forked from CCCHH/nix-infra
Switch the netbox hosts secret management from colmena to sops-nix
This commit is contained in:
parent
154edc1972
commit
dc439abefe
SSH key fingerprint:
SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
6 changed files with 264 additions and 9 deletions
|
|
@ -10,21 +10,17 @@
|
|||
services.netbox = {
|
||||
enable = true;
|
||||
package = pkgs.netbox;
|
||||
secretKeyFile = "/secrets/netbox-secret-key.secret";
|
||||
secretKeyFile = "/run/secrets/netbox_secret_key";
|
||||
settings = {
|
||||
ALLOWED_HOSTS = [ "netbox.hamburg.ccc.de" ];
|
||||
SESSION_COOKIE_SECURE = true;
|
||||
};
|
||||
};
|
||||
|
||||
deployment.keys."netbox-secret-key.secret" = {
|
||||
keyCommand = [ "env" "pass" "noc/vm-secrets/z9/netbox/netbox_secret_key" ];
|
||||
|
||||
destDir = "/secrets";
|
||||
user = "netbox";
|
||||
sops.secrets."netbox_secret_key" = {
|
||||
mode = "0440";
|
||||
owner = "netbox";
|
||||
group = "netbox";
|
||||
permissions = "0440";
|
||||
|
||||
uploadAt = "pre-activation";
|
||||
restartUnits = [ "netbox.service" ];
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue