loptland: move to separate secrets file
This commit is contained in:
parent
08e78963e8
commit
dab5545875
GPG key ID:
1763BB530F50279E
10
.sops.yaml
10
.sops.yaml
|
|
@ -5,3 +5,13 @@ creation_rules:
|
|||
key_groups:
|
||||
- age:
|
||||
- *primary
|
||||
|
||||
- path_regex: secrets/secrets-yggdrasil.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *primary
|
||||
|
||||
- path_regex: secrets/secrets-loptland.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *primary
|
||||
|
|
|
|||
|
|
@ -8,25 +8,33 @@
|
|||
with lib.${namespace};
|
||||
let
|
||||
cfg = config.${namespace}.services.factorio-server;
|
||||
inherit (lib) mkIf mkEnableOption;
|
||||
inherit (lib) mkIf mkOption mkEnableOption;
|
||||
in
|
||||
{
|
||||
options.${namespace}.services.factorio-server = {
|
||||
enable = mkEnableOption "Enable Factorio Headless Server";
|
||||
sopsFile = mkOption {
|
||||
type = lib.types.path;
|
||||
default = lib.snowfall.fs.get-file "secrets/secrets.yaml";
|
||||
description = "SecretFile";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [ pkgs.factorio-headless ];
|
||||
environment.systemPackages = [ pkgs.factorio-headless ];
|
||||
sops = {
|
||||
secrets = {
|
||||
factorio_token = {
|
||||
restartUnits = [ "factorio.service" ];
|
||||
inherit sopsFile;
|
||||
};
|
||||
factorio_username = {
|
||||
restartUnits = [ "factorio.service" ];
|
||||
inherit sopsFile;
|
||||
};
|
||||
factorio_game_password = {
|
||||
restartUnits = [ "factorio.service" ];
|
||||
inherit sopsFile;
|
||||
};
|
||||
};
|
||||
templates."extraSettingsFile.json".content = ''
|
||||
|
|
|
|||
24
secrets/secrets-loptland.yaml
Normal file
24
secrets/secrets-loptland.yaml
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
#ENC[AES256_GCM,data:DhmsYsRs9ig5,iv:waUaAhcSgeolFkC2z3W8aGObT3Gp/oavdFfsEUVJoco=,tag:3nVYMqj+EvOz75b8KSm/8Q==,type:comment]
|
||||
factorio_username: ENC[AES256_GCM,data:egV5kXtAiw==,iv:Hay0PC2yol5FAJGcWxLkxzNdwpD1V4UfDDnkhsjvjVQ=,tag:QBDS6eAeOswQoHBoi4Gj6A==,type:str]
|
||||
factorio_token: ENC[AES256_GCM,data:whruEJQCNIqqfMA0A3yQdwwrzpIJBt815Lvex4Au,iv:hh3zZt+UxV9ltSHIAjpTRwtDvPgPU5APrB/1bXtKUkE=,tag:AgUmBYWp+Oyxm8O7yD8vlA==,type:str]
|
||||
factorio_game_password: ENC[AES256_GCM,data:Gu/p0+Sbd6Y=,iv:6AB1T3JdleiUnusU7hw/0wOFNSBsAsBgP2yD9FB7zXk=,tag:DMgD4csthynuBon+KNZtOw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1amdd4hu6k0czf3mtlhd03yj3yzkdaynl7q5fdlqmjzpe9pwgxfjs3j0c85
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3NFlTd2hOTHBtUDhuT0lF
|
||||
amtLclY2ZTN0SStZQjFSNkZUd1RmMkdJZ0dJCnB2WU04dk41Qk45aGphMW9GQVJ4
|
||||
b2VWQVlOVFFLaGJWaU9FVU5ZUWtlRncKLS0tIGVPYW5DQnJMeW1qdWtINDNlQWFo
|
||||
NmhrdXhpbVlmUFNsT1VaQjZyYkZkdzgKhL2BKXfPWNWUbFavpmtBQpnNEm/x0xH6
|
||||
NsjiV05AcrqPmGjj2kjvTv4ULPSoHiHiC5McUMfFTYIrCJgNvUbmMg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-06T13:41:52Z"
|
||||
mac: ENC[AES256_GCM,data:Z/CkDDYJQgYasgaXiIZy+Tr5Z8DjlkLg9XxmrC2cvHABpc5g6mxxSrSYG9DforI2hHvpmz5qPZQ1ztCSft9iPetFGPuWGzCNgvp9CUfMfG7sMAF/+/vEYbgU8plNMHuEAAsfsaZA4HUbM3qHEwQdXmJ6bF+AbPGuMt4z4mSuLQA=,iv:59RdAFi1SpgF3WhDFGxjCmSumn5uxgJCPGpcFJiLhzQ=,tag:mtngOX1rM1zx+VKgaZeX3g==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
|
|
@ -31,7 +31,10 @@ in
|
|||
};
|
||||
|
||||
services = {
|
||||
factorio-server = enabled;
|
||||
factorio-server = {
|
||||
enable = true;
|
||||
sopsFile = lib.snowfall.fs.get-file "secrets/secrets-loptland.yaml";
|
||||
};
|
||||
};
|
||||
|
||||
user.trustedPublicKeys = [
|
||||
|
|
|
|||
Loading…
Reference in a new issue