nix
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Some procul secrets are set elsewhere now.

This commit is contained in:
niten 2021-10-19 12:47:26 -07:00
parent 5383cea338
commit 8459d63697
1 changed files with 5 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
config/host-config/procul.nix
View File

@ -81,21 +81,17 @@ in {
fudo = { fudo = {
hosts.procul.external-interfaces = [ "extif0" ]; hosts.procul.external-interfaces = [ "extif0" ];
secrets.host-secrets.procul = { secrets.host-secrets.procul = let
backplane-client-passwd = { secrets = config.fudo.secrets.file;
source-file = /state/secrets/backplane-client/procul.passwd; in {
target-file = "/srv/backplane/dns/client.passwd";
user = config.fudo.client.dns.user;
};
postgres-keytab = { postgres-keytab = {
source-file = /state/secrets/kerberos/procul-postgres.keytab; source-file = secrets.service-keytabs.procul.postgres;
target-file = "/srv/postgres/secure/postgres.keytab"; target-file = "/srv/postgres/secure/postgres.keytab";
user = "root"; user = "root";
}; };
gitea-database-password = { gitea-database-password = {
source-file = /state/secrets/gitea/procul-database.passwd; source-file = secrets.service-passwords.procul.gitea;
target-file = "/srv/gitea/secure/database.passwd"; target-file = "/srv/gitea/secure/database.passwd";
user = config.fudo.git.user; user = config.fudo.git.user;
}; };
@ -107,8 +103,6 @@ in {
ipv6 = true; ipv6 = true;
user = "fudo-client"; user = "fudo-client";
external-interface = "extif0"; external-interface = "extif0";
password-file =
config.fudo.secrets.host-secrets.procul.backplane-client-passwd.target-file;
}; };
auth.kdc = { auth.kdc = {