From 0b75beb4374c4007a1142a8573cc94a9da8c8035 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 2 Aug 2018 11:36:24 +0200 Subject: [PATCH] Secrets dans un volume ZFS --- systems/LoutreOS/hardware-configuration.nix | 5 +++++ systems/LoutreOS/services.nix | 6 +++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 09b0bb3..0687d2a 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -132,6 +132,11 @@ fsType = "zfs"; }; + fileSystems."/mnt/secrets" = + { device = "loutrepool/secrets"; + fsType = "zfs"; + }; + swapDevices = [ { diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 9d11770..e2a2bf3 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -240,7 +240,7 @@ in repo = "/mnt/backup/borg"; encryption = { mode = "repokey-blake2"; - passCommand = "cat /root/borg/medias_encryption_pass"; + passCommand = "cat /mnt/secrets/borgbackup_loutre_encryption_pass"; }; startAt = "weekly"; prune.keep = { @@ -252,7 +252,7 @@ in postHook = '' ${pkgs.zfs}/bin/zfs destroy loutrepool/var/postgresql@borgsnap if [[ $exitStatus == 0 ]]; then - ${pkgs.rclone}/bin/rclone --config /root/.config/rclone/rclone.conf sync -v $BORG_REPO loutre_ovh:loutre + ${pkgs.rclone}/bin/rclone --config /mnt/secrets/rclone_loutre.conf sync -v $BORG_REPO loutre_ovh:loutre fi ''; }; @@ -265,7 +265,7 @@ in rootUrl = "https://gitea.nyanlout.re/"; database.type = "postgres"; database.port = 5432; - database.passwordFile = "/root/gitea_passphrase"; + database.passwordFile = "/mnt/secrets/gitea_database_passwordFile"; }; services.vsftpd = {