aboutsummaryrefslogtreecommitdiff
path: root/modules/hosts/sachiel/secrets.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/hosts/sachiel/secrets.nix')
-rw-r--r--modules/hosts/sachiel/secrets.nix28
1 files changed, 18 insertions, 10 deletions
diff --git a/modules/hosts/sachiel/secrets.nix b/modules/hosts/sachiel/secrets.nix
index c0968fd..c301477 100644
--- a/modules/hosts/sachiel/secrets.nix
+++ b/modules/hosts/sachiel/secrets.nix
@@ -7,6 +7,10 @@
defaultSopsFile = inputs.self + /secrets/secrets.yaml;
age.keyFile = "/etc/sops/age_key";
secrets = {
+ "borgbase_ssh_key" = {
+ owner = "root";
+ mode = "0600";
+ };
"nextcloud-secrets" = {
owner = "nextcloud";
group = "nextcloud";
@@ -16,7 +20,20 @@
owner = "root";
mode = "0600";
};
- # SSL certificates
+ "borg_git_repo" = {
+ owner = "root";
+ mode = "0600";
+ };
+ "borg_nextcloud_repo" = {
+ owner = "root";
+ mode = "0600";
+ };
+ "ssh_git_pubkey" = {
+ owner = "git";
+ group = "git";
+ mode = "0400";
+ path = "/var/lib/git-server/.ssh/authorized_keys";
+ };
"cert_fullchain" = {
owner = "nginx";
group = "nginx";
@@ -25,15 +42,6 @@
owner = "nginx";
group = "nginx";
};
- # Backup configuration
- "borgbase_ssh_key" = {
- owner = "root";
- mode = "0600";
- };
- "borg_repo" = {
- owner = "root";
- mode = "0600";
- };
};
};
};
generated by cgit v1.3.1 (git 2.54.0) at 2026-05-30 16:58:02 +0000