overhauling secrets: part 1

hosts/servers/alexandria/paperless.nix

@@ -6,7 +6,7 @@
       enable = true;
       dataDir = "/data/paperless/data";
       mediaDir = "/data/paperless/media";
-      passwordFile = config.age.secrets.paperless-pass.path;
+      passwordFile = config.age.secrets.paperless.path;
       port = lib.toInt "${config.ports.paperless}";
       consumptionDirIsPublic = true;
       extraConfig = { PAPERLESS_OCR_LANGUAGE = "eng+por+deu"; };
@@ -20,8 +20,8 @@
     };
   };
 
-  age.secrets.paperless-pass = {
-    file = ../../../secrets/paperless-pass.age;
+  age.secrets.paperless = {
+    file = ../../../secrets/paperless.age;
     owner = "paperless";
     group = "hosted";
   };

hosts/servers/alexandria/security.nix

@@ -1,19 +1,13 @@
 { inputs, config, pkgs, lib, ... }:
 
 {
-  age.secrets.cloudflare-creds = {
-    file = ../../../secrets/cloudflare-creds.age;
-    owner = "nginx";
-    group = "hosted";
-  };
-
   security.acme = {
     acceptTerms = true;
     defaults = {
       email = "baduhai@proton.me";
       dnsResolver = "1.1.1.1:53";
       dnsProvider = "cloudflare";
-      credentialsFile = config.age.secrets.cloudflare-creds.path;
+      credentialsFile = config.age.secrets.cloudflare.path;
     };
     certs."baduhai.me" = { extraDomainNames = [ "*.baduhai.me" ]; };
   };
@@ -22,4 +16,10 @@
     "net.ipv4.ip_forward" = 1;
     "net.ipv6.conf.all.forwarding" = 1;
   };
+
+  age.secrets.cloudflare = {
+    file = ../../../secrets/cloudflare.age;
+    owner = "nginx";
+    group = "hosted";
+  };
 }