depot/ops/vault/cfg/config.nix

83 lines
1.9 KiB
Nix
Raw Normal View History

2022-03-14 23:34:33 +00:00
{ lib, config, ... }:
2022-03-14 21:29:15 +00:00
{
2022-03-14 23:34:33 +00:00
imports = [
./policies-raw.nix
./policies-app.nix
./authbackend-approle.nix
./authbackend-oidc.nix
2022-05-21 14:42:55 +00:00
./authbackend-authentik.nix
2022-03-14 23:34:33 +00:00
./ssh-ca-client.nix
./ssh-ca-server.nix
./servers.nix
2022-03-16 00:18:47 +00:00
./acme-ca.nix
2022-04-05 21:04:32 +00:00
./lukegbcom-deployer.nix
2022-03-14 23:34:33 +00:00
];
2022-03-14 21:29:15 +00:00
terraform = {
backend.gcs = {
bucket = "lukegb-terraform-state";
prefix = "depot/vault";
};
required_providers.vault = {
source = "hashicorp/vault";
version = "3.3.1";
};
};
2022-03-14 23:34:33 +00:00
provider.vault = {
address = "https://vault.int.lukegb.com";
};
2022-04-05 21:04:32 +00:00
resource.vault_gcp_secret_backend.gcp = {
path = "gcp";
};
data.vault_generic_secret.misc = {
path = "kv/misc-input";
};
2022-04-09 19:59:11 +00:00
my.apps.deluge = {};
2022-04-10 00:37:37 +00:00
my.apps.fup = {};
2022-04-09 20:51:24 +00:00
my.apps.matrix-synapse = {};
2022-03-14 23:34:33 +00:00
my.apps.pomerium = {};
2022-04-09 20:51:24 +00:00
my.apps.quotesdb = {};
my.apps.turn = {};
my.apps.twitterchiver = {};
2022-04-09 19:59:11 +00:00
my.apps.sslrenew-raritan.policy = ''
# sslrenew-raritan is permitted to issue certificates.
path "acme/certs/*" {
capabilities = ["create"]
}
'';
my.apps.deployer.policy = ''
# Allow reading nix-daemon secrets
path "kv/data/apps/nix-daemon" {
capabilities = ["read"]
}
path "kv/metadata/apps/nix-daemon" {
capabilities = ["read"]
}
'';
2022-05-12 22:55:10 +00:00
my.apps.authentik = {};
my.apps.gitlab-runner = {};
my.apps.plex-pass = {};
2022-04-09 19:59:11 +00:00
my.servers.etheroute-lon01.apps = [ "pomerium" ];
2022-04-09 20:51:24 +00:00
my.servers.porcorosso.apps = [ "quotesdb" ];
2022-05-12 22:55:10 +00:00
my.servers.totoro.apps = [ "sslrenew-raritan" "deluge" "quotesdb" "authentik" ];
2022-04-09 19:59:11 +00:00
my.servers.clouvider-fra01.apps = [ "deluge" ];
my.servers.clouvider-lon01.apps = [ "quotesdb" "gitlab-runner" ];
2022-04-09 20:51:24 +00:00
my.servers.bvm-twitterchiver.apps = [ "twitterchiver" ];
my.servers.bvm-matrix.apps = [ "turn" "matrix-synapse" ];
my.servers.bvm-prosody.apps = [ "turn" ];
my.servers.bvm-heptapod.apps = [ "gitlab-runner" ];
my.servers.bvm-nixosmgmt.apps = [ "plex-pass" ];
2022-04-10 00:37:37 +00:00
my.servers.blade-tuvok.apps = [ "fup" ];
2022-03-14 21:29:15 +00:00
}