From ac5230c08dcd5af1b744ff8715ea909638365904 Mon Sep 17 00:00:00 2001 From: TheWanderingCrow Date: Sat, 18 Jan 2025 10:25:19 -0500 Subject: [PATCH] actually sops is nice enough that I dont really need hashicorp vault to manage secrets --- modules/users/overseer/services.nix | 32 ----------------------------- 1 file changed, 32 deletions(-) diff --git a/modules/users/overseer/services.nix b/modules/users/overseer/services.nix index 2e1a0d0..cc9deff 100644 --- a/modules/users/overseer/services.nix +++ b/modules/users/overseer/services.nix @@ -19,8 +19,6 @@ in # Create the dirs we need systemd.tmpfiles.rules = [ "d ${volumePath}" - "d ${volumePath}/vault/data 700 overseer overseer" # Vault says this needs to already exist upon boot - "d ${volumePath}/vault/snapshots 700 overseer overseer" # This is where we put snapshots for restic to backup "d ${volumePath}/paperless/data 700 overseer overseer" "d ${volumePath}/paperless/media 700 overseer overseer" @@ -29,38 +27,8 @@ in "d ${volumePath}/NPM/letsencrypt 700 overseer overseer" ]; - # Define some secrets to use in restic - sops.secrets."vault-backup/location" = {}; - sops.secrets."vault-backup/pass" = {}; # (Arguably) Most Important Service - backups services.restic.backups = { - vault = { - user = "root"; - timerConfig = { - OnCalendar = "hourly"; - Persistent = true; - }; - paths = [ - "${volumePath}/vault/snapshots" - ]; - backupPrepareCommand = "${pkgs.vault}/bin/vault operator raft snapshot save ${volumePath}/vault/snapshots/backup.snap"; - repositoryFile = config.sops.secrets."vault-backup/location".path; - passwordFile = config.sops.secrets."vault-backup/pass".path; - }; - }; - - # Vault Service - services.vault = { - enable = true; - package = pkgs.vault-bin; - storageBackend = "raft"; - storagePath = "${volumePath}/vault/data"; - address = "127.0.0.1:8200"; - extraConfig = '' - ui = true - api_addr = "http://127.0.0.1:8200" - cluster_addr = "http://127.0.0.1:8201" - ''; }; # Paperless-ngx