Skip to content

Commit

Permalink
modules (nextcloud): Separate secret entries by service
Browse files Browse the repository at this point in the history
  • Loading branch information
@britter
britter committed Jun 28, 2024
1 parent 988dae8 commit de44770
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 8 deletions.
8 changes: 4 additions & 4 deletions modules/nixos/nextcloud/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ in {
};

config = lib.mkIf cfg.enable {
sops.secrets.nextcloud-admin-pass = {
sops.secrets."nextcloud/admin-pass" = {
owner = "nextcloud";
};

Expand All @@ -20,7 +20,7 @@ in {
package = pkgs.nextcloud29;
hostName = "nextcloud.ritter.family";
config = {
adminpassFile = config.sops.secrets.nextcloud-admin-pass.path;
adminpassFile = config.sops.secrets."nextcloud/admin-pass".path;
};
extraApps = {
inherit (config.services.nextcloud.package.packages.apps) bookmarks calendar contacts cookbook deck memories richdocuments;
Expand All @@ -40,9 +40,9 @@ in {

users.users.nginx.extraGroups = ["acme"];

sops.secrets.acme-cloudflare-dns-api-token = {};
sops.secrets."acme/cloudflare-dns-api-token" = {};
sops.templates."acme-cloudflare-dns-api-token.env".content = ''
CLOUDFLARE_DNS_API_TOKEN=${config.sops.placeholder.acme-cloudflare-dns-api-token}
CLOUDFLARE_DNS_API_TOKEN=${config.sops.placeholder."acme/cloudflare-dns-api-token"}
'';

security.acme = {
Expand Down
10 changes: 6 additions & 4 deletions systems/x86_64-linux/cyberoffice/secrets.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
acme-cloudflare-dns-api-token: ENC[AES256_GCM,data:Rasop44i1UlEs6yMsyQwuCR077O1J3fpYtBIFYs/97I8eCWMeQVDVw==,iv:Uli5ekx40OWXvrbJe+NGGfRZQpCUFNlsTLrC5f0Gu9c=,tag:A0Vb2IsGOIMkK090CJcl3Q==,type:str]
nextcloud-admin-pass: ENC[AES256_GCM,data:cR0RbTQ2nO2ca5+n9MA3myM48xbkMzWLaIpCqFPk5eSlzrQT,iv:u3fpasNzKCsf+q8KjLrdYE8tZnHywM4SDzVyoc0sLdk=,tag:YIj3WW5SfHsFWqn4Hrl7Ow==,type:str]
acme:
cloudflare-dns-api-token: ENC[AES256_GCM,data:UHBQ+Qq+BFWc1j/BdmQSVKpnrRUDvsJGUu3WzqaT6ymW/5FF2oZ7UA==,iv:eUUNMKtd3GrPFWHIUTeaHDhP+WBu93SjpFYFLKy+FPE=,tag:rDMCoCofgGePtIWzo/hONQ==,type:str]
nextcloud:
admin-pass: ENC[AES256_GCM,data:8Go/vQTuLLBZ99AHXgiMtKKdUAxnjwK7qhGjpcTkoM5tUUBj,iv:r5ZzJ/nv5umJcR4TIKuB2crPoOfUnPv9grJVh2FAITQ=,tag:+pVhbMnc49yjBgPTuUOj5A==,type:str]
sops:
kms: []
gcp_kms: []
Expand All @@ -24,8 +26,8 @@ sops:
UlJpOFJjcW83R1Q1T09OeDNDbWlrSU0K+0SwyJTJmz6j7+DaCdEb9mUTS1o9HVfJ
VVIgAcnv7HkUVJ/tfK3RuoSb0Ajd9R4iwR7/61mod7bHAHfCU972Ig==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-28T09:15:25Z"
mac: ENC[AES256_GCM,data:wNsYkgKyeqX07woez5j3syJGXgBpy+nxkEwyj6FrLvMrcaIFT5d9D/v2/LrzhE5Xh1wPCJkwuf42+eqzGkFMN2JVdkPTcNxUkHM2jH2TjSvC6uYUF/3l/SydvjnRS5oO/o9wYjUMRazVMggQdLJYJu5Ts9cVg8TFhRp61yAVu4w=,iv:4ukS9SMa9FS1HSPsfWKgVXGdvMWG+yBV8f1d4BRE4Gc=,tag:5nTTRFBHCQi2tvg0WQLprQ==,type:str]
lastmodified: "2024-06-28T10:53:05Z"
mac: ENC[AES256_GCM,data:xnaT7KzuJ8f0K44u6arc/PjRpOKfMHe6MemHKGTDXQ+UbWDhZKpotdk+7sYs3Ck0gPRRZha3LT0UlGNd/iq8JOF6aXOKBrTVeXqwuNpyW7YTQn7O4+rFI4U+CQiDP0KIi+ZwHbZOEhqghVLiG2LHv4n8tq/goUqClVJtxWB3qDw=,iv:iZGDGam/+uN0CHD20rusUiLCC9XsX0usYuGrMoVwmWg=,tag:+NkpBKEIG/yiUmUETGeTbw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

0 comments on commit de44770

Please sign in to comment.