vanadium: centralize secret management

2025-12-06 14:49:14 +00:00 · 2025-04-07 16:07:09 +02:00 · 2025-04-07 16:07:09 +02:00 · ce7e1e4da4
commit ce7e1e4da4
parent e9319a48e5
3 changed files with 34 additions and 26 deletions
--- a/nix/configurations/vanadium.nix
+++ b/nix/configurations/vanadium.nix
@ -144,5 +144,39 @@ in
          ];
        };
      }
+
+      #
+      # Secrets
+      #
+      {
+        age.secrets = {
+          wpa_password.file = "${../secrets/wpa_password.age}";
+
+          restic_backblaze_pwd.file = "${../secrets/restic_backblaze_pwd.age}";
+          restic_backblaze_repo.file = "${../secrets/restic_backblaze_repo.age}";
+          restic_backblaze_env.file = "${../secrets/restic_backblaze_env.age}";
+
+          four_pwd.file = "${../secrets/four_pwd.age}";
+          restic_four_pwd.file = "${../secrets/restic_four_pwd.age}";
+
+          sgbk_pwd.file = "${../secrets/sgbk_pwd.age}";
+          restic_sgbk_pwd.file = "${../secrets/restic_sgbk_pwd.age}";
+
+          two_pwd.file = "${../secrets/two_pwd.age}";
+        };
+
+        home-manager.users.leana = {
+          age.secrets = {
+            sshconfig = {
+              file = "${../secrets/sshconfig.age}";
+              path = "/home/leana/.ssh/config";
+            };
+            ltex_dict = {
+              file = "${../secrets/ltex_dict.age}";
+              path = "/home/leana/.config/ltex_dict";
+            };
+          };
+        };
+      }
    ];
  }