diff --git a/lib/krops.nix b/lib/krops.nix index ff301c2..ab4ed97 100644 --- a/lib/krops.nix +++ b/lib/krops.nix @@ -17,6 +17,10 @@ let }; config.file = toString ../.; nixos-config.symlink = "config/machines/${hostname}/configuration.nix"; + secrets.pass = { + dir = toString ~/.password-store; + name = "nixos/machines/${hostname}"; + }; } // extraSources) ]; in diff --git a/machines/nunotaba/krops.nix b/machines/nunotaba/krops.nix index 3e5a158..8ea98a9 100644 --- a/machines/nunotaba/krops.nix +++ b/machines/nunotaba/krops.nix @@ -1,3 +1,3 @@ -import ../../lib/krops.nix { +import ../../lib/krops.nix rec { hostname = "nunotaba"; } diff --git a/machines/nunotaba/secrets/wg-home_private_key b/machines/nunotaba/secrets/wg-home_private_key deleted file mode 100644 index e0d4ee0..0000000 Binary files a/machines/nunotaba/secrets/wg-home_private_key and /dev/null differ diff --git a/machines/sayuri/hardware-configuration.nix b/machines/sayuri/hardware-configuration.nix index 6a9265d..e76f56d 100644 --- a/machines/sayuri/hardware-configuration.nix +++ b/machines/sayuri/hardware-configuration.nix @@ -40,7 +40,7 @@ label = "data"; enable = true; blkDev = "/dev/disk/by-uuid/576088d4-9aae-4159-a028-feadb2621a1a"; - keyFile = "/mnt-root" + toString ./secrets/data_luks_key; + keyFile = "/mnt-root" + toString ; }; }; }; diff --git a/machines/sayuri/secrets/data_luks_key b/machines/sayuri/secrets/data_luks_key deleted file mode 100644 index cac47d4..0000000 Binary files a/machines/sayuri/secrets/data_luks_key and /dev/null differ diff --git a/machines/sayuri/secrets/wg-home_private_key b/machines/sayuri/secrets/wg-home_private_key deleted file mode 100644 index 321042c..0000000 Binary files a/machines/sayuri/secrets/wg-home_private_key and /dev/null differ diff --git a/modules/restic.nix b/modules/restic.nix index 44c9b12..65eeea7 100644 --- a/modules/restic.nix +++ b/modules/restic.nix @@ -69,8 +69,8 @@ in config = lib.mkIf cfg.enable { services.restic.backups."${name}" = { - passwordFile = toString (../secrets/restic_password); - s3CredentialsFile = toString ../secrets/s3_credentials; + passwordFile = toString ; + s3CredentialsFile = toString ; repository = "s3:https://s3.eu-central-1.wasabisys.com/sbruder-restic"; paths = lib.mkDefault ( [ ] diff --git a/modules/wireguard/home.nix b/modules/wireguard/home.nix index 194d4b6..6eb3b69 100644 --- a/modules/wireguard/home.nix +++ b/modules/wireguard/home.nix @@ -14,7 +14,7 @@ in privateKeyFile = lib.mkOption { type = lib.types.str; description = "Private key file"; - default = toString (../../machines/. + "/${config.networking.hostName}" + /secrets/wg-home_private_key); + default = toString ; }; }; }; diff --git a/secrets/restic_password b/secrets/restic_password deleted file mode 100644 index a565a30..0000000 Binary files a/secrets/restic_password and /dev/null differ diff --git a/secrets/s3_credentials b/secrets/s3_credentials deleted file mode 100644 index 1785b21..0000000 Binary files a/secrets/s3_credentials and /dev/null differ