commit d3e5b351efad42a744e5fe3c7e11504bccb10f99 · pyrox.dev/nix

+2

modules/nixos/default-config/secrets/secrets.nix

···

       4
       4
        
         yubi-back = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTVGi3PItsbUhFgnFZlqo1iUggL4npMg94+9FsyhEPfShcQwJK2/jJzjv5S9KPuk3cY7aoqyVFLbnasSBZPXmscJmOiVNvtWvHoC3QPXvf3IAcVZ5KOLpY2NJlPx/pAb31C6ewtg8v3VlyhL4zEp6M+AGwXX51tFDh2GnYD+7SNF+aMhKCrX63syAhgPy3F8mZ2RIDLAu+lsYlwdpWRkSEv9kcjX/6+3QgUWjfPBaKEeYID22ihSuj7+AiuAt0gM4q0TY/Hpcx+qDLonrIuBnm1hMZDgbv//D0sHIUxJQkGTKTEbkZxoh0Qri7UV/V6l3mETaG40deuemMU7RFY7Khl8RajNZ+9z0FdquS/HCt8+fYQk6eLneJrMIQ1bI4awrtblG3P2Yf2QUu+H3kfCQe44R3WjUugTbNtumVgyQBzl2dzlIVn1pZBeyZy70XCgbaFKkDR8Y/qZiUoZ0afP3vTOXhkn5UBfutTKwUiSGh3S8Ge5YhNgKHWE2eQp1ckEm0IMJV/q5Nsw/yBBXj/kfD8ekz96LQ+gP5JFLq4EaipXI7FM4aZNOBUZU1l/sCEuq7m997nrBucTKqGm7Ho3rq7bgdj4f6GyUJXSMOM1cN61LLrRumZGGTH8WghVL7ligxZyNFcQoudR8jfpf4mrgRxipQOe1A2umvuufMr+l/bw==";

     

       5
       5
        
         yubi-main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBsOIMMZVmleClXfqUMrnmyh8PFuyiJqHKEZ51Xy746";

     

       6
       6
        
         backup = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyTiGctsHaTUlRJn2XQ/745dD0UWGWO8W0en8J5rf7BLI8lL/hPUmbNt45vC5754LXcBjnp1t/1FNgiGhvNZIWJpC+elBmhyMhg8z1exRZPD+as7XaH7scnij2vSbSphQFUqH433ggAGe77x5bc7wKFp9n7vj8G1u0JJxMEe1M7kNFY0+ShNtaHna3LxiQOVcW7qVlNKZP8Ol1V7kZLblRADCJMTYOXDIbktA8bbGRfGhbNjJGkL665qz36haYwb2i6A4sC7Y583N8ro8hIDG/ByJqwbl/Sz4rSxkT6G4+OdBvS6sa7TovNXHjmQCculMIltdog7UhgyBsim1sTzxAen3YyFRi1Cz/kLM0oH39m/W4IoMvJcNZCJ3ItLgy+lEVMd87jVOqfuq/hyjHVI0wJtU2Si2HTxv7aKL8gPzqXwbNH+nhkhlQ0ZH8zKVBunOgLDgsmGIky5X/T3bpWZpIoFkOR7AYrId/5dOeGM3pHhHb6woZ3SRubZ43Ah/VdJM=";

     

       7
       7
       +
         marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP60B1IOdfJRrDcCKajMV8YJNC01gSsccZi3DKHlS6YJ";

     

       7
       8
        
         servers = [

     

       8
       9
        
           prefect

     

       9
       10
        
           thought

     

       11
       11
       +
           marvin

     

       10
       12
        
         ];

     

       11
       13
        
         personal = [

     

       12
       14
        
           yubi-back

systems/x86_64-linux/marvin/secrets/authentik-env.age systems/x86_64-linux/marvin/services/secrets/authentik-env.age

systems/x86_64-linux/marvin/secrets/buildbot-gitea-token.age systems/x86_64-linux/marvin/services/secrets/buildbot-gitea-token.age

systems/x86_64-linux/marvin/secrets/buildbot-oauth-secret.age systems/x86_64-linux/marvin/services/secrets/buildbot-oauth-secret.age

systems/x86_64-linux/marvin/secrets/buildbot-worker-password.age systems/x86_64-linux/marvin/services/secrets/buildbot-worker-password.age

systems/x86_64-linux/marvin/secrets/buildbot-workers.age systems/x86_64-linux/marvin/services/secrets/buildbot-workers.age

systems/x86_64-linux/marvin/secrets/forgejo-db-pw.age systems/x86_64-linux/marvin/services/secrets/forgejo-db-pw.age

systems/x86_64-linux/marvin/secrets/forgejo-default-runner-token.age systems/x86_64-linux/marvin/services/secrets/forgejo-default-runner-token.age

systems/x86_64-linux/marvin/secrets/forgejo-gitgay-runner-token.age systems/x86_64-linux/marvin/services/secrets/forgejo-gitgay-runner-token.age

systems/x86_64-linux/marvin/secrets/forgejo-internal-token.age systems/x86_64-linux/marvin/services/secrets/forgejo-internal-token.age

systems/x86_64-linux/marvin/secrets/forgejo-lfs-jwt-secret.age systems/x86_64-linux/marvin/services/secrets/forgejo-lfs-jwt-secret.age

systems/x86_64-linux/marvin/secrets/forgejo-mail-pw.age systems/x86_64-linux/marvin/services/secrets/forgejo-mail-pw.age

systems/x86_64-linux/marvin/secrets/forgejo-oauth2-jwt-secret.age systems/x86_64-linux/marvin/services/secrets/forgejo-oauth2-jwt-secret.age

systems/x86_64-linux/marvin/secrets/forgejo-secret-key.age systems/x86_64-linux/marvin/services/secrets/forgejo-secret-key.age

systems/x86_64-linux/marvin/secrets/golink-authkey.age systems/x86_64-linux/marvin/services/secrets/golink-authkey.age

systems/x86_64-linux/marvin/secrets/grafana-admin-password.age systems/x86_64-linux/marvin/services/secrets/grafana-admin-password.age

systems/x86_64-linux/marvin/secrets/grafana-smtp-password.age systems/x86_64-linux/marvin/services/secrets/grafana-smtp-password.age

systems/x86_64-linux/marvin/secrets/iceshrimp-db-password.age systems/x86_64-linux/marvin/services/secrets/iceshrimp-db-password.age

systems/x86_64-linux/marvin/secrets/iceshrimp-secret-config.age systems/x86_64-linux/marvin/services/secrets/iceshrimp-secret-config.age

systems/x86_64-linux/marvin/secrets/minio-root.age systems/x86_64-linux/marvin/services/secrets/minio-root.age

systems/x86_64-linux/marvin/secrets/nextcloud-admin-pw.age systems/x86_64-linux/marvin/services/nextcloud/nextcloud-admin-pw.age

systems/x86_64-linux/marvin/secrets/nix-serve-priv.age systems/x86_64-linux/marvin/services/secrets/nix-serve-priv.age

systems/x86_64-linux/marvin/secrets/planka-env.age systems/x86_64-linux/marvin/services/secrets/planka-env.age

-40

systems/x86_64-linux/marvin/secrets/secrets.nix

···

       1
       1
       -
       let

     

       2
       2
       -
         ssh-new = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxOg9nOtfbedq9AlnXNVUfyU8Mwfj4IB7HX/4VoWeXP";

     

       3
       3
       -
         yubi-back = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTVGi3PItsbUhFgnFZlqo1iUggL4npMg94+9FsyhEPfShcQwJK2/jJzjv5S9KPuk3cY7aoqyVFLbnasSBZPXmscJmOiVNvtWvHoC3QPXvf3IAcVZ5KOLpY2NJlPx/pAb31C6ewtg8v3VlyhL4zEp6M+AGwXX51tFDh2GnYD+7SNF+aMhKCrX63syAhgPy3F8mZ2RIDLAu+lsYlwdpWRkSEv9kcjX/6+3QgUWjfPBaKEeYID22ihSuj7+AiuAt0gM4q0TY/Hpcx+qDLonrIuBnm1hMZDgbv//D0sHIUxJQkGTKTEbkZxoh0Qri7UV/V6l3mETaG40deuemMU7RFY7Khl8RajNZ+9z0FdquS/HCt8+fYQk6eLneJrMIQ1bI4awrtblG3P2Yf2QUu+H3kfCQe44R3WjUugTbNtumVgyQBzl2dzlIVn1pZBeyZy70XCgbaFKkDR8Y/qZiUoZ0afP3vTOXhkn5UBfutTKwUiSGh3S8Ge5YhNgKHWE2eQp1ckEm0IMJV/q5Nsw/yBBXj/kfD8ekz96LQ+gP5JFLq4EaipXI7FM4aZNOBUZU1l/sCEuq7m997nrBucTKqGm7Ho3rq7bgdj4f6GyUJXSMOM1cN61LLrRumZGGTH8WghVL7ligxZyNFcQoudR8jfpf4mrgRxipQOe1A2umvuufMr+l/bw==";

     

       4
       4
       -
         # yubi-main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBsOIMMZVmleClXfqUMrnmyh8PFuyiJqHKEZ51Xy746";

     

       5
       5
       -
         # backup = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyTiGctsHaTUlRJn2XQ/745dD0UWGWO8W0en8J5rf7BLI8lL/hPUmbNt45vC5754LXcBjnp1t/1FNgiGhvNZIWJpC+elBmhyMhg8z1exRZPD+as7XaH7scnij2vSbSphQFUqH433ggAGe77x5bc7wKFp9n7vj8G1u0JJxMEe1M7kNFY0+ShNtaHna3LxiQOVcW7qVlNKZP8Ol1V7kZLblRADCJMTYOXDIbktA8bbGRfGhbNjJGkL665qz36haYwb2i6A4sC7Y583N8ro8hIDG/ByJqwbl/Sz4rSxkT6G4+OdBvS6sa7TovNXHjmQCculMIltdog7UhgyBsim1sTzxAen3YyFRi1Cz/kLM0oH39m/W4IoMvJcNZCJ3ItLgy+lEVMd87jVOqfuq/hyjHVI0wJtU2Si2HTxv7aKL8gPzqXwbNH+nhkhlQ0ZH8zKVBunOgLDgsmGIky5X/T3bpWZpIoFkOR7AYrId/5dOeGM3pHhHb6woZ3SRubZ43Ah/VdJM=";

     

       6
       6
       -
         marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP60B1IOdfJRrDcCKajMV8YJNC01gSsccZi3DKHlS6YJ";

     

       7
       7
       -
         # me = [yubi-main yubi-back backup ssh-new];

     

       8
       8
       -
         default = [

     

       9
       9
       -
           marvin

     

       10
       10
       -
           yubi-back

     

       11
       11
       -
           ssh-new

     

       12
       12
       -
         ];

     

       13
       13
       -
       in

     

       14
       14
       -
       {

     

       15
       15
       -
         "authentik-env.age".publicKeys = default;

     

       16
       16
       -
         "buildbot-worker-password.age".publicKeys = default;

     

       17
       17
       -
         "buildbot-gitea-token.age".publicKeys = default;

     

       18
       18
       -
         "buildbot-oauth-secret.age".publicKeys = default;

     

       19
       19
       -
         "buildbot-workers.age".publicKeys = default;

     

       20
       20
       -
         "forgejo-db-pw.age".publicKeys = default;

     

       21
       21
       -
         "forgejo-mail-pw.age".publicKeys = default;

     

       22
       22
       -
         "forgejo-default-runner-token.age".publicKeys = default;

     

       23
       23
       -
         "forgejo-gitgay-runner-token.age".publicKeys = default;

     

       24
       24
       -
         "forgejo-internal-token.age".publicKeys = default;

     

       25
       25
       -
         "forgejo-lfs-jwt-secret.age".publicKeys = default;

     

       26
       26
       -
         "forgejo-oauth2-jwt-secret.age".publicKeys = default;

     

       27
       27
       -
         "forgejo-secret-key.age".publicKeys = default;

     

       28
       28
       -
         "golink-authkey.age".publicKeys = default;

     

       29
       29
       -
         "grafana-admin-password.age".publicKeys = default;

     

       30
       30
       -
         "grafana-smtp-password.age".publicKeys = default;

     

       31
       31
       -
         "iceshrimp-secret-config.age".publicKeys = default;

     

       32
       32
       -
         "iceshrimp-db-password.age".publicKeys = default;

     

       33
       33
       -
         "minio-root.age".publicKeys = default;

     

       34
       34
       -
         "nextcloud-admin-pw.age".publicKeys = default;

     

       35
       35
       -
         "nix-serve-priv.age".publicKeys = default;

     

       36
       36
       -
         "planka-env.age".publicKeys = default;

     

       37
       37
       -
         "vaultwarden-vars.age".publicKeys = default;

     

       38
       38
       -
         "vaultwarden-pgpass.age".publicKeys = default;

     

       39
       39
       -
         "webmentiond-env.age".publicKeys = default;

     

       40
       40
       -
       }

systems/x86_64-linux/marvin/secrets/thehedgehog-key.age systems/x86_64-linux/marvin/services/secrets/thehedgehog-key.age

systems/x86_64-linux/marvin/secrets/thehedgehog-pem.age systems/x86_64-linux/marvin/services/secrets/thehedgehog-pem.age

systems/x86_64-linux/marvin/secrets/vaultwarden-pgpass.age systems/x86_64-linux/marvin/services/secrets/vaultwarden-pgpass.age

systems/x86_64-linux/marvin/secrets/vaultwarden-vars.age systems/x86_64-linux/marvin/services/secrets/vaultwarden-vars.age

systems/x86_64-linux/marvin/secrets/webmentiond-env.age systems/x86_64-linux/marvin/services/secrets/webmentiond-env.age

+1 -1

systems/x86_64-linux/marvin/services/authentik.nix

···

       81
       81
        
             };

     

       82
       82
        
           };

     

       83
       83
        
         age.secrets.authentik-env = {

     

       84
       84
       -
           file = ../secrets/authentik-env.age;

     

       84
       84
       +
           file = ./secrets/authentik-env.age;

     

       85
       85
        
           owner = "thehedgehog";

     

       86
       86
        
           group = "misc";

     

       87
       87
        
         };

+3 -3

systems/x86_64-linux/marvin/services/buildbot.nix

···

       41
       41
        
         };

     

       42
       42
        
         age.secrets = {

     

       43
       43
        
           buildbot-gitea-token = bbSecret // {

     

       44
       44
       -
             file = ../secrets/buildbot-gitea-token.age;

     

       44
       44
       +
             file = ./secrets/buildbot-gitea-token.age;

     

       45
       45
        
           };

     

       46
       46
        
           buildbot-oauth-secret = bbSecret // {

     

       47
       47
       -
             file = ../secrets/buildbot-oauth-secret.age;

     

       47
       47
       +
             file = ./secrets/buildbot-oauth-secret.age;

     

       48
       48
        
           };

     

       49
       49
        
           buildbot-workers = bbSecret // {

     

       50
       50
       -
             file = ../secrets/buildbot-workers.age;

     

       50
       50
       +
             file = ./secrets/buildbot-workers.age;

     

       51
       51
        
           };

     

       52
       52
        
         };

     

       53
       53
        
       }

+8 -8

systems/x86_64-linux/marvin/services/git.nix

···

       121
       121
        
         };

     

       122
       122
        
         age.secrets = {

     

       123
       123
        
           forgejo-db-pw = forgejoSecret // {

     

       124
       124
       -
             file = ../secrets/forgejo-db-pw.age;

     

       124
       124
       +
             file = ./secrets/forgejo-db-pw.age;

     

       125
       125
        
           };

     

       126
       126
        
           forgejo-mail-pw = forgejoSecret // {

     

       127
       127
       -
             file = ../secrets/forgejo-mail-pw.age;

     

       127
       127
       +
             file = ./secrets/forgejo-mail-pw.age;

     

       128
       128
        
           };

     

       129
       129
        
           forgejo-default-runner-token = forgejoSecret // {

     

       130
       130
       -
             file = ../secrets/forgejo-default-runner-token.age;

     

       130
       130
       +
             file = ./secrets/forgejo-default-runner-token.age;

     

       131
       131
        
           };

     

       132
       132
        
           forgejo-gitgay-runner-token = forgejoSecret // {

     

       133
       133
       -
             file = ../secrets/forgejo-gitgay-runner-token.age;

     

       133
       133
       +
             file = ./secrets/forgejo-gitgay-runner-token.age;

     

       134
       134
        
           };

     

       135
       135
        
           forgejo-internal-token = forgejoSecret // {

     

       136
       136
       -
             file = ../secrets/forgejo-internal-token.age;

     

       136
       136
       +
             file = ./secrets/forgejo-internal-token.age;

     

       137
       137
        
           };

     

       138
       138
        
           forgejo-oauth2-jwt-secret = forgejoSecret // {

     

       139
       139
       -
             file = ../secrets/forgejo-oauth2-jwt-secret.age;

     

       139
       139
       +
             file = ./secrets/forgejo-oauth2-jwt-secret.age;

     

       140
       140
        
           };

     

       141
       141
        
           forgejo-lfs-jwt-secret = forgejoSecret // {

     

       142
       142
       -
             file = ../secrets/forgejo-lfs-jwt-secret.age;

     

       142
       142
       +
             file = ./secrets/forgejo-lfs-jwt-secret.age;

     

       143
       143
        
           };

     

       144
       144
        
           forgejo-secret-key = forgejoSecret // {

     

       145
       145
       -
             file = ../secrets/forgejo-secret-key.age;

     

       145
       145
       +
             file = ./secrets/forgejo-secret-key.age;

     

       146
       146
        
           };

     

       147
       147
        
         };

     

       148
       148
        
       }

+1 -1

systems/x86_64-linux/marvin/services/golink.nix

···

       4
       4
        
           tailscaleAuthKeyFile = /run/agenix/golink-authkey;

     

       5
       5
        
         };

     

       6
       6
        
         age.secrets.golink-authkey = {

     

       7
       7
       -
           file = ../secrets/golink-authkey.age;

     

       7
       7
       +
           file = ./secrets/golink-authkey.age;

     

       8
       8
        
           path = "/run/agenix/golink-authkey";

     

       9
       9
        
           owner = "golink";

     

       10
       10
        
           group = "golink";

+2 -2

systems/x86_64-linux/marvin/services/grafana.nix

···

       44
       44
        
         };

     

       45
       45
        
         age.secrets = {

     

       46
       46
        
           grafana-admin = {

     

       47
       47
       -
             file = ../secrets/grafana-admin-password.age;

     

       47
       47
       +
             file = ./secrets/grafana-admin-password.age;

     

       48
       48
        
             owner = "grafana";

     

       49
       49
        
             group = "grafana";

     

       50
       50
        
           };

     

       51
       51
        
           grafana-smtp-password = {

     

       52
       52
       -
             file = ../secrets/grafana-smtp-password.age;

     

       52
       52
       +
             file = ./secrets/grafana-smtp-password.age;

     

       53
       53
        
             owner = "grafana";

     

       54
       54
        
             group = "grafana";

     

       55
       55
        
           };

+2 -2

systems/x86_64-linux/marvin/services/iceshrimp.nix

···

       83
       83
        
         age.secrets = {

     

       84
       84
        
           iceshrimp-secret-config = {

     

       85
       85
        
             inherit (config.services.iceshrimp) group;

     

       86
       86
       -
             file = ../secrets/iceshrimp-secret-config.age;

     

       86
       86
       +
             file = ./secrets/iceshrimp-secret-config.age;

     

       87
       87
        
             owner = config.services.iceshrimp.user;

     

       88
       88
        
           };

     

       89
       89
        
           iceshrimp-db-password = {

     

       90
       90
       -
             file = ../secrets/iceshrimp-db-password.age;

     

       90
       90
       +
             file = ./secrets/iceshrimp-db-password.age;

     

       91
       91
        
             owner = "postgres";

     

       92
       92
        
             group = "postgres";

     

       93
       93
        
           };

+1 -1

systems/x86_64-linux/marvin/services/nextcloud/default.nix

···

       89
       89
        
           nginx.recommendedHttpHeaders = true;

     

       90
       90
        
         };

     

       91
       91
        
         age.secrets.nextcloud-admin-pw = {

     

       92
       92
       -
           file = ../../secrets/nextcloud-admin-pw.age;

     

       92
       92
       +
           file = ./nextcloud-admin-pw.age;

     

       93
       93
        
           owner = "nextcloud";

     

       94
       94
        
           group = "nextcloud";

     

       95
       95
        
         };

+1 -1

systems/x86_64-linux/marvin/services/planka.nix

···

       35
       35
        
           };

     

       36
       36
        
         };

     

       37
       37
        
         age.secrets.planka-env = {

     

       38
       38
       -
           file = ../secrets/planka-env.age;

     

       38
       38
       +
           file = ./secrets/planka-env.age;

     

       39
       39
        
           owner = "thehedgehog";

     

       40
       40
        
           group = "misc";

     

       41
       41
        
         };

+37

systems/x86_64-linux/marvin/services/secrets/secrets.nix

···

       1
       1
       +
       let

     

       2
       2
       +
         ssh-new = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxOg9nOtfbedq9AlnXNVUfyU8Mwfj4IB7HX/4VoWeXP";

     

       3
       3
       +
         yubi-back = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTVGi3PItsbUhFgnFZlqo1iUggL4npMg94+9FsyhEPfShcQwJK2/jJzjv5S9KPuk3cY7aoqyVFLbnasSBZPXmscJmOiVNvtWvHoC3QPXvf3IAcVZ5KOLpY2NJlPx/pAb31C6ewtg8v3VlyhL4zEp6M+AGwXX51tFDh2GnYD+7SNF+aMhKCrX63syAhgPy3F8mZ2RIDLAu+lsYlwdpWRkSEv9kcjX/6+3QgUWjfPBaKEeYID22ihSuj7+AiuAt0gM4q0TY/Hpcx+qDLonrIuBnm1hMZDgbv//D0sHIUxJQkGTKTEbkZxoh0Qri7UV/V6l3mETaG40deuemMU7RFY7Khl8RajNZ+9z0FdquS/HCt8+fYQk6eLneJrMIQ1bI4awrtblG3P2Yf2QUu+H3kfCQe44R3WjUugTbNtumVgyQBzl2dzlIVn1pZBeyZy70XCgbaFKkDR8Y/qZiUoZ0afP3vTOXhkn5UBfutTKwUiSGh3S8Ge5YhNgKHWE2eQp1ckEm0IMJV/q5Nsw/yBBXj/kfD8ekz96LQ+gP5JFLq4EaipXI7FM4aZNOBUZU1l/sCEuq7m997nrBucTKqGm7Ho3rq7bgdj4f6GyUJXSMOM1cN61LLrRumZGGTH8WghVL7ligxZyNFcQoudR8jfpf4mrgRxipQOe1A2umvuufMr+l/bw==";

     

       4
       4
       +
         marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP60B1IOdfJRrDcCKajMV8YJNC01gSsccZi3DKHlS6YJ";

     

       5
       5
       +
         marvinDefault = [

     

       6
       6
       +
           marvin

     

       7
       7
       +
           yubi-back

     

       8
       8
       +
           ssh-new

     

       9
       9
       +
         ];

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       12
       12
       +
         "authentik-env.age".publicKeys = marvinDefault;

     

       13
       13
       +
         "buildbot-worker-password.age".publicKeys = marvinDefault;

     

       14
       14
       +
         "buildbot-gitea-token.age".publicKeys = marvinDefault;

     

       15
       15
       +
         "buildbot-oauth-secret.age".publicKeys = marvinDefault;

     

       16
       16
       +
         "buildbot-workers.age".publicKeys = marvinDefault;

     

       17
       17
       +
         "forgejo-db-pw.age".publicKeys = marvinDefault;

     

       18
       18
       +
         "forgejo-mail-pw.age".publicKeys = marvinDefault;

     

       19
       19
       +
         "forgejo-default-runner-token.age".publicKeys = marvinDefault;

     

       20
       20
       +
         "forgejo-gitgay-runner-token.age".publicKeys = marvinDefault;

     

       21
       21
       +
         "forgejo-internal-token.age".publicKeys = marvinDefault;

     

       22
       22
       +
         "forgejo-lfs-jwt-secret.age".publicKeys = marvinDefault;

     

       23
       23
       +
         "forgejo-oauth2-jwt-secret.age".publicKeys = marvinDefault;

     

       24
       24
       +
         "forgejo-secret-key.age".publicKeys = marvinDefault;

     

       25
       25
       +
         "golink-authkey.age".publicKeys = marvinDefault;

     

       26
       26
       +
         "grafana-admin-password.age".publicKeys = marvinDefault;

     

       27
       27
       +
         "grafana-smtp-password.age".publicKeys = marvinDefault;

     

       28
       28
       +
         "iceshrimp-secret-config.age".publicKeys = marvinDefault;

     

       29
       29
       +
         "iceshrimp-db-password.age".publicKeys = marvinDefault;

     

       30
       30
       +
         "minio-root.age".publicKeys = marvinDefault;

     

       31
       31
       +
         "../nextcloud/nextcloud-admin-pw.age".publicKeys = marvinDefault;

     

       32
       32
       +
         "nix-serve-priv.age".publicKeys = marvinDefault;

     

       33
       33
       +
         "planka-env.age".publicKeys = marvinDefault;

     

       34
       34
       +
         "vaultwarden-vars.age".publicKeys = marvinDefault;

     

       35
       35
       +
         "vaultwarden-pgpass.age".publicKeys = marvinDefault;

     

       36
       36
       +
         "webmentiond-env.age".publicKeys = marvinDefault;

     

       37
       37
       +
       }

+2 -2

systems/x86_64-linux/marvin/services/vaultwarden.nix

···

       110
       110
        
         systemd.services.vaultwarden.environment.PGPASSFILE = config.age.secrets.vaultwarden-pgpass.path;

     

       111
       111
        
         environment.systemPackages = with pkgs; [ vaultwarden-vault ];

     

       112
       112
        
         age.secrets.vaultwarden-vars = vaultwardenSecret // {

     

       113
       113
       -
           file = ../secrets/vaultwarden-vars.age;

     

       113
       113
       +
           file = ./secrets/vaultwarden-vars.age;

     

       114
       114
        
         };

     

       115
       115
        
         age.secrets.vaultwarden-pgpass = vaultwardenSecret // {

     

       116
       116
       -
           file = ../secrets/vaultwarden-pgpass.age;

     

       116
       116
       +
           file = ./secrets/vaultwarden-pgpass.age;

     

       117
       117
        
         };

     

       118
       118
        
       }

+1 -1

systems/x86_64-linux/marvin/services/webmentiond.nix

···

       16
       16
        
           ];

     

       17
       17
        
         };

     

       18
       18
        
         config.age.secrets = {

     

       19
       19
       -
           webmentiond-env.path = ../secrets/webmentiond-env.age;

     

       19
       19
       +
           webmentiond-env.path = ./secrets/webmentiond-env.age;

     

       20
       20
        
           owner = "thehedgehog";

     

       21
       21
        
           group = "misc";

     

       22
       22
        
         };