beastie/dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add automout secrets via sops

Browse Source
This commit is contained in:
Jérémie SALVI
2025-10-02 15:51:59 +02:00
parent ba557d70d3
commit 83a2e55fd7
2 changed files with 26 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
modules/optionnals/openfortivpn.nix
View File

@@ -30,7 +30,7 @@ let
myMount = description: what: where: {
inherit description what where;
type = "cifs";
options = "credentials=/etc/openfortivpn/smb-secrets,uid=beastie,gid=users";
options = "credentials=${config.sops.templates."gbmshares-secrets".path},uid=beastie,gid=users";
};
myAutoMount = description: where: {
inherit description where;
@@ -47,18 +47,30 @@ in
secrets = {
"ldap_GBM/username" = { };
"ldap_GBM/password" = { };
"ldap_GBM/domain" = { };
"openfortivpn/host" = { };
"openfortivpn/port" = { };
};
templates."openfortivpn.conf" = {
content = ''
host = ${config.sops.placeholder."openfortivpn/host"}
port = ${config.sops.placeholder."openfortivpn/port"}
username = ${config.sops.placeholder."ldap_GBM/username"}
password = ${config.sops.placeholder."ldap_GBM/password"}
'';
mode = "0600";
owner = "root";
templates = {
"openfortivpn.conf" = {
content = ''
host = ${config.sops.placeholder."openfortivpn/host"}
port = ${config.sops.placeholder."openfortivpn/port"}
username = ${config.sops.placeholder."ldap_GBM/username"}
password = ${config.sops.placeholder."ldap_GBM/password"}
'';
mode = "0600";
owner = "root";
};
"gbmshares-secrets" = {
content = ''
username=${config.sops.placeholder."ldap_GBM/username"}
password=${config.sops.placeholder."ldap_GBM/password"}
domain=${config.sops.placeholder."ldap_GBM/domain"}
'';
mode = "0600";
owner = "root";
};
};
};
environment.systemPackages = [