beastie/dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add automout secrets via sops

Browse Source
This commit is contained in:
Jérémie SALVI
2025-10-02 15:51:59 +02:00
parent ba557d70d3
commit 83a2e55fd7
2 changed files with 26 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
flake.lock generated
View File

@@ -23,11 +23,11 @@
"mysecrets": {
"flake": false,
"locked": {
"lastModified": 1759394888,
"narHash": "sha256-FwmvYoAcBtsKW4dGVeD+/zHKov3cIYfyWO1Fwqv3HwQ=",
"lastModified": 1759412548,
"narHash": "sha256-xiYMJkiKDjqva1V2yznKgdAPdL8FIvKiF2bHtgGPgLE=",
"ref": "refs/heads/main",
"rev": "e5ceedd0e56ae0272875765da13dccabf8747764",
"revCount": 10,
"rev": "43fa5245e5a5dfb242aa4914060159aa21b85b25",
"revCount": 11,
"type": "git",
"url": "file:///home/beastie/nixos/secrets"
},

32
modules/optionnals/openfortivpn.nix
View File

@@ -30,7 +30,7 @@ let
myMount = description: what: where: {
inherit description what where;
type = "cifs";
options = "credentials=/etc/openfortivpn/smb-secrets,uid=beastie,gid=users";
options = "credentials=${config.sops.templates."gbmshares-secrets".path},uid=beastie,gid=users";
};
myAutoMount = description: where: {
inherit description where;
@@ -47,18 +47,30 @@ in
secrets = {
"ldap_GBM/username" = { };
"ldap_GBM/password" = { };
"ldap_GBM/domain" = { };
"openfortivpn/host" = { };
"openfortivpn/port" = { };
};
templates."openfortivpn.conf" = {
content = ''
host = ${config.sops.placeholder."openfortivpn/host"}
port = ${config.sops.placeholder."openfortivpn/port"}
username = ${config.sops.placeholder."ldap_GBM/username"}
password = ${config.sops.placeholder."ldap_GBM/password"}
'';
mode = "0600";
owner = "root";
templates = {
"openfortivpn.conf" = {
content = ''
host = ${config.sops.placeholder."openfortivpn/host"}
port = ${config.sops.placeholder."openfortivpn/port"}
username = ${config.sops.placeholder."ldap_GBM/username"}
password = ${config.sops.placeholder."ldap_GBM/password"}
'';
mode = "0600";
owner = "root";
};
"gbmshares-secrets" = {
content = ''
username=${config.sops.placeholder."ldap_GBM/username"}
password=${config.sops.placeholder."ldap_GBM/password"}
domain=${config.sops.placeholder."ldap_GBM/domain"}
'';
mode = "0600";
owner = "root";
};
};
};
environment.systemPackages = [