Use secrets module to clean up configurations

2024-12-12 18:16:57 +01:00 · 2024-12-12 18:16:57 +01:00 · 9407af8ac8
commit 9407af8ac8
parent f753422295
4 changed files with 11 additions and 10 deletions
--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@ -19,7 +19,8 @@
          nixos.module = {
            imports = [
              ./vm02116
-              inputs.agenix.nixosModules.default
+              self.nixosModules.ageSecrets
+              { x_fediversity.hostPublicKey = self.keys.systems.vm02116; }
            ];
          };
        };
@ -36,7 +37,8 @@
          nixos.module = {
            imports = [
              ./vm02179
-              inputs.agenix.nixosModules.default
+              self.nixosModules.ageSecrets
+              { x_fediversity.hostPublicKey = self.keys.systems.vm02179; }
            ];
          };
        };
@ -53,7 +55,8 @@
          nixos.module = {
            imports = [
              ./vm02186
-              inputs.agenix.nixosModules.default
+              self.nixosModules.ageSecrets
+              { x_fediversity.hostPublicKey = self.keys.systems.vm02186; }
            ];
          };
        };
@ -76,7 +79,11 @@
          };
          nixpkgs = inputs.nixpkgs;
          nixos.module = {
-            imports = [ ./vm02187 ];
+            imports = [
+              ./vm02187
+              self.nixosModules.ageSecrets
+              { x_fediversity.hostPublicKey = self.keys.systems.vm02187; }
+            ];
          };
        };
      };
--- a/infra/vm02116/forgejo.nix
+++ b/infra/vm02116/forgejo.nix
@ -37,12 +37,10 @@ in
  };

  age.secrets.forgejo-database-password = {
-    file = ../../secrets/forgejo-database-password.age;
    owner = "forgejo";
    group = "forgejo";
    mode = "440";
  };
-  age.secrets.forgejo-email-password.file = ../../secrets/forgejo-email-password.age;

  users.groups.keys.members = [ "forgejo" ];

--- a/infra/vm02179/gitea-runner.nix
+++ b/infra/vm02179/gitea-runner.nix
@ -34,8 +34,6 @@
    };
  };

-  age.secrets.forgejo-runner-token.file = ../../secrets/forgejo-runner-token.age;
-
  ## The Nix configuration of the system influences the Nix configuration
  ## in the workflow, and our workflows are often flake-based.
  nix.extraOptions = ''
--- a/infra/vm02186/gitea-runner.nix
+++ b/infra/vm02186/gitea-runner.nix
@ -38,8 +38,6 @@
    };
  };

-  age.secrets.forgejo-runner-token.file = ../../secrets/forgejo-runner-token.age;
-
  ## For the Docker mode of the runner.
  virtualisation.docker.enable = true;