chore: set correct permissions for secrets
This commit is contained in:
parent
a384229ea8
commit
0a30dbdfab
|
@ -11,11 +11,11 @@ in {
|
|||
age.secrets."rclone-pie.conf" = {
|
||||
file = "${flake.self}/secrets/rclone-pie.conf.age";
|
||||
path = "/root/.config/rclone/rclone.conf";
|
||||
mode = "600";
|
||||
mode = "400";
|
||||
};
|
||||
|
||||
age.secrets."restic-password" = {
|
||||
file = "${flake.self}/secrets/restic-password.age";
|
||||
mode = "600";
|
||||
mode = "400";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -11,22 +11,22 @@
|
|||
in {
|
||||
age.secrets."firefly-secrets.env" = {
|
||||
file = "${flake.self}/secrets/firefly-secrets.env.age";
|
||||
mode = "600";
|
||||
mode = "400";
|
||||
};
|
||||
|
||||
age.secrets."firefly-db-secrets.env" = {
|
||||
file = "${flake.self}/secrets/firefly-db-secrets.env.age";
|
||||
mode = "600";
|
||||
mode = "400";
|
||||
};
|
||||
|
||||
age.secrets."firefly-importer-secrets.env" = {
|
||||
file = "${flake.self}/secrets/firefly-importer-secrets.env.age";
|
||||
mode = "600";
|
||||
mode = "400";
|
||||
};
|
||||
|
||||
age.secrets."firefly-cron-secrets.env" = {
|
||||
file = "${flake.self}/secrets/firefly-cron-secrets.env.age";
|
||||
mode = "600";
|
||||
mode = "400";
|
||||
};
|
||||
|
||||
services.caddy = {
|
||||
|
|
|
@ -11,13 +11,13 @@
|
|||
in {
|
||||
age.secrets."invoiceplane-db-password" = {
|
||||
file = "${flake.self}/secrets/invoiceplane-db-password.age";
|
||||
mode = "600";
|
||||
mode = "400";
|
||||
owner = "invoiceplane";
|
||||
};
|
||||
|
||||
age.secrets."invoiceplane-db-secrets.env" = {
|
||||
file = "${flake.self}/secrets/invoiceplane-db-secrets.env.age";
|
||||
mode = "600";
|
||||
mode = "400";
|
||||
};
|
||||
|
||||
services.invoiceplane.sites."invoicing.b12f.io" = {
|
||||
|
|
|
@ -64,12 +64,12 @@ in {
|
|||
age.secrets."rclone-pie.conf" = {
|
||||
file = "${flake.self}/secrets/rclone-pie.conf.age";
|
||||
path = "/root/.config/rclone/rclone.conf";
|
||||
mode = "600";
|
||||
mode = "400";
|
||||
};
|
||||
|
||||
age.secrets."restic-password" = {
|
||||
file = "${flake.self}/secrets/restic-password.age";
|
||||
mode = "600";
|
||||
mode = "400";
|
||||
};
|
||||
|
||||
services.restic.backups = {
|
||||
|
|
|
@ -11,13 +11,13 @@ with lib; let
|
|||
in {
|
||||
age.secrets."cat-test.ovpn" = {
|
||||
file = "${flake.self}/secrets/cat-test.ovpn.age";
|
||||
mode = "700";
|
||||
mode = "400";
|
||||
owner = psCfg.user.name;
|
||||
};
|
||||
|
||||
age.secrets.".fwknoprc" = {
|
||||
file = "${flake.self}/secrets/.fwknoprc.age";
|
||||
mode = "600";
|
||||
mode = "400";
|
||||
};
|
||||
|
||||
services.openvpn.servers = {
|
||||
|
|
Loading…
Reference in a new issue