agenix: migrate nuc

2025-04-25 16:08:30 +02:00 · 2023-11-16 14:40:40 +01:00 · 2023-11-16 14:40:40 +01:00 · 3c5095f144
commit 3c5095f144
parent 517f03c86e
17 changed files with 60 additions and 144 deletions
--- a/hosts/nuc/modules/backup/default.nix
+++ b/hosts/nuc/modules/backup/default.nix
@ -1,6 +1,8 @@
 { config, pkgs, ... }:
 {
-  sops.secrets."borg/passphrase" = { };
+  age.secrets."borg/passphrase" = {
+    file = ../../../../secrets/nuc/borg/passphrase.age;
+  };
  environment.systemPackages = [ pkgs.borgbackup ];
  fileSystems."/mnt/backup" =
    {
@ -23,7 +25,7 @@
          path = "/mnt/backup/nuc";
        }
      ];
-      encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets."borg/passphrase".path}";
+      encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets."borg/passphrase".path}";
      compression = "lz4";
      keep_daily = 7;
      keep_weekly = 4;
--- a/hosts/nuc/modules/matrix/default.nix
+++ b/hosts/nuc/modules/matrix/default.nix
@ -4,12 +4,13 @@ let
 in
 {

-  sops.secrets = {
-    "matrix/shared_secret" = {
+  age.secrets = {
+    "matrix/shared" = {
+      file = ../../../../secrets/nuc/matrix/shared.age;
      owner = config.systemd.services.matrix-synapse.serviceConfig.User;
    };
-    "matrix/sync/environment" = {
-      # owner = "matrix-sliding-sync";
+    "matrix/sync" = {
+      file = ../../../../secrets/nuc/matrix/sync.age;
    };
  };

@ -25,7 +26,7 @@ in
    matrix-synapse = {
      enable = true;
      configureRedisLocally = true;
-      extraConfigFiles = [ config.sops.secrets."matrix/shared_secret".path ];
+      extraConfigFiles = [ config.age.secrets."matrix/shared".path ];

      settings = {
        server_name = config.networking.domain;
@ -47,7 +48,7 @@ in
        settings = {
          SYNCV3_SERVER = "https://${domain}";
        };
-        environmentFile = config.sops.secrets."matrix/sync/environment".path;
+        environmentFile = config.age.secrets."matrix/sync".path;
      };
    };

--- a/hosts/nuc/modules/nextcloud/default.nix
+++ b/hosts/nuc/modules/nextcloud/default.nix
@ -3,8 +3,9 @@ let
  domain = "nextcloud.${config.networking.domain}";
 in
 {
-  sops.secrets = {
+  age.secrets = {
    "nextcloud/adminpass" = {
+      file = ../../../../secrets/nuc/nextcloud/adminpass.age;
      owner = "nextcloud";
      group = "nextcloud";
    };
@ -21,7 +22,7 @@ in
        dbuser = "nextcloud";
        dbhost = "/run/postgresql";
        dbname = "nextcloud";
-        adminpassFile = config.sops.secrets."nextcloud/adminpass".path;
+        adminpassFile = config.age.secrets."nextcloud/adminpass".path;
        adminuser = "rouven";
      };
    };
--- a/hosts/nuc/modules/vaultwarden/default.nix
+++ b/hosts/nuc/modules/vaultwarden/default.nix
@ -3,11 +3,14 @@ let
  domain = "vault.${config.networking.domain}";
 in
 {
-  sops.secrets."vaultwarden/env".owner = "vaultwarden";
+  age.secrets.vaultwarden = {
+    file = ../../../../secrets/nuc/vaultwarden.age;
+    owner = "vaultwarden";
+  };
  services.vaultwarden = {
    enable = true;
    dbBackend = "postgresql";
-    environmentFile = config.sops.secrets."vaultwarden/env".path;
+    environmentFile = config.age.secrets.vaultwarden.path;
    config = {
      domain = "https://${domain}";
      signupsAllowed = false;