From ce00f9c7071a92199596ae19c58bdb623cdf67a6 Mon Sep 17 00:00:00 2001 From: Timo Wilken Date: Wed, 8 Nov 2023 20:32:58 +0100 Subject: Track secrets on lud --- tw/system/lud.scm | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'tw/system/lud.scm') diff --git a/tw/system/lud.scm b/tw/system/lud.scm index 5ea47fa0..295f1739 100644 --- a/tw/system/lud.scm +++ b/tw/system/lud.scm @@ -9,6 +9,7 @@ #:use-module (tw services nextcloud) #:use-module (tw services matrix) #:use-module (tw services media) + #:use-module (tw services secrets) #:use-module (tw system)) (use-package-modules admin bash certs databases linux man php python rsync @@ -184,6 +185,35 @@ innodb_io_capacity = 4000 ;; TODO: Syncthing exporter ;; TODO: Transmission exporter + (service secrets-service-type + (secrets-configuration + (secrets + (list + (secret + (encrypted-file (local-file "files/mythic-dns.scm.enc")) + (destination "/etc/mythic-dns.scm")) + (secret + (encrypted-file (local-file "files/nextcloud-database-password.enc")) + (destination "/etc/nextcloud-database-password.enc")) + (secret + (encrypted-file (local-file "files/restic/lud-nextcloud.enc")) + (destination "/etc/restic/lud-nextcloud")) + (secret + (encrypted-file (local-file "files/wireguard/lap.key.enc")) + (destination "/etc/wireguard/private.key")) + (secret + (encrypted-file (local-file "files/wireguard/lap-fp4.psk.enc")) + (destination "/etc/wireguard/fp4.psk")) + (secret + (encrypted-file (local-file "files/wireguard/lap-lud.psk.enc")) + (destination "/etc/wireguard/lud.psk")) + (secret + (encrypted-file (local-file "files/wireguard/lap-pi3.psk.enc")) + (destination "/etc/wireguard/pi3.psk")) + (secret + (encrypted-file (local-file "files/wireguard/lap-vin.psk.enc")) + (destination "/etc/wireguard/vin.psk")))))) + ;; Only this server has SSDs, not vin. (simple-service 'fstrim mcron-service-type (list #~(job "0 4 * * *" ; after guix gc -- cgit v1.2.3