raphael/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(secrets): adding the vault secrets

Browse source
This commit is contained in:
Raphael 2026-03-08 17:54:39 +01:00
parent 688fb2f4dd
commit 1be665dfd4
No known key found for this signature in database
4 changed files with 24 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
hosts/server/secrets.nix
View file

@ -88,4 +88,17 @@
mode = "0400"; mode = "0400";
}; };
age.secrets."vault-oidc-secret" = {
file = ../../secrets/vault-oidc-secret.age;
owner = "kanidm";
group = "kanidm";
mode = "0400";
};
age.secrets."vault-secret-env" = {
file = ../../secrets/vault-secret-env.age;
owner = "vaultwarden";
group = "vaultwarden";
mode = "0400";
};
} }

2
secrets/secrets.nix
View file

@ -22,4 +22,6 @@ in
"forgejo-runner-token.age".publicKeys = users ++ systems; "forgejo-runner-token.age".publicKeys = users ++ systems;
"kandim-admin.age".publicKeys = users ++ systems; "kandim-admin.age".publicKeys = users ++ systems;
"kandim-idmAdmin.age".publicKeys = users ++ systems; "kandim-idmAdmin.age".publicKeys = users ++ systems;
"vault-secret-env.age".publicKeys = users ++ systems;
"vault-oidc-secret.age".publicKeys = users ++ systems;
} }

BIN
secrets/vault-oidc-secret.age Normal file
View file

Binary file not shown.

9
secrets/vault-secret-env.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 Iy+0iw rpRn2BgDtK3p1tHofUH/nCEwRh4z7rjAwLbvbhCTSkg
6ZiVqx6pNZyYmhsDhZh3YG6+LKiRsnuWMfN8KzJLyhw
-> ssh-ed25519 ocqiLQ AguX30lc6+1ckV3ENiHhboGyNyf2pN0hqIytsTAjwz4
rAGWhtuROHn8p0eAGEKS6Xp+PyYmpbw2EbdadbfJxt0
--- WA9Zus5yXPXPD+TiHyUlEIqozmvhAxWQTE6s2olZ1fs
2*8Ö<38>3˜gã ¾E(µªÛ+ÃÝ<ïµtª<74>­Öà•ÞFúÕ×#v7Cü+|
Ò£ÉýZ¥Y(â.áÛ´Dê.‡Ôr`ý`Žz‡@™³<E284A2>Ã)141}Þ@°œ_¼þ&€¨œß2£ ÀºqÒOH>Ÿ÷w[„ðŒ<Õr<C395>Æ3àÚrI¦MÎb+ôÌo90H÷*D'ªy&ç]÷h1 솥ݞšs&Œ• Ò<ƒÇ
"ÊpœéÑÃýûiQß^×p9ÕËÎâžb#æ²)ch*ç;'"¢gõCvñfø­§Øæ}®Õùv