin";
204 value = {key = "services/gokapi/saltAdmin";} // secretFileConf;
205 }
206 {
207 name = "gokapi-salt-files";
208 value = {key = "services/gokapi/saltFiles";} // secretFileConf;
209 }
210 {
211 name = "gokapi-oauth-secret";
212 value = {key = "services/gokapi/oauthSecret";} // secretFileConf;
213 }
214 ]
215 )
216 )