Try to implement crowdsec everywhere, connected to central lapi

2025-04-04 17:44:19 +02:00 · 2025-04-04 17:44:19 +02:00 · da4ee48f72
commit da4ee48f72
parent d90a031c68
4 changed files with 66 additions and 2 deletions
--- a/secrets.nix
+++ b/secrets.nix
@ -8,9 +8,9 @@ let
  forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMf3Cc/S0p/LFcW+RLMEqpxOOv8q/HrKO4I9joHmRxl root@forgejo";
  nginx = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKX2wkS9bpMy1+ITPtQclRkthOwksWBZOLa3bT9oLAe1 root@nixos-nginx";

-  systems = [grafana onlyoffice postgresql forgejo];
+  systems = [grafana onlyoffice postgresql forgejo nginx];
 in {
-  "initialPassword.age".publicKeys = users ++ systems;
+  "secrets/initialPassword.age".publicKeys = users ++ systems;

  "services/grafana/secrets/grafana-db.age".publicKeys = [tbarnouin grafana];
  "services/grafana/secrets/grafana-oauth_secret.age".publicKeys = [tbarnouin grafana];
@ -28,4 +28,6 @@ in {
  "services/postgresql/secrets/onlyofficeDBPass.age".publicKeys = [tbarnouin postgresql];

  "services/nginx/secrets/cs-lapi-key.age".publicKeys = [tbarnouin nginx];
+  "services/minimalConfig/secrets/cs-lapi-key.age".publicKeys = users ++ systems;
+  "secrets/cs-lapi-key.age".publicKeys = users ++ systems;
 }