From fa4861f980ae6ffc78bb0b7b793f417c409c9316 Mon Sep 17 00:00:00 2001 From: iFargle Date: Fri, 12 Jan 2024 15:03:47 +0900 Subject: [PATCH] rearrange secrets for backups-rpi4 --- nixos/common/services/tailscale-autoconnect.nix | 13 +++++++++++++ nixos/hosts/backups-rpi4/backup-script.nix | 2 +- nixos/hosts/backups-rpi4/default.nix | 15 +-------------- 3 files changed, 15 insertions(+), 15 deletions(-) create mode 100644 nixos/common/services/tailscale-autoconnect.nix diff --git a/nixos/common/services/tailscale-autoconnect.nix b/nixos/common/services/tailscale-autoconnect.nix new file mode 100644 index 00000000..dde12047 --- /dev/null +++ b/nixos/common/services/tailscale-autoconnect.nix @@ -0,0 +1,13 @@ +{ inputs, config, lib, pkgs, modulesPath, ... }: { + # Generic Tailscale configs are in /nixos/common/services/tailscale.nix + # Set up the secrets file: + sops.secrets."tailscale_key" = { + owner = "root"; + sopsFile = ../../../secrets/hosts/${hostname}.yaml; + restartUnits = [ + "tailscaled.service" + "tailscaled-autoconnect.service" + ]; + }; + services.tailscale.authKeyFile = "/run/secrets/tailscale_key"; +} \ No newline at end of file diff --git a/nixos/hosts/backups-rpi4/backup-script.nix b/nixos/hosts/backups-rpi4/backup-script.nix index 788eba1b..713c731b 100644 --- a/nixos/hosts/backups-rpi4/backup-script.nix +++ b/nixos/hosts/backups-rpi4/backup-script.nix @@ -265,6 +265,6 @@ in # Set up the secret for the password: sops.secrets."gotify_token" = { owner = "root"; - sopsFile = ../../../secrets/backups-rpi4.yaml; + sopsFile = ../../../secrets/hosts/backups-rpi4.yaml; }; } \ No newline at end of file diff --git a/nixos/hosts/backups-rpi4/default.nix b/nixos/hosts/backups-rpi4/default.nix index 2638bd38..6226e47d 100644 --- a/nixos/hosts/backups-rpi4/default.nix +++ b/nixos/hosts/backups-rpi4/default.nix @@ -1,10 +1,8 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. { inputs, config, lib, pkgs, modulesPath, ... }: { imports = [ inputs.nixos-hardware.nixosModules.raspberry-pi-4 (modulesPath + "/installer/scan/not-detected.nix") + ../../common/services/tailscale-autoconnect.nix ./backup-script.nix ./cron.nix ]; @@ -55,17 +53,6 @@ # END hardware config ##################################################################################### - # Generic Tailscale configs are in /nixos/common/services/tailscale.nix - # Set up the secrets file: - sops.secrets."tailscale_keys/backups-rpi4" = { - owner = "root"; - sopsFile = ../../../secrets/tailscale.yaml; - restartUnits = [ - "tailscaled.service" - "tailscaled-autoconnect.service" - ]; - }; - services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/backups-rpi4"; services.tailscale.extraUpFlags = [ "--advertise-exit-node" ]; boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; } \ No newline at end of file