sops -> clan facts
This commit is contained in:
parent
e4bb865b3d
commit
295c536b1a
6 changed files with 44 additions and 65 deletions
|
@ -20,7 +20,8 @@
|
|||
./hass-zigbee2mqtt.nix
|
||||
./hass.nix
|
||||
|
||||
./taskwarrior-autotag.nix
|
||||
# todo: add autotag again
|
||||
#./taskwarrior-autotag.nix
|
||||
|
||||
./media-audiobookshelf.nix
|
||||
./media-castget.nix
|
||||
|
@ -33,7 +34,6 @@
|
|||
./telemetry/grafana.nix
|
||||
./telemetry/telegraf-smart.nix
|
||||
./telemetry/telegraf.nix
|
||||
#./telemetry/opentelemetry-hass.nix
|
||||
./telemetry/prometheus.nix
|
||||
./telemetry/loki.nix # todo enable this one again
|
||||
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
|
||||
clanCore.facts.services.s3 = factsGenerator.password { name = "root"; service = "s3"; };
|
||||
|
||||
services.minio = {
|
||||
enable = true;
|
||||
region = "home";
|
||||
rootCredentialsFile = config.sops.secrets.minioRootCredentials.path;
|
||||
rootCredentialsFile = config.clanCore.facts.services.s3.secret."s3.root".path;
|
||||
};
|
||||
|
||||
sops.secrets.minioRootCredentials = { };
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."s3.${config.networking.hostName}.private" = {
|
||||
|
|
|
@ -1,28 +1,42 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
sops.secrets.autotagTaskwarriorCa = {
|
||||
owner = "taskwarrior-autotag";
|
||||
key = "taskwarriorCa";
|
||||
};
|
||||
sops.secrets.autotagTaskwarriorCertificate = {
|
||||
owner = "taskwarrior-autotag";
|
||||
key = "taskwarriorCertificate";
|
||||
};
|
||||
sops.secrets.autotagTaskwarriorKey = {
|
||||
owner = "taskwarrior-autotag";
|
||||
key = "taskwarriorKey";
|
||||
|
||||
clanCore.facts.services.taskserver = {
|
||||
secret."taskserver.ca" = { };
|
||||
secret."taskserver.cert" = { };
|
||||
secret."taskserver.key" = { };
|
||||
generator.script = "";
|
||||
};
|
||||
|
||||
#sops.secrets.autotagTaskwarriorCa = {
|
||||
# owner = "taskwarrior-autotag";
|
||||
# key = "taskwarriorCa";
|
||||
#};
|
||||
#sops.secrets.autotagTaskwarriorCertificate = {
|
||||
# owner = "taskwarrior-autotag";
|
||||
# key = "taskwarriorCertificate";
|
||||
#};
|
||||
#sops.secrets.autotagTaskwarriorKey = {
|
||||
# owner = "taskwarrior-autotag";
|
||||
# key = "taskwarriorKey";
|
||||
#};
|
||||
|
||||
services.taskwarrior-autotag = {
|
||||
enable = true;
|
||||
recurrence = "off";
|
||||
onCalendar = "hourly";
|
||||
server = "taskd.ingolf-wagner.de:53589";
|
||||
caFile = config.sops.secrets.autotagTaskwarriorCa.path;
|
||||
certificateFile = config.sops.secrets.autotagTaskwarriorCertificate.path;
|
||||
keyFile = config.sops.secrets.autotagTaskwarriorKey.path;
|
||||
|
||||
#caFile = config.sops.secrets.autotagTaskwarriorCa.path;
|
||||
#certificateFile = config.sops.secrets.autotagTaskwarriorCertificate.path;
|
||||
#keyFile = config.sops.secrets.autotagTaskwarriorKey.path;
|
||||
|
||||
credentials = "1337/palo/ad40dce8-4b38-4011-b032-60a91b6f22cd";
|
||||
|
||||
caFile = config.clanCore.facts.services.taskserver.secret."taskserver.ca".path;
|
||||
certificateFile = config.clanCore.facts.services.taskserver.secret."taskserver.cert".path;
|
||||
keyFile = config.clanCore.facts.services.taskserver.secret."taskserver.key".path;
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,38 +0,0 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
|
||||
#{
|
||||
# name = "home-assistant";
|
||||
# rules = [
|
||||
# {
|
||||
# record = "home_open_window_sum";
|
||||
# expr = ''sum( homeassistant_binary_sensor_state{entity=~"binary_sensor\\.window_02_contact|binary_sensor\\.window_03_contact|binary_sensor\\.window_04_contact|binary_sensor\\.window_05_contact|binary_sensor\\.window_06_contact|binary_sensor\\.window_07_contact"} )'';
|
||||
# }
|
||||
# ] ++ (map
|
||||
# (number:
|
||||
# {
|
||||
# record = "home_at_least_n_windows_open";
|
||||
# expr = ''home_open_window_sum >= bool ${toString number}'';
|
||||
# labels.n = number;
|
||||
# }) [ 1 2 3 ]);
|
||||
#};
|
||||
|
||||
sops.secrets.hass_long_term_token.owner = "prometheus";
|
||||
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.pipelines.metrics.receivers = [ "prometheus" ];
|
||||
receivers.prometheus.config.scrape_configs = [
|
||||
{
|
||||
# see https://www.home-assistant.io/integrations/prometheus/
|
||||
job_name = "home-assistant";
|
||||
scrape_interval = "60s";
|
||||
metrics_path = "/api/prometheus";
|
||||
bearer_token_file = toString config.sops.secrets.hass_long_term_token.path;
|
||||
static_configs = [{
|
||||
targets = [ "127.0.0.1:8123" ];
|
||||
}];
|
||||
}
|
||||
];
|
||||
|
||||
};
|
||||
}
|
|
@ -21,9 +21,6 @@
|
|||
|
||||
system.stateVersion = "22.11";
|
||||
|
||||
sops.secrets.pushover_user_key = { };
|
||||
sops.secrets.pushover_api_key = { };
|
||||
|
||||
# Use the systemd-boot EFI boot loader, not grub
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ pkgs, config, ... }:
|
||||
{ pkgs, config, factsGenerator, ... }:
|
||||
|
||||
# don't forget the database backup before upgrading
|
||||
# -------------------------------------------------
|
||||
|
@ -50,8 +50,11 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
sops.secrets.nextcloud_database_password.owner = "nextcloud";
|
||||
sops.secrets.nextcloud_root_password.owner = "nextcloud";
|
||||
#sops.secrets.nextcloud_database_password.owner = "nextcloud";
|
||||
#sops.secrets.nextcloud_root_password.owner = "nextcloud";
|
||||
|
||||
clanCore.facts.services.nextcloud_root = factsGenerator.password { service = "nextcloud"; name = "root"; };
|
||||
clanCore.facts.services.nextcloud_database = factsGenerator.password { service = "nextcloud"; name = "database"; };
|
||||
|
||||
users.users.nextcloud = {
|
||||
isSystemUser = true;
|
||||
|
@ -72,12 +75,14 @@ in
|
|||
# mount host folders
|
||||
bindMounts = {
|
||||
rootpassword = {
|
||||
hostPath = "/run/secrets/nextcloud_root_password";
|
||||
#hostPath = "/run/secrets/nextcloud_root_password";
|
||||
hostPath = config.clanCore.facts.services.nextcloud_root.secret."nextcloud.root".path;
|
||||
mountPoint = "/run/secrets/nextcloud_root_password";
|
||||
isReadOnly = true;
|
||||
};
|
||||
databasepassword = {
|
||||
hostPath = "/run/secrets/nextcloud_database_password";
|
||||
#hostPath = "/run/secrets/nextcloud_database_password";
|
||||
hostPath = config.clanCore.facts.services.nextcloud_database.secret."nextcloud.database".path;
|
||||
mountPoint = "/run/secrets/nextcloud_database_password";
|
||||
isReadOnly = true;
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue