Handle secrets using agenix

2021-08-09 01:10:51 +01:00 · 2021-08-09 01:10:51 +01:00 · f5b58f97ca
parent 88a7394651
commit f5b58f97ca
6 changed files with 30 additions and 3 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -100,6 +100,12 @@
    dates = "14:00";
  };
  # Specify secrets
  age.secrets = {
    soundcloud_api_key.file = secrets/soundcloud_api_key.age;
    wireguard.file = secrets/wireguard.age;
  };
  # Import other configuration modules
  imports = [
    ./modules/hardware-configuration.nix
--- a/modules/audio.nix
+++ b/modules/audio.nix
@ -64,7 +64,7 @@
      [soundcloud]
      enabled = true
-      auth_token = PLACEHOLDER
+      auth_token = ${config.age.secrets.soundcloud_api_key.path}
      explore_songs = 100
      [m3u]
--- a/modules/networking.nix
+++ b/modules/networking.nix
@ -19,7 +19,7 @@
  networking.wg-quick.interfaces = {
    home = {
      address = [ "10.8.0.2/32" ];
-      privateKeyFile = "/home/coolneng/.wg/keys/privatekey";
+      privateKeyFile = config.age.secrets.wireguard.path;
      dns = [ "10.8.0.1" ];
      peers = [
        # zion
@ -32,7 +32,7 @@
    };
    coace = {
      address = [ "10.9.0.2/32" ];
-      privateKeyFile = "/home/coolneng/.wg/keys/privatekey";
+      privateKeyFile = config.age.secrets.wireguard.path;
      peers = [
        # unit
        {
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -0,0 +1,7 @@
 let
  coolneng =
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC57m1j/G6iQyi2EpU3nj3+df5Z4PL/XbiOmDcqA7ODg";
 in {
  "soundcloud_api_key.age".publicKeys = [ coolneng ];
  "wireguard.age".publicKeys = [ coolneng ];
 }
--- a/secrets/soundcloud_api_key.age
+++ b/secrets/soundcloud_api_key.age
@ -0,0 +1,7 @@
 age-encryption.org/v1
 -> ssh-ed25519 G5UUhw tVGNxVkibTRSr8c2l7Wmo3pMhnyI6JHBZzddC93sv2E
 0NOlI4vaBZz+Wg7LDji6CRrNsBPVhQ5rFyjPUe+ekg0
 -> *NFvF-grease b1zp>
 TIRHkh0
 --- Y9Rt0ibteW6VSuzIGt4EenoFoOmRnvIUeFbJkqkL5m4
 P隝}ｫｮ7ｩ}t逋vﾋ酢T[c#ibｶC<EFBDB6>i|ｶﾎｵ?%%ﾘｼ｣lｯﾆDｱﾜﾉｱｭ羊･Iｪy,Z{｣､_
--- a/secrets/wireguard.age
+++ b/secrets/wireguard.age
@ -0,0 +1,7 @@
 age-encryption.org/v1
 -> ssh-ed25519 G5UUhw ORYEDFD+GUYWiTOhOgjFNa/SQ7DGPIdDFXTUnYkjKUg
 4oM7eE8cg15T8gbHBNOa/oB97SCaSANd7/7vM6+EbNc
 -> ",?]B-grease #sF Zg_{'
 P+bwL7YflfWA4f9LRIM
 --- O+3vZIjCS6xIQwO/fwmdfeMcFqBCpQWTe9UltdlXx5o
 9ß¢Æ]?ÛÉw>“•¾ÓÍ¯®8sn‰òæ"_üªŸÄ@4˜w÷c¬‡¯W¯øNžñ¶Øxšeª~ËOƒ±<C692>ŽPà!„~1ôú>