aciceri/nixfleet
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

New secrets

Browse source
This commit is contained in:
Andrea Ciceri 2023-04-11 23:45:09 +02:00
parent 7d3ebe773b
commit 58e7ae54f0
Signed by: aciceri
SSH key fingerprint: SHA256:/AagBweyV4Hlfg9u092n8hbHwD5fcB6A3qhDiDA65Rg
1 changed files with 13 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
hosts/default.nix
View file

@ -36,6 +36,11 @@
type = lib.types.path; type = lib.types.path;
default = "${self.outPath}/secrets/${name}.age"; default = "${self.outPath}/secrets/${name}.age";
}; };
mode = lib.mkOption {
# TODO improve type
type = lib.types.str;
default = "0440";
};
}; };
})); }));
default = {}; default = {};
@ -116,7 +121,7 @@
lib.mapAttrs' (name: _: { lib.mapAttrs' (name: _: {
name = builtins.baseNameOf name; name = builtins.baseNameOf name;
value = { value = {
inherit (config.secrets.${name}) owner group file; inherit (config.secrets.${name}) owner group file mode;
}; };
}) })
filteredSecrets; filteredSecrets;
@ -177,7 +182,10 @@
}; };
hs = {}; hs = {};
mothership = { mothership = {
extraModules = [inputs.disko.nixosModules.disko]; extraModules = with inputs; [
disko.nixosModules.disko
nix-serve-ng.nixosModules.default
];
extraHmModules = [ extraHmModules = [
inputs.ccrEmacs.hmModules.default inputs.ccrEmacs.hmModules.default
{ {
@ -195,6 +203,9 @@
"cachix-personal-token".owner = "ccr"; "cachix-personal-token".owner = "ccr";
"git-workspace-tokens".owner = "ccr"; "git-workspace-tokens".owner = "ccr";
"magit-forge-github-token".owner = "ccr"; "magit-forge-github-token".owner = "ccr";
"hydra-admin-password".owner = "root";
"hydra-github-token".group = "hydra";
"cache-private-key".owner = "nix-serve";
}; };
}; };
}; };