nix on git yippee

2025-05-30 01:51:13 -04:00 · 2025-05-30 01:51:13 -04:00 · 981186a787
commit 981186a787
17 changed files with 579 additions and 0 deletions
--- a/host-secrets.nix
+++ b/host-secrets.nix
@ -0,0 +1,35 @@
+{
+  users.users.garage = {
+    isSystemUser = true;
+    group = "garage";
+    home = "/var/lib/garage";
+    description = "Garage service user";
+  };
+  
+  users.groups.garage = {};
+  
+  age.secrets = {
+    "build-token".file = ./secrets/build-token.age;
+    
+    "garage-rpc-secret" = {
+      file = ./secrets/garage-rpc-secret.age;
+      owner = "garage";
+      group = "garage";
+      mode = "0400";
+    };
+  
+    "garage-admin-token" = {
+      file = ./secrets/garage-admin-token.age;
+      owner = "garage";
+      group = "garage"; 
+      mode = "0400";
+    };
+  
+    "garage-metrics-token" = {
+      file = ./secrets/garage-metrics-token.age;
+      owner = "garage";
+      group = "garage";
+      mode = "0400";
+    };
+  };
+}