b12f/os
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

chore: set correct permissions for secrets

Browse source
This commit is contained in:
Benjamin Bädorf 2023-11-12 18:19:07 +01:00
parent a384229ea8
commit 0a30dbdfab
No known key found for this signature in database
GPG key ID: 1B7BF5B77A521346
5 changed files with 12 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
hosts/pie/backup.nix
View file

@ -11,11 +11,11 @@ in {
age.secrets."rclone-pie.conf" = { age.secrets."rclone-pie.conf" = {
file = "${flake.self}/secrets/rclone-pie.conf.age"; file = "${flake.self}/secrets/rclone-pie.conf.age";
path = "/root/.config/rclone/rclone.conf"; path = "/root/.config/rclone/rclone.conf";
mode = "600"; mode = "400";
}; };
age.secrets."restic-password" = { age.secrets."restic-password" = {
file = "${flake.self}/secrets/restic-password.age"; file = "${flake.self}/secrets/restic-password.age";
mode = "600"; mode = "400";
}; };
} }

8
hosts/pie/firefly.nix
View file

@ -11,22 +11,22 @@
in { in {
age.secrets."firefly-secrets.env" = { age.secrets."firefly-secrets.env" = {
file = "${flake.self}/secrets/firefly-secrets.env.age"; file = "${flake.self}/secrets/firefly-secrets.env.age";
mode = "600"; mode = "400";
}; };
age.secrets."firefly-db-secrets.env" = { age.secrets."firefly-db-secrets.env" = {
file = "${flake.self}/secrets/firefly-db-secrets.env.age"; file = "${flake.self}/secrets/firefly-db-secrets.env.age";
mode = "600"; mode = "400";
}; };
age.secrets."firefly-importer-secrets.env" = { age.secrets."firefly-importer-secrets.env" = {
file = "${flake.self}/secrets/firefly-importer-secrets.env.age"; file = "${flake.self}/secrets/firefly-importer-secrets.env.age";
mode = "600"; mode = "400";
}; };
age.secrets."firefly-cron-secrets.env" = { age.secrets."firefly-cron-secrets.env" = {
file = "${flake.self}/secrets/firefly-cron-secrets.env.age"; file = "${flake.self}/secrets/firefly-cron-secrets.env.age";
mode = "600"; mode = "400";
}; };
services.caddy = { services.caddy = {

4
hosts/pie/invoiceplane.nix
View file

@ -11,13 +11,13 @@
in { in {
age.secrets."invoiceplane-db-password" = { age.secrets."invoiceplane-db-password" = {
file = "${flake.self}/secrets/invoiceplane-db-password.age"; file = "${flake.self}/secrets/invoiceplane-db-password.age";
mode = "600"; mode = "400";
owner = "invoiceplane"; owner = "invoiceplane";
}; };
age.secrets."invoiceplane-db-secrets.env" = { age.secrets."invoiceplane-db-secrets.env" = {
file = "${flake.self}/secrets/invoiceplane-db-secrets.env.age"; file = "${flake.self}/secrets/invoiceplane-db-secrets.env.age";
mode = "600"; mode = "400";
}; };
services.invoiceplane.sites."invoicing.b12f.io" = { services.invoiceplane.sites."invoicing.b12f.io" = {

4
hosts/pie/paperless.nix
View file

@ -64,12 +64,12 @@ in {
age.secrets."rclone-pie.conf" = { age.secrets."rclone-pie.conf" = {
file = "${flake.self}/secrets/rclone-pie.conf.age"; file = "${flake.self}/secrets/rclone-pie.conf.age";
path = "/root/.config/rclone/rclone.conf"; path = "/root/.config/rclone/rclone.conf";
mode = "600"; mode = "400";
}; };
age.secrets."restic-password" = { age.secrets."restic-password" = {
file = "${flake.self}/secrets/restic-password.age"; file = "${flake.self}/secrets/restic-password.age";
mode = "600"; mode = "400";
}; };
services.restic.backups = { services.restic.backups = {

4
users/b12f/concepts-and-training.nix
View file

@ -11,13 +11,13 @@ with lib; let
in { in {
age.secrets."cat-test.ovpn" = { age.secrets."cat-test.ovpn" = {
file = "${flake.self}/secrets/cat-test.ovpn.age"; file = "${flake.self}/secrets/cat-test.ovpn.age";
mode = "700"; mode = "400";
owner = psCfg.user.name; owner = psCfg.user.name;
}; };
age.secrets.".fwknoprc" = { age.secrets.".fwknoprc" = {
file = "${flake.self}/secrets/.fwknoprc.age"; file = "${flake.self}/secrets/.fwknoprc.age";
mode = "600"; mode = "400";
}; };
services.openvpn.servers = { services.openvpn.servers = {