syncthing setup
This commit is contained in:
parent
24df8a251b
commit
52c074f973
GPG key ID:
AB79213B044674AE
19 changed files with 244 additions and 16 deletions
21
secrets.nix
21
secrets.nix
|
|
@ -1,12 +1,29 @@
|
|||
let
|
||||
pkgs = import <nixpkgs> { };
|
||||
inherit (pkgs) lib;
|
||||
keys = (import ./var { inherit lib; }).ssh-keys.root;
|
||||
ssh-keys = (import ./var { inherit lib; }).ssh-keys;
|
||||
keys = ssh-keys.root;
|
||||
trusted-keys = ssh-keys.trusted-root;
|
||||
secrets = [
|
||||
"roam/rclone-conf"
|
||||
"roam/firefox-sync-secret"
|
||||
"hd-password"
|
||||
"tlskey"
|
||||
];
|
||||
trusted-secrets = [
|
||||
# Can only be decrypted by clients
|
||||
"syncthing-password"
|
||||
];
|
||||
mkSecrets =
|
||||
keys: secrets: lib.mergeAttrsList (map (x: { "secrets/${x}.age".publicKeys = keys; }) secrets);
|
||||
syncthingManagedClients = (lib.importJSON ./var/syncthing-managed-clients.json).managed_clients;
|
||||
mkSyncthingSecret = client: {
|
||||
"secrets/syncthing/${client}.age".publicKeys = [ ssh-keys.by-host.root.${client} ];
|
||||
};
|
||||
syncthingSercrets = lib.mergeAttrsList (map mkSyncthingSecret syncthingManagedClients);
|
||||
in
|
||||
builtins.foldl' (acc: x: acc // { "secrets/${x}.age".publicKeys = keys; }) { } secrets
|
||||
lib.mergeAttrsList ([
|
||||
(mkSecrets keys secrets)
|
||||
(mkSecrets trusted-keys trusted-secrets)
|
||||
(syncthingSercrets)
|
||||
])
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue