diff --git a/modules/nixos/services/agenix/default.nix b/modules/nixos/services/agenix/default.nix index a0727ab4..3e70707a 100644 --- a/modules/nixos/services/agenix/default.nix +++ b/modules/nixos/services/agenix/default.nix @@ -74,18 +74,11 @@ in { wgCredentials.file = "${self}/secrets/wgCredentials.age"; wgSobotkaPrivateKey.file = "${self}/secrets/wgSobotkaPrivateKey.age"; gluetunEnvironment.file = "${self}/secrets/gluetunEnvironment.age"; - nextcloudAdminPass.file = "${self}/secrets/nextcloudAdminPass.age"; - nextcloudCloudflared.file = "${self}/secrets/nextcloudCloudflared.age"; - vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age"; - vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age"; - pihole.file = "${self}/secrets/pihole.age"; - slskd.file = "${self}/secrets/slskd.age"; }; }) (mkIf cfg.ziggy.enable { secrets = { cloudflareDnsCredentialsZiggy.file = "${self}/secrets/cloudflareDnsCredentialsZiggy.age"; - piholeZiggy.file = "${self}/secrets/piholeZiggy.age"; }; }) (mkIf cfg.toothpc.enable { diff --git a/modules/server/nextcloud/default.nix b/modules/server/nextcloud/default.nix index 5aabbe3c..084aa89e 100644 --- a/modules/server/nextcloud/default.nix +++ b/modules/server/nextcloud/default.nix @@ -2,6 +2,7 @@ config, pkgs, lib, + self, ... }: let unit = "nextcloud"; @@ -45,6 +46,11 @@ in { }; }; config = lib.mkIf cfg.enable { + age.secrets = { + nextcloudAdminPass.file = "${self}/secrets/nextcloudAdminPass.age"; + nextcloudCloudflared.file = "${self}/secrets/nextcloudCloudflared.age"; + }; + server.fail2ban = lib.mkIf config.server.fail2ban.enable { jails = { nextcloud = { diff --git a/modules/server/podman/default.nix b/modules/server/podman/default.nix index 3ea16452..9f523d96 100644 --- a/modules/server/podman/default.nix +++ b/modules/server/podman/default.nix @@ -2,6 +2,7 @@ config, lib, pkgs, + self, ... }: let srv = config.server; @@ -121,6 +122,11 @@ in { }; config = lib.mkIf cfg.enable { + age.secrets = { + pihole.file = "${self}/secrets/${config.networking.hostName}Pihole.age"; + slskd.file = "${self}/secrets/slskd.age"; + }; + virtualisation = { containers.enable = true; podman.enable = true; diff --git a/modules/server/vaultwarden/default.nix b/modules/server/vaultwarden/default.nix index 7c5cb551..f9ca61cf 100644 --- a/modules/server/vaultwarden/default.nix +++ b/modules/server/vaultwarden/default.nix @@ -2,14 +2,13 @@ { config, lib, + self, ... -}: -let +}: let inherit (lib) mkIf mkEnableOption; vcfg = config.services.vaultwarden.config; cfg = config.server.vaultwarden; -in -{ +in { options = { server.vaultwarden = { enable = mkEnableOption "Enables vaultwarden"; @@ -35,6 +34,11 @@ in }; config = mkIf cfg.enable { + age.secrets = { + vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age"; + vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age"; + }; + server = { fail2ban = lib.mkIf config.server.fail2ban.enable { jails = { diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 8e6d7eb6..044bfbb7 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -47,14 +47,14 @@ in { "wgCredentials.age".publicKeys = core ++ sobotka; "wgSobotkaPrivateKey.age".publicKeys = core ++ sobotka; "gluetunEnvironment.age".publicKeys = core ++ sobotka; - "pihole.age".publicKeys = core ++ sobotka; + "sobotkaPihole.age".publicKeys = core ++ sobotka; "slskd.age".publicKeys = core ++ sobotka; "authentikEnv.age".publicKeys = core ++ sobotka; "traefikEnv.age".publicKeys = core ++ sobotka; # Ziggy-specific "cloudflareDnsCredentialsZiggy.age".publicKeys = core ++ ziggy; - "piholeZiggy.age".publicKeys = core ++ ziggy; + "ziggyPihole.age".publicKeys = core ++ ziggy; # Both sobotka + ziggy (for HA stuff like keepalived) "keepalived.age".publicKeys = core ++ sobotka ++ ziggy; diff --git a/secrets/pihole.age b/secrets/sobotkaPihole.age similarity index 100% rename from secrets/pihole.age rename to secrets/sobotkaPihole.age diff --git a/secrets/piholeZiggy.age b/secrets/ziggyPihole.age similarity index 100% rename from secrets/piholeZiggy.age rename to secrets/ziggyPihole.age