torjus/nixos-servers
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

terraform: auto-generate backup password instead of manual
All checks were successful
Run nix flake check / flake-check (push) Successful in 2m19s
Details

Browse Source 
Remove backup_helper_secret variable and switch shared/backup/password
to auto_generate. New password will be added alongside existing restic
repository key.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Torjus Håkestad
2026-02-05 18:58:39 +01:00
parent 0700033c0a
commit ccb1c3fe2e
2 changed files with 3 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
terraform/vault/secrets.tf
View File

@@ -51,10 +51,10 @@ locals {
password_length = 32 password_length = 32
} }
# Shared backup password # Shared backup password (auto-generated, add alongside existing restic key)
"shared/backup/password" = { "shared/backup/password" = {
auto_generate = false auto_generate = true
data = { password = var.backup_helper_secret } password_length = 32
} }
# NATS NKey for alerttonotify # NATS NKey for alerttonotify

6
terraform/vault/variables.tf
View File

@@ -16,12 +16,6 @@ variable "vault_skip_tls_verify" {
default = true default = true
} }
variable "backup_helper_secret" {
description = "Backup helper password (shared across hosts)"
type = string
sensitive = true
}
variable "nats_nkey" { variable "nats_nkey" {
description = "NATS NKey for alerttonotify" description = "NATS NKey for alerttonotify"
type = string type = string