agenix: migrate falkenstein

2025-04-25 08:06:19 +02:00 · 2023-11-16 15:08:13 +01:00 · 2023-11-16 15:08:13 +01:00 · dcaa017e5d
commit dcaa017e5d
parent 3c5095f144
13 changed files with 48 additions and 63 deletions
--- a/hosts/falkenstein-1/modules/backup/default.nix
+++ b/hosts/falkenstein-1/modules/backup/default.nix
@ -1,6 +1,8 @@
 { config, pkgs, ... }:
 {
-  sops.secrets."borg/passphrase" = { };
+  age.secrets."borg/passphrase" = {
+    file = ../../../../secrets/falkenstein/borg/passphrase.age;
+  };
  environment.systemPackages = [ pkgs.borgbackup ];
  services.borgmatic = {
    enable = true;
@ -17,7 +19,7 @@
          label = "nuc";
        }
      ];
-      encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets."borg/passphrase".path}";
+      encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets."borg/passphrase".path}";
      compression = "lz4";
      keep_daily = 7;
      keep_weekly = 4;
--- a/hosts/falkenstein-1/modules/networks/default.nix
+++ b/hosts/falkenstein-1/modules/networks/default.nix
@ -1,12 +1,15 @@
 { config, lib, ... }:
 {
-  sops.secrets = {
+  age.secrets = {
    "wireguard/dorm/private" = {
+      file = ../../../../secrets/falkenstein/wireguard/dorm/private.age;
      owner = config.users.users.systemd-network.name;
    };
    "wireguard/dorm/preshared" = {
+      file = ../../../../secrets/falkenstein/wireguard/dorm/preshared.age;
      owner = config.users.users.systemd-network.name;
    };
+
  };
  networking = {
    hostName = "falkenstein-1";
@ -46,14 +49,14 @@
        Name = "wg0";
      };
      wireguardConfig = {
-        PrivateKeyFile = config.sops.secrets."wireguard/dorm/private".path;
+        PrivateKeyFile = config.age.secrets."wireguard/dorm/private".path;
        ListenPort = 51820;
      };
      wireguardPeers = [
        {
          wireguardPeerConfig = {
            PublicKey = "Z5lwwHTCDr6OF4lfaCdSHNveunOn4RzuOQeyB+El9mQ=";
-            PresharedKeyFile = config.sops.secrets."wireguard/dorm/preshared".path;
+            PresharedKeyFile = config.age.secrets."wireguard/dorm/preshared".path;
            Endpoint = "dorm.vpn.rfive.de:51820";
            AllowedIPs = "192.168.42.0/24, 192.168.43.0/24";
          };
--- a/hosts/falkenstein-1/modules/pfersel/default.nix
+++ b/hosts/falkenstein-1/modules/pfersel/default.nix
@ -1,10 +1,13 @@
 { config, ... }:
 {
-  sops.secrets."pfersel/token".owner = "pfersel";
+  age.secrets.pfersel = {
+    file = ../../../../secrets/falkenstein/pfersel.age;
+    owner = "pfersel";
+  };
  services.pfersel = {
    enable = true;
    discord = {
-      tokenFile = config.sops.secrets."pfersel/token".path;
+      tokenFile = config.age.secrets.pfersel.path;
    };
  };
 }
--- a/hosts/falkenstein-1/modules/purge/default.nix
+++ b/hosts/falkenstein-1/modules/purge/default.nix
@ -3,13 +3,15 @@ let
  domain = "purge.${config.networking.domain}";
 in
 {
-  sops.secrets."purge/token" = { };
+  age.secrets.purge = {
+    file = ../../../../secrets/falkenstein/purge.age;
+  };
  services.purge = {
    enable = true;
    discord = {
      clientId = "941041925216157746";
      publicKey = "d2945f6130d9b4a8dda8c8bf52db5dee127a82f89c6b8782e84aa8f45f61d402";
-      tokenFile = config.sops.secrets."purge/token".path;
+      tokenFile = config.age.secrets.purge.path;
    };
  };
  services.nginx.virtualHosts."${domain}" = {