Secrets dans un volume ZFS

2018-08-02 11:36:24 +02:00 · 2018-08-02 11:36:24 +02:00 · 0b75beb437
commit 0b75beb437
parent ab2ea34e50
2 changed files with 8 additions and 3 deletions
--- a/systems/LoutreOS/hardware-configuration.nix
+++ b/systems/LoutreOS/hardware-configuration.nix
@ -132,6 +132,11 @@
      fsType = "zfs";
    };

+  fileSystems."/mnt/secrets" =
+    { device = "loutrepool/secrets";
+      fsType = "zfs";
+    };
+
  swapDevices =
    [
      {
--- a/systems/LoutreOS/services.nix
+++ b/systems/LoutreOS/services.nix
@ -240,7 +240,7 @@ in
      repo = "/mnt/backup/borg";
      encryption = {
        mode = "repokey-blake2";
-        passCommand = "cat /root/borg/medias_encryption_pass";
+        passCommand = "cat /mnt/secrets/borgbackup_loutre_encryption_pass";
      };
      startAt = "weekly";
      prune.keep = {
@ -252,7 +252,7 @@ in
      postHook = ''
        ${pkgs.zfs}/bin/zfs destroy loutrepool/var/postgresql@borgsnap
        if [[ $exitStatus == 0 ]]; then
-          ${pkgs.rclone}/bin/rclone --config /root/.config/rclone/rclone.conf sync -v $BORG_REPO loutre_ovh:loutre
+          ${pkgs.rclone}/bin/rclone --config /mnt/secrets/rclone_loutre.conf sync -v $BORG_REPO loutre_ovh:loutre
        fi
      '';
    };
@ -265,7 +265,7 @@ in
    rootUrl = "https://gitea.nyanlout.re/";
    database.type = "postgres";
    database.port = 5432;
-    database.passwordFile = "/root/gitea_passphrase";
+    database.passwordFile = "/mnt/secrets/gitea_database_passwordFile";
  };

  services.vsftpd = {