beastie/dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add automout secrets via sops

Browse Source
This commit is contained in:
Jérémie SALVI
2025-10-02 15:51:59 +02:00
parent ba557d70d3
commit 83a2e55fd7
2 changed files with 26 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
flake.lock generated
View File

@@ -23,11 +23,11 @@
"mysecrets": { "mysecrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1759394888, "lastModified": 1759412548,
"narHash": "sha256-FwmvYoAcBtsKW4dGVeD+/zHKov3cIYfyWO1Fwqv3HwQ=", "narHash": "sha256-xiYMJkiKDjqva1V2yznKgdAPdL8FIvKiF2bHtgGPgLE=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "e5ceedd0e56ae0272875765da13dccabf8747764", "rev": "43fa5245e5a5dfb242aa4914060159aa21b85b25",
"revCount": 10, "revCount": 11,
"type": "git", "type": "git",
"url": "file:///home/beastie/nixos/secrets" "url": "file:///home/beastie/nixos/secrets"
}, },

32
modules/optionnals/openfortivpn.nix
View File

@@ -30,7 +30,7 @@ let
myMount = description: what: where: { myMount = description: what: where: {
inherit description what where; inherit description what where;
type = "cifs"; type = "cifs";
options = "credentials=/etc/openfortivpn/smb-secrets,uid=beastie,gid=users"; options = "credentials=${config.sops.templates."gbmshares-secrets".path},uid=beastie,gid=users";
}; };
myAutoMount = description: where: { myAutoMount = description: where: {
inherit description where; inherit description where;
@@ -47,18 +47,30 @@ in
secrets = { secrets = {
"ldap_GBM/username" = { }; "ldap_GBM/username" = { };
"ldap_GBM/password" = { }; "ldap_GBM/password" = { };
"ldap_GBM/domain" = { };
"openfortivpn/host" = { }; "openfortivpn/host" = { };
"openfortivpn/port" = { }; "openfortivpn/port" = { };
}; };
templates."openfortivpn.conf" = { templates = {
content = '' "openfortivpn.conf" = {
host = ${config.sops.placeholder."openfortivpn/host"} content = ''
port = ${config.sops.placeholder."openfortivpn/port"} host = ${config.sops.placeholder."openfortivpn/host"}
username = ${config.sops.placeholder."ldap_GBM/username"} port = ${config.sops.placeholder."openfortivpn/port"}
password = ${config.sops.placeholder."ldap_GBM/password"} username = ${config.sops.placeholder."ldap_GBM/username"}
''; password = ${config.sops.placeholder."ldap_GBM/password"}
mode = "0600"; '';
owner = "root"; mode = "0600";
owner = "root";
};
"gbmshares-secrets" = {
content = ''
username=${config.sops.placeholder."ldap_GBM/username"}
password=${config.sops.placeholder."ldap_GBM/password"}
domain=${config.sops.placeholder."ldap_GBM/domain"}
'';
mode = "0600";
owner = "root";
};
}; };
}; };
environment.systemPackages = [ environment.systemPackages = [