Disable ephemeral secrets on omen

Signed-off-by: main <magic_rb@redalder.org>
2024-11-29 11:36:16 +01:00 · 2022-03-12 23:11:52 +01:00 · 2022-03-12 23:11:52 +01:00 · 71207bcad6
parent 0c9a601320
commit 71207bcad6
1 changed files with 3 additions and 11 deletions
--- a/nix/hardware/omen.nix
+++ b/nix/hardware/omen.nix
@ -39,18 +39,10 @@ in
          fsType = "zfs";
        };

-      "/var/lib/secrets" = mkIf config.services.vault-agent.enable
+      "/var/lib/secrets" =
        {
-          device = "tmpfs";
-          fsType = "tmpfs";
-          options = [
-            "mode=0640"
-            "uid=${toString config.users.users.vault-agent.uid}"
-            "gid=${toString config.users.groups.root.gid}"
-            "noexec"
-            "rw"
-            "size=64M"
-          ];
+          device = "omen-ssd/local/secrets";
+          fsType = "zfs";
        };

      "/home" =