diff options
| author | seth <[email protected]> | 2023-05-03 12:43:16 -0400 |
|---|---|---|
| committer | seth <[email protected]> | 2023-05-03 12:43:16 -0400 |
| commit | dd0f82a707e76fb7c32442b11bb6cda56e1d05d5 (patch) | |
| tree | 48bd6e6b49c556b872bd70dc16478f309d65cb15 /hosts | |
| parent | d5aa9c43eec40a85a31b9962797dba6a5dc3d039 (diff) | |
overhaul secrets
Diffstat (limited to 'hosts')
| -rw-r--r-- | hosts/atlas/default.nix | 9 | ||||
| -rw-r--r-- | hosts/default.nix | 19 | ||||
| -rw-r--r-- | hosts/p-body/default.nix | 9 |
3 files changed, 28 insertions, 9 deletions
diff --git a/hosts/atlas/default.nix b/hosts/atlas/default.nix index b8133a1..35692bf 100644 --- a/hosts/atlas/default.nix +++ b/hosts/atlas/default.nix @@ -42,7 +42,14 @@ }; services = { - hercules-ci-agent.enable = true; + hercules-ci-agent = { + enable = true; + settings = { + binaryCachesPath = config.age.secrets.binaryCache.path; + clusterJoinTokenPath = config.age.secrets.clusterToken.path; + secretsJsonPath = config.age.secrets.secretsJson.path; + }; + }; }; system.stateVersion = "22.11"; diff --git a/hosts/default.nix b/hosts/default.nix index 11f0046..0aa47a3 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -16,9 +16,8 @@ with inputs; let age = { identityPaths = ["/etc/age/key"]; secrets = { - rootPassword.file = "${self}/users/_secrets/rootPassword.age"; - sethPassword.file = "${self}/users/_secrets/sethPassword.age"; - pbodyPassword.file = "${self}/users/_secrets/pbodyPassword.age"; + rootPassword.file = "${self}/secrets/shared/rootPassword.age"; + sethPassword.file = "${self}/secrets/shared/sethPassword.age"; }; }; @@ -93,8 +92,11 @@ in { age = { identityPaths = ["/etc/age/key"]; secrets = { - rootPassword.file = "${self}/users/_secrets/rootPassword.age"; - atlasPassword.file = "${self}/users/_secrets/atlasPassword.age"; + rootPassword.file = "${self}/secrets/hosts/atlas/rootPassword.age"; + atlasPassword.file = "${self}/secrets/hosts/atlas/atlasPassword.age"; + binaryCache.file = "${self}/secrets/hosts/atlas/binaryCache.age"; + clusterToken.file = "${self}/secrets/hosts/atlas/clusterToken.age"; + secretsJson.file = "${self}/secrets/hosts/atlas/secretsJson.age"; }; }; @@ -125,8 +127,11 @@ in { age = { identityPaths = ["/etc/age/key"]; secrets = { - rootPassword.file = "${self}/users/_secrets/rootPassword.age"; - pbodyPassword.file = "${self}/users/_secrets/pbodyPassword.age"; + rootPassword.file = "${self}/secrets/hosts/p-body/rootPassword.age"; + pbodyPassword.file = "${self}/secrets/hosts/p-body/pbodyPassword.age"; + binaryCache.file = "${self}/secrets/hosts/p-body/binaryCache.age"; + clusterToken.file = "${self}/secrets/hosts/p-body/clusterToken.age"; + secretsJson.file = "${self}/secrets/hosts/p-body/secretsJson.age"; }; }; diff --git a/hosts/p-body/default.nix b/hosts/p-body/default.nix index 1f598e8..5b7be66 100644 --- a/hosts/p-body/default.nix +++ b/hosts/p-body/default.nix @@ -108,7 +108,14 @@ # }; #}; - hercules-ci-agent.enable = true; + hercules-ci-agent = { + enable = true; + settings = { + binaryCachesPath = config.age.secrets.binaryCache.path; + clusterJoinTokenPath = config.age.secrets.clusterToken.path; + secretsJsonPath = config.age.secrets.secretsJson.path; + }; + }; guzzle-api = { enable = true; |