diff options
author | Timo Wilken | 2023-11-08 19:50:05 +0100 |
---|---|---|
committer | Timo Wilken | 2023-11-08 19:50:05 +0100 |
commit | 9790519c3faf4a368ce7f43953a4ab9479960cf9 (patch) | |
tree | c6b946d54b12d8af55ff1fa83f06f445d21ffcc7 /tw/system/vin.scm | |
parent | 3aad285fc3c8a83a868da10f7d46a84ae45d2413 (diff) |
Track restic and wireguard secrets on vin
Diffstat (limited to 'tw/system/vin.scm')
-rw-r--r-- | tw/system/vin.scm | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/tw/system/vin.scm b/tw/system/vin.scm index 24dd367a..75243e8d 100644 --- a/tw/system/vin.scm +++ b/tw/system/vin.scm @@ -17,6 +17,7 @@ #:use-module (tw services dns) #:use-module (tw services grafana) #:use-module (tw services restic) + #:use-module (tw services secrets) #:use-module (tw system)) ;; The device's BIOS does not support UEFI, sadly. It also doesn't recognise @@ -137,6 +138,46 @@ (keep-daily 14) (keep-monthly -1)))) + (service secrets-service-type + (secrets-configuration + (secrets + (list + (secret + (encrypted-file (local-file "files/restic/timo-laptop.enc")) + (destination "/etc/restic/timo-laptop") + (user "restic") + (group "restic")) + (secret + (encrypted-file (local-file "files/restic/timo-phone.enc")) + (destination "/etc/restic/timo-phone") + (user "restic") + (group "restic")) + (secret + (encrypted-file (local-file "files/restic/timo-sync.enc")) + (destination "/etc/restic/timo-sync") + (user "restic") + (group "restic")) + (secret + (encrypted-file (local-file "files/restic/vin-grafana.enc")) + (destination "/etc/restic/vin-grafana") + (user "restic") + (group "restic")) + (secret + (encrypted-file (local-file "files/wireguard/vin.key.enc")) + (destination "/etc/wireguard/private.key")) + (secret + (encrypted-file (local-file "files/wireguard/vin-fp4.psk.enc")) + (destination "/etc/wireguard/fp4.psk")) + (secret + (encrypted-file (local-file "files/wireguard/vin-lud.psk.enc")) + (destination "/etc/wireguard/lud.psk")) + (secret + (encrypted-file (local-file "files/wireguard/vin-pi3.psk.enc")) + (destination "/etc/wireguard/pi3.psk")) + (secret + (encrypted-file (local-file "files/wireguard/vin-lap.psk.enc")) + (destination "/etc/wireguard/lap.psk")))))) + ;; For running the Grafana docker container. (service grafana-service-type (grafana-configuration |