Track secrets on lud

author: Timo Wilken 2023-11-08 20:32:58 +0100
committer: Timo Wilken 2023-11-08 20:32:58 +0100
commit: ce00f9c7071a92199596ae19c58bdb623cdf67a6 (patch)
tree: 8affac8874a26d8b7cb91d363a2b2629df71bfa5 /tw/system/lud.scm
parent: 53e10a969148f3ee1a1d434b677e370359873365 (diff)
1 files changed, 30 insertions, 0 deletions
diff --git a/tw/system/lud.scm b/tw/system/lud.scm
index 5ea47fa0..295f1739 100644
--- a/tw/system/lud.scm
+++ b/tw/system/lud.scm
@@ -9,6 +9,7 @@
   #:use-module (tw services nextcloud)
   #:use-module (tw services matrix)
   #:use-module (tw services media)
+  #:use-module (tw services secrets)
   #:use-module (tw system))
 
 (use-package-modules admin bash certs databases linux man php python rsync
@@ -184,6 +185,35 @@ innodb_io_capacity = 4000
             ;; TODO: Syncthing exporter
             ;; TODO: Transmission exporter
 
+            (service secrets-service-type
+              (secrets-configuration
+               (secrets
+                (list
+                 (secret
+                  (encrypted-file (local-file "files/mythic-dns.scm.enc"))
+                  (destination "/etc/mythic-dns.scm"))
+                 (secret
+                  (encrypted-file (local-file "files/nextcloud-database-password.enc"))
+                  (destination "/etc/nextcloud-database-password.enc"))
+                 (secret
+                  (encrypted-file (local-file "files/restic/lud-nextcloud.enc"))
+                  (destination "/etc/restic/lud-nextcloud"))
+                 (secret
+                  (encrypted-file (local-file "files/wireguard/lap.key.enc"))
+                  (destination "/etc/wireguard/private.key"))
+                 (secret
+                  (encrypted-file (local-file "files/wireguard/lap-fp4.psk.enc"))
+                  (destination "/etc/wireguard/fp4.psk"))
+                 (secret
+                  (encrypted-file (local-file "files/wireguard/lap-lud.psk.enc"))
+                  (destination "/etc/wireguard/lud.psk"))
+                 (secret
+                  (encrypted-file (local-file "files/wireguard/lap-pi3.psk.enc"))
+                  (destination "/etc/wireguard/pi3.psk"))
+                 (secret
+                  (encrypted-file (local-file "files/wireguard/lap-vin.psk.enc"))
+                  (destination "/etc/wireguard/vin.psk"))))))
+
             ;; Only this server has SSDs, not vin.
             (simple-service 'fstrim mcron-service-type
               (list #~(job "0 4 * * *"  ; after guix gc
author	Timo Wilken	2023-11-08 20:32:58 +0100
committer	Timo Wilken	2023-11-08 20:32:58 +0100
commit	ce00f9c7071a92199596ae19c58bdb623cdf67a6 (patch)
tree	8affac8874a26d8b7cb91d363a2b2629df71bfa5 /tw/system/lud.scm
parent	53e10a969148f3ee1a1d434b677e370359873365 (diff)