Secrets on procul

2021-09-22 22:30:32 -07:00 · 2021-09-22 22:30:32 -07:00 · 9b4b68935b
parent 1041a63ec3
commit 9b4b68935b
2 changed files with 6 additions and 6 deletions
--- a/config/host-config/procul.nix
+++ b/config/host-config/procul.nix
@ -99,12 +99,6 @@ in {
        target-file = "/srv/gitea/secure/database.passwd";
        user = config.fudo.git.user;
      };
-
-      # host-keytab = {
-      #   source-file = /state/secrets/kerberos/procul.keytab;
-      #   target-file = "/etc/krb5.keytab";
-      #   user = "root";
-      # };
    };

    client.dns = {
--- a/config/host-config/socrates.nix
+++ b/config/host-config/socrates.nix
@ -22,6 +22,12 @@ in {
      };
    };

+    fudo.secrets = {
+      secret-group = "fudo-secrets";
+      secret-users = [ "niten" ];
+      secret-paths = [ "/state/secrets" ];
+    };
+
    systemd.tmpfiles.rules = [
      "L /root/.gnupg - - - - /state/root/gnupg"
      "L /root/.ssh/id_rsa - - - - /state/root/ssh/id_rsa"