fix(secrets): fix more permission issues

2022-05-06 15:48:57 +02:00 · 2022-05-06 15:48:57 +02:00 · 867bd7d3de
parent 557d744846
commit 867bd7d3de
5 changed files with 5 additions and 8 deletions
--- a/rpi4.nix
+++ b/rpi4.nix
@ -32,11 +32,7 @@ in with builtins; {
    ./services/nextcloud.nix
  ];
-  age.secrets.cfdyndns = {
+  age.secrets.cloudflare.file = ./secrets/cloudflare.age;
    file = ./secrets/cfdyndns.age;
    owner = "cfdyndns";
    group = "cfdyndns";
  };
  age.secrets.hostKey.file = ./secrets/home-server/hostKey.age;
  nixpkgs.config.allowUnfree = true;
@ -70,7 +66,7 @@ in with builtins; {
    use = "web";
    zone = "felschr.com";
    username = "felschr@pm.me";
-    passwordFile = config.age.secrets.cfdyndns.path;
+    passwordFile = config.age.secrets.cloudflare.path;
    domains = [
      "home.felschr.com"
      "cloud.felschr.com"
--- a/secrets/cloudflare.age
+++ b/secrets/cloudflare.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -21,7 +21,7 @@ in {
  "mqtt/tasmota.age".publicKeys = [ felschr home-pc home-server ];
  "mqtt/owntracks.age".publicKeys = [ felschr home-pc home-server ];
  "mqtt/owntracks-plain.age".publicKeys = [ felschr home-pc home-server ];
-  "cfdyndns.age".publicKeys = [ felschr home-pc home-server ];
+  "cloudflare.age".publicKeys = [ felschr home-pc home-server ];
  "owntracks/htpasswd.age".publicKeys = [ felschr home-pc home-server ];
  "etebase-server.age".publicKeys = [ felschr home-pc home-server ];
  "miniflux.age".publicKeys = [ felschr home-pc home-server ];
--- a/services/home-assistant.nix
+++ b/services/home-assistant.nix
@ -120,5 +120,7 @@ in {
  age.secrets.hass-secrets = {
    file = ../secrets/hass/secrets.age;
    path = "/var/lib/hass/secrets.yaml";
    owner = "hass";
    group = "hass";
  };
 }
--- a/services/mosquitto.nix
+++ b/services/mosquitto.nix
@ -9,7 +9,6 @@ let
  mkSecret = file: {
    inherit file;
    owner = "mosquitto";
    group = "mosquitto";
  };
 in {
  age.secrets = {