chore(infra): Switch to age-secrets.autoMatch

2024-02-19 14:47:27 +01:00 · 2024-02-19 14:47:27 +01:00 · ad39c91168
commit ad39c91168
parent 10e768cacd
12 changed files with 12 additions and 30 deletions
--- a/machines/compute01/ds-fr/default.nix
+++ b/machines/compute01/ds-fr/default.nix
@ -9,7 +9,7 @@ in
  services.demarches-simplifiees = {
    enable = true;
-    secretFile = config.age.secrets.ds_fr-secret_file.path;
+    secretFile = config.age.secrets."ds-fr-secret_file".path;
    initialDeploymentDate = "20230923";
@ -64,7 +64,5 @@ in
    };
  };
-  age-secrets.matches."^ds_fr-.*$" = {
+  age-secrets.autoMatch = [ "ds-fr" ];
    owner = "ds-fr";
  };
 }
--- a/machines/compute01/k-radius/default.nix
+++ b/machines/compute01/k-radius/default.nix
@ -54,9 +54,7 @@
    radiusClients = { };
  };
-  age-secrets.matches."^radius-.*$" = {
+  age-secrets.autoMatch = [ "radius" ];
    owner = "radius";
  };
  networking.firewall.allowedTCPPorts = [ 1812 ];
  networking.firewall.allowedUDPPorts = [ 1812 ];
--- a/machines/compute01/mastodon.nix
+++ b/machines/compute01/mastodon.nix
@ -39,7 +39,5 @@ in
    extraEnvFiles = [ config.age.secrets."mastodon-extra_env_file".path ];
  };
-  age-secrets.matches."^mastodon-.*$" = {
+  age-secrets.autoMatch = [ "mastodon" ];
    owner = "mastodon";
  };
 }
--- a/machines/compute01/nextcloud.nix
+++ b/machines/compute01/nextcloud.nix
@ -199,9 +199,7 @@ in
    "129.199.146.148" = [ "s3.dgnum.eu" ];
  };
-  age-secrets.matches."^nextcloud-.*$" = {
+  age-secrets.autoMatch = [ "nextcloud" ];
    owner = "nextcloud";
  };
  system.activationScripts = {
    restart-nextcloud.text = ''
--- a/machines/compute01/outline.nix
+++ b/machines/compute01/outline.nix
@ -52,7 +52,5 @@ in
    };
  };
-  age-secrets.matches."^outline-.*$" = {
+  age-secrets.autoMatch = [ "outline" ];
    owner = "outline";
  };
 }
--- a/machines/compute01/satosa/default.nix
+++ b/machines/compute01/satosa/default.nix
@ -153,7 +153,5 @@ in
    forceSSL = true;
  };
-  age-secrets.matches."^satosa-.*$" = {
+  age-secrets.autoMatch = [ "satosa" ];
    owner = "satosa";
  };
 }
--- a/machines/compute01/secrets/ds-fr-secret_file
+++ b/machines/compute01/secrets/ds-fr-secret_file
--- a/machines/compute01/secrets/secrets.nix
+++ b/machines/compute01/secrets/secrets.nix
@ -4,7 +4,7 @@ let
 in
 lib.setDefault { inherit publicKeys; } [
-  "ds_fr-secret_file"
+  "ds-fr-secret_file"
  "grafana-smtp_password_file"
  "grafana-oauth_client_secret_file"
  "hedgedoc-environment_file"
--- a/machines/compute01/zammad.nix
+++ b/machines/compute01/zammad.nix
@ -51,7 +51,5 @@ in
    };
  };
-  age-secrets.matches."^zammad-.*$" = {
+  age-secrets.autoMatch = [ "zammad" ];
    owner = "zammad";
  };
 }
--- a/machines/storage01/netbird/default.nix
+++ b/machines/storage01/netbird/default.nix
@ -43,5 +43,5 @@ in
    };
  };
-  # age-secrets.matches."^netbird-.*$" = { owner = "netbird"; };
+  # age-secrets.autoMatch = [ "netbird" ];
 }
--- a/machines/storage01/peertube.nix
+++ b/machines/storage01/peertube.nix
@ -64,7 +64,5 @@ in
    forceSSL = true;
  };
-  age-secrets.matches."^peertube-.*$" = {
+  age-secrets.autoMatch = [ "peertube" ];
    owner = "peertube";
  };
 }
--- a/machines/web01/matterbridge.nix
+++ b/machines/web01/matterbridge.nix
@ -6,7 +6,5 @@
    configPath = config.age.secrets."matterbridge-config_file".path;
  };
-  age-secrets.matches."^matterbridge-.*$" = {
+  age-secrets.autoMatch = [ "matterbridge" ];
    owner = "matterbridge";
  };
 }