NixOS/secrets/default.nix
Price Hiller d89b75d438
feat(hosts/luna): implement basic monitoring
TODO: make grafana ingest data from prometheus
2024-01-31 23:37:28 -06:00

48 lines
1.3 KiB
Nix

{ agenix ? true, lib ? import ../lib { } }:
let
masterKeys = [
"age1yubikey1qfnj0k4mkzrn8ef5llwh2sv6hd7ckr0qml3n9hzdpz9c59ypvryhyst87k0"
];
hosts = {
luna =
let
secrets = "luna";
in
{
users-root-pw = "${secrets}/users-root-pw.age";
users-price-pw = "${secrets}/users-price-pw.age";
gitlab-runner-reg-config = "${secrets}/gitlab-runner-reg-config.age";
gitea-db-pass = "${secrets}/gitea-db-pass.age";
gitea-runner-token = "${secrets}/gitea-runner-token.age";
};
};
in
if agenix then
(builtins.listToAttrs
(builtins.concatMap
(host:
let
hostSecrets = (builtins.getAttr host hosts);
in
(builtins.map
(hostSecretName:
let
secret = (builtins.getAttr hostSecretName hostSecrets);
in
{
name = builtins.toString secret;
value = {
publicKeys = [ (import ./../hosts/${host}/pubkey.nix) ] ++ masterKeys;
};
})
(builtins.attrNames hostSecrets)))
(builtins.attrNames hosts)))
else
(builtins.mapAttrs
(host: secrets:
(lib.recursiveMerge (builtins.map
(secretName: {
age.secrets.${secretName}.file = ./${secrets.${secretName}};
})
(builtins.attrNames hosts.${host}))))
hosts)