diff options
Diffstat (limited to 'hosts')
-rw-r--r-- | hosts/tahoe/default.nix | 1 | ||||
-rw-r--r-- | hosts/tahoe/secrets/gandi/apikey.age | 11 | ||||
-rw-r--r-- | hosts/tahoe/secrets/secrets.nix | 5 | ||||
-rw-r--r-- | hosts/tahoe/services.nix | 9 |
4 files changed, 21 insertions, 5 deletions
diff --git a/hosts/tahoe/default.nix b/hosts/tahoe/default.nix index cfa3717..6fb5fcb 100644 --- a/hosts/tahoe/default.nix +++ b/hosts/tahoe/default.nix @@ -9,6 +9,7 @@ in ./networking.nix ./services.nix "${self}/profiles/nas.nix" + "${self}/profiles/acme.nix" "${self}/profiles/hardware/amd.nix" ]; diff --git a/hosts/tahoe/secrets/gandi/apikey.age b/hosts/tahoe/secrets/gandi/apikey.age new file mode 100644 index 0000000..3f35522 --- /dev/null +++ b/hosts/tahoe/secrets/gandi/apikey.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> X25519 jMYhTKmWi5riTgT9QQVOlzlIegqM1MI2QtJbOonsL2E +bM9xqcJc41bKs0as9lIQQQGZhB5cmaZtO1fHCsrMR9M +-> X25519 3xMvuIuRGXBp/gbv+aZpjkp6wLw6hyRAqBIe/Pf+Szo +2X45mDvLNcDOntT4JgZUFHpnlShm3UYv7gCpHGaj4Fo +-> X25519 xemfO0+4pS8WG/7QoIIqULZ/xN+C0l+LbBgv4QIdcQU +VfoMT93/3hTZdPo4ALCaEZrIO3bHhsoxCwf6DyXPwvI +-> s06@-grease .@\9Og@9 7yCI nS'`(65/ +W1seHOnAnPFF8BB6uqQKv8JwpmoNCU93i06VtxuuHiaeGrlXNPiF0ikD/mysdA +--- dpDFFk5ZPUwQZp96fpS85eZCVELD4GB1uwl/8ev5moA +⇼?Zu>x3d[sLٵ)|[z1#cѨ3BHLw҂]$. \ No newline at end of file diff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix index 34b955b..0560a57 100644 --- a/hosts/tahoe/secrets/secrets.nix +++ b/hosts/tahoe/secrets/secrets.nix @@ -28,6 +28,11 @@ in owner = "unpoller-exporter"; }; + "gandi/apikey.age" = { + publicKeys = all; + owner = "acme"; + }; + "restic/repo-systems.age".publicKeys = all; "rsync.net/ssh-key.age".publicKeys = all; diff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix index a04225e..0227f4c 100644 --- a/hosts/tahoe/services.nix +++ b/hosts/tahoe/services.nix @@ -1,8 +1,7 @@ -{ config, ... }: +{ self, config, ... }: let secrets = config.age.secrets; in { - # this unit is broken and useless. I don't know how to not install # it, so let's mask it. systemd.services.mdmonitor.enable = false; @@ -14,12 +13,12 @@ in }; navidrome = { enable = true; - vhostName = "music.fcuny.xyz"; + vhostName = "music.${config.homelab.domain}"; musicFolder = "/data/fast/music"; }; unifi = { enable = true; - vhostName = "unifi.fcuny.xyz"; + vhostName = "unifi.${config.homelab.domain}"; }; monitoring = { @@ -33,7 +32,7 @@ in }; grafana = { enable = true; - vhostName = "dash.fcuny.xyz"; + vhostName = "dash.${config.homelab.domain}"; }; promtail.enable = true; node-exporter.enable = true; |