From 9b4b68935b033b70764c278bed3a6405b7ca4627 Mon Sep 17 00:00:00 2001
From: root <root@socrates.sea.fudo.org>
Date: Wed, 22 Sep 2021 22:30:32 -0700
Subject: [PATCH] Secrets on procul

---
 config/host-config/procul.nix   | 6 ------
 config/host-config/socrates.nix | 6 ++++++
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/config/host-config/procul.nix b/config/host-config/procul.nix
index 6c8a963..96a746b 100644
--- a/config/host-config/procul.nix
+++ b/config/host-config/procul.nix
@@ -99,12 +99,6 @@ in {
         target-file = "/srv/gitea/secure/database.passwd";
         user = config.fudo.git.user;
       };
-
-      # host-keytab = {
-      #   source-file = /state/secrets/kerberos/procul.keytab;
-      #   target-file = "/etc/krb5.keytab";
-      #   user = "root";
-      # };
     };
 
     client.dns = {
diff --git a/config/host-config/socrates.nix b/config/host-config/socrates.nix
index 9ac3c8b..e3af163 100644
--- a/config/host-config/socrates.nix
+++ b/config/host-config/socrates.nix
@@ -22,6 +22,12 @@ in {
       };
     };
 
+    fudo.secrets = {
+      secret-group = "fudo-secrets";
+      secret-users = [ "niten" ];
+      secret-paths = [ "/state/secrets" ];
+    };
+
     systemd.tmpfiles.rules = [
       "L /root/.gnupg - - - - /state/root/gnupg"
       "L /root/.ssh/id_rsa - - - - /state/root/ssh/id_rsa"