m3ta-chiron
b7dd7f2bf7
- Replace minio.nix with rustfs.nix using rustfs-flake NixOS module - Add rustfs flake input (github:rustfs/rustfs-flake) - Reuse same ports (API: 3008, Console: 3007) and data dir (/var/storage/s3) - Add separate agenix secrets for access-key and secret-key - Keep Traefik routes unchanged (s3.m3tam3re.com, minio.m3tam3re.com) - MinIO had 6 unfixed CVEs and is abandoned upstream
77 lines
2.5 KiB
Nix
77 lines
2.5 KiB
Nix
{
|
|
age = {
|
|
secrets = {
|
|
baserow-env = {file = ../../secrets/baserow-env.age;};
|
|
ghost-env = {file = ../../secrets/ghost-env.age;};
|
|
kestra-config = {
|
|
file = ../../secrets/kestra-config.age;
|
|
mode = "644";
|
|
};
|
|
kestra-env = {file = ../../secrets/kestra-env.age;};
|
|
littlelink-m3tam3re = {file = ../../secrets/littlelink-m3tam3re.age;};
|
|
minio-root-cred = {file = ../../secrets/minio-root-cred.age;};
|
|
rustfs-access-key = {file = ../../secrets/rustfs-access-key.age;};
|
|
rustfs-secret-key = {file = ../../secrets/rustfs-secret-key.age;};
|
|
n8n-env = {file = ../../secrets/n8n-env.age;};
|
|
netbird-auth-secret = {
|
|
file = ../../secrets/netbird-auth-secret.age;
|
|
};
|
|
netbird-db-password = {
|
|
file = ../../secrets/netbird-db-password.age;
|
|
};
|
|
netbird-encryption-key = {
|
|
file = ../../secrets/netbird-encryption-key.age;
|
|
};
|
|
netbird-dashboard-env = {
|
|
file = ../../secrets/netbird-dashboard-env.age;
|
|
};
|
|
netbird-server-env = {
|
|
file = ../../secrets/netbird-server-env.age;
|
|
};
|
|
netbird-proxy-env = {
|
|
file = ../../secrets/netbird-proxy-env.age;
|
|
};
|
|
paperless-key = {file = ../../secrets/paperless-key.age;};
|
|
restreamer-env = {file = ../../secrets/restreamer-env.age;};
|
|
searx = {file = ../../secrets/searx.age;};
|
|
tailscale-key = {file = ../../secrets/tailscale-key.age;};
|
|
tuwunel-registration-token = {
|
|
file = ../../secrets/tuwunel-registration-token.age;
|
|
owner = "tuwunel";
|
|
};
|
|
traefik = {
|
|
file = ../../secrets/traefik.age;
|
|
owner = "traefik";
|
|
};
|
|
vaultwarden-env = {file = ../../secrets/vaultwarden-env.age;};
|
|
m3tam3re-secrets = {
|
|
file = ../../secrets/m3tam3re-secrets.age;
|
|
owner = "m3tam3re";
|
|
};
|
|
gitea-runner-token = {
|
|
file = ../../secrets/gitea-runner-token.age;
|
|
mode = "600";
|
|
owner = "gitea-runner";
|
|
group = "gitea-runner";
|
|
};
|
|
ref-key = {
|
|
file = ../../secrets/ref-key.age;
|
|
owner = "m3tam3re";
|
|
};
|
|
exa-key = {
|
|
file = ../../secrets/exa-key.age;
|
|
owner = "m3tam3re";
|
|
};
|
|
basecamp-client-id = {
|
|
file = ../../secrets/basecamp-client-id.age;
|
|
owner = "m3tam3re";
|
|
};
|
|
basecamp-client-secret = {
|
|
file = ../../secrets/basecamp-client-secret.age;
|
|
owner = "m3tam3re";
|
|
};
|
|
authentik-env = {file = ../../secrets/authentik-env.age;};
|
|
};
|
|
};
|
|
}
|