From afe4cd624455c3b28beef7914a4d247b65b40a52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charlotte=20=F0=9F=A6=9D=20Delenk?= Date: Mon, 17 Jan 2022 15:22:22 +0100 Subject: [PATCH] Revert "remove minio credentials file" This reverts commit ac89c780daae31c1944fa850b29e61bc647f7233. --- config/services/minio.nix | 5 ++--- config/sops.nix | 1 + secrets/nixos-8gb-fsn1-1/secrets.yaml | 6 ++++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/config/services/minio.nix b/config/services/minio.nix index f0bdd504..64f9ef38 100644 --- a/config/services/minio.nix +++ b/config/services/minio.nix @@ -3,11 +3,9 @@ let listenIPs = (import ../../utils/getInternalIP.nix config).listenIPs; in { - imports = [ - /run/secrets/services/minio.nix - ]; services.minio = { enable = true; + rootCredentialsFile = "/run/secrets/security/minio/credentials_file"; dataDir = [ "/var/lib/minio/disk0" "/var/lib/minio/disk1" @@ -16,6 +14,7 @@ in ]; }; services.prometheus.exporters.minio = { + # TODO: doesn't work enable = true; }; services.nginx.virtualHosts."minio.int.chir.rs" = { diff --git a/config/sops.nix b/config/sops.nix index 15702ca9..bc8708c0 100644 --- a/config/sops.nix +++ b/config/sops.nix @@ -5,6 +5,7 @@ sops.secrets."network/wireguard/privkey" = { }; sops.secrets."security/acme/dns" = { }; sops.secrets."security/restic/password" = { }; + sops.secrets."security/minio/credentials_file" = { }; sops.secrets."services/gitea.nix" = { }; sops.secrets."services/minio.nix" = { }; } diff --git a/secrets/nixos-8gb-fsn1-1/secrets.yaml b/secrets/nixos-8gb-fsn1-1/secrets.yaml index 0fafa434..ed7feedb 100644 --- a/secrets/nixos-8gb-fsn1-1/secrets.yaml +++ b/secrets/nixos-8gb-fsn1-1/secrets.yaml @@ -6,6 +6,8 @@ security: dns: ENC[AES256_GCM,data:BxBOnnQZLgs9Y6VSL5umzCHmvQTgxDyTRftnR7zbzARJXaRQP5tnUyZFB4oBhO5d/s4TUEwXhSbbdjBttEuI1drh8X2iNTnWtKaSx7TPFhJJXD0jN4eOSgEyZ0GQYieLCYilpiMOgpkTnSdsFkKkQylCsRcu6eXAgtvZYVg/c9SxnNgT7syC2C+VqsgkhYdrHdtguoGigpyfQ3wA4hOABjDipYGw46NHCx1jPAi1mw2txg04/GCCCggvwV6b/EQZ2rA8bBKM2Stw4wYZXvU7V+XaNZngt1vxBSR4OqU=,iv:Gw3mM1G89NdddGdiCrxuOfChudsIXEvABpoSysQfXp0=,tag:2I9lq1h37OhFEflkaj5/BQ==,type:str] restic: password: ENC[AES256_GCM,data:tjdAanBeEtMm6EA4xLH0d1XbCk4=,iv:PXwy9Cm+iT0i4UpNrNEZUpAdpuvqYkdSoLMkWeiXLWE=,tag:G3Fosmuva0/BYQ1VEn0pQQ==,type:str] + minio: + credentials_file: ENC[AES256_GCM,data:ZmdxboXeY7cbQ5b9h5JKO4uewTZC8XCbg9T8KvCA9afjwWjruuoHZ/LcXgEphdwuBB6CpcRqMze+21fT16svqUgLgVcCRLmtx7E=,iv:s2b4KtQM1fkMVxAAGD5sSOkum9Lhcy1khV8GabbhFXQ=,tag:aHL4SUuOwzU5V9Wz6otS0g==,type:str] services: gitea.nix: ENC[AES256_GCM,data:51YBcqkQJFbvJEZ7U9Fr6YPqtF6Sn+huLKPQHXoIFlrhlSTZDtGpPci1MQVI7X/UWSpdCTtOa22doguWEqWG9rUaekfmDTL8jb/WbV7jtDYnFINE1NRRFb/RIFmQJ/UPODsesewtg8vNPiU9ZAQgep9ttPMpqnRWkEHcFisTrHO1gZ0D6pF2EFbBEZX3Z5q7rPcr5907KiF0HALFueVqzONGCYGxmzBIFWA8Um1wYKlwWieqjos60Ip2,iv:wMOKydq0NLazAQC3joFTyhbmEIvwDGFc4sEhcQ3a/gc=,tag:c5MndmKCjBm7u63R9VWwgA==,type:str] minio.nix: ENC[AES256_GCM,data:8Vl12m86NNLIvyJ8AYxVCqdgZ1KeWoN0kjvkyjlrcAZYVJcRgL5kWpASg1jSbhVnOE+YvRboA8Y6O9eyitylLBny/nttscaZS1gge7U8qOZsx+/8UPwWJMNIP4re/as4BKX9cKj7OqhttOyQ/ArqUA==,iv:fHFo2mSvd1XOPcttA3PZHLAq2bLMKHZqpeHAheVGj0E=,tag:cfXJfiQk3hIYnnvPzF7p1Q==,type:str] @@ -33,8 +35,8 @@ sops: QkkzbUVrVWtYMWhLa0N5MzJ2KzV4MW8KEAtd2cnwNH01rYUFr+qWyAhHvUsqsxXg not2RQLEIGbo80Z7CMIwqCIpUYOL4m70KlEKrFzflXFbOFX2en82iA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-01-17T13:20:58Z" - mac: ENC[AES256_GCM,data:DHfy+PkPRan25QUJ/h0n/7pbmXVGjhMevz2GlRIwzTQ31577kzJemu41ZLcsyppREJCF1zef2dSPxq/9IuDwTdmUcpdPJh79n81VNEFtWDGtQ4N7nMmPaS1L7y7SBs7pzNMJRP5C1lQodlysNQL4cxs3atBJIJNCb36pghc+sGU=,iv:kA9hugmujb9mh+RPhXdE1rFgcB3DSmovYLX1FvwYBww=,tag:pdkP9ya6fVDE61QouUKQKA==,type:str] + lastmodified: "2022-01-17T13:18:47Z" + mac: ENC[AES256_GCM,data:skblMX8kgdoJLO0darjUJIRTBcFlS4rGD7niyCZ7tCc2HhNwAiTo0vG3ZJmsm554W7FQ/uMvL/JJsAzbi9XL+2+r8GupUNUfx1HOVakIxlt5IlUCXc+CavRVKNyR/MY4zfSCBnjy4IbzvoQmVnAFknUvJ3NN2EEL/BAX2mzHTOw=,iv:IDn8ghi/N2pOAfn8l4S68SN2TBqiAG2w/kZ47coAmkg=,tag:wZShGuxkFF69xHXdbmi/7w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.1