Track restic and wireguard secrets on vin

author: Timo Wilken 2023-11-08 19:50:05 +0100
committer: Timo Wilken 2023-11-08 19:50:05 +0100
commit: 9790519c3faf4a368ce7f43953a4ab9479960cf9 (patch)
tree: c6b946d54b12d8af55ff1fa83f06f445d21ffcc7 /tw/system/vin.scm
parent: 3aad285fc3c8a83a868da10f7d46a84ae45d2413 (diff)
1 files changed, 41 insertions, 0 deletions
diff --git a/tw/system/vin.scm b/tw/system/vin.scm
index 24dd367a..75243e8d 100644
--- a/tw/system/vin.scm
+++ b/tw/system/vin.scm
@@ -17,6 +17,7 @@
   #:use-module (tw services dns)
   #:use-module (tw services grafana)
   #:use-module (tw services restic)
+  #:use-module (tw services secrets)
   #:use-module (tw system))
 
 ;; The device's BIOS does not support UEFI, sadly.  It also doesn't recognise
@@ -137,6 +138,46 @@
                (keep-daily 14)
                (keep-monthly -1))))
 
+      (service secrets-service-type
+        (secrets-configuration
+         (secrets
+          (list
+           (secret
+            (encrypted-file (local-file "files/restic/timo-laptop.enc"))
+            (destination "/etc/restic/timo-laptop")
+            (user "restic")
+            (group "restic"))
+           (secret
+            (encrypted-file (local-file "files/restic/timo-phone.enc"))
+            (destination "/etc/restic/timo-phone")
+            (user "restic")
+            (group "restic"))
+           (secret
+            (encrypted-file (local-file "files/restic/timo-sync.enc"))
+            (destination "/etc/restic/timo-sync")
+            (user "restic")
+            (group "restic"))
+           (secret
+            (encrypted-file (local-file "files/restic/vin-grafana.enc"))
+            (destination "/etc/restic/vin-grafana")
+            (user "restic")
+            (group "restic"))
+           (secret
+            (encrypted-file (local-file "files/wireguard/vin.key.enc"))
+            (destination "/etc/wireguard/private.key"))
+           (secret
+            (encrypted-file (local-file "files/wireguard/vin-fp4.psk.enc"))
+            (destination "/etc/wireguard/fp4.psk"))
+           (secret
+            (encrypted-file (local-file "files/wireguard/vin-lud.psk.enc"))
+            (destination "/etc/wireguard/lud.psk"))
+           (secret
+            (encrypted-file (local-file "files/wireguard/vin-pi3.psk.enc"))
+            (destination "/etc/wireguard/pi3.psk"))
+           (secret
+            (encrypted-file (local-file "files/wireguard/vin-lap.psk.enc"))
+            (destination "/etc/wireguard/lap.psk"))))))
+
       ;; For running the Grafana docker container.
       (service grafana-service-type
         (grafana-configuration
author	Timo Wilken	2023-11-08 19:50:05 +0100
committer	Timo Wilken	2023-11-08 19:50:05 +0100
commit	9790519c3faf4a368ce7f43953a4ab9479960cf9 (patch)
tree	c6b946d54b12d8af55ff1fa83f06f445d21ffcc7 /tw/system/vin.scm
parent	3aad285fc3c8a83a868da10f7d46a84ae45d2413 (diff)