From 026876791efe993742a525e2eb05f977bd319cc6 Mon Sep 17 00:00:00 2001
From: Joseph Hanson <joe@veri.dev>
Date: Mon, 23 Dec 2024 15:52:58 -0600
Subject: [PATCH] minio default creds

---
 nixos/hosts/shadowfax/default.nix       | 8 ++++++++
 nixos/hosts/shadowfax/secrets.sops.yaml | 5 +++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/nixos/hosts/shadowfax/default.nix b/nixos/hosts/shadowfax/default.nix
index 3f6ef36..d76b3c7 100644
--- a/nixos/hosts/shadowfax/default.nix
+++ b/nixos/hosts/shadowfax/default.nix
@@ -118,6 +118,7 @@ in
     minio = {
       enable = true;
       dataDir = [ "/eru/minio" ];
+      rootCredentialsFile = config.sops.secrets."minio".path;
     };
 
     # Netdata
@@ -145,6 +146,13 @@ in
 
   # sops
   sops.secrets = {
+    "minio" = {
+      sopsFile = ./secrets.sops.yaml;
+      owner = "minio";
+      group = "minio";
+      mode = "400";
+      restartUnits = [ "minio.service" ];
+    };
     "syncthing/publicCert" = {
       sopsFile = ./secrets.sops.yaml;
       owner = "jahanson";
diff --git a/nixos/hosts/shadowfax/secrets.sops.yaml b/nixos/hosts/shadowfax/secrets.sops.yaml
index e489562..420352f 100644
--- a/nixos/hosts/shadowfax/secrets.sops.yaml
+++ b/nixos/hosts/shadowfax/secrets.sops.yaml
@@ -5,6 +5,7 @@ restic:
     plex:
         resticUri: ENC[AES256_GCM,data:+3hKOvzrbyswGxHAm83eXOIyM6Af8LtSqnU92DT3pQLByG22dLwZgAKDTV7BVWOWoHVqtJAC59Y3g5UOHIPZikNQ,iv:PyjAq8UllAfmiw0VNlpy7qtmHZpwwn1KMF0c/0jXptA=,tag:thwjPpvzNdS5ogaAZeo+Dg==,type:str]
         resticPassword: ENC[AES256_GCM,data:nUr/p36cnKC7PjMzQyPavHA7ii8=,iv:PYf/mRbg1IZj3iEMl6T4OpwUcb9BuUHxwMLoYe3ucEA=,tag:XQ2CdgL3h2hzTNShxDpGeA==,type:str]
+minio: ENC[AES256_GCM,data:FdqtO7QIDz7O53WdUy7E8ny35IetUhQ7gOC0y7ndYZgysn5NgnhrtIAHunn4SefTUX2rZn3e/0XFkQUEq2aKpsF1fSvZV48CykUlDwuOkA==,iv:KfV9S7DcEtPPI5Ud8ODPR1zz0pxS6SJxKHa9uWE/cHg=,tag:Fx4NfLqr53DDwMa18SyS+g==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -83,8 +84,8 @@ sops:
             NDIwV1hIcXoyZWI3dUEyeWtXd3FLcEUK0YBS95TA9luAL1mObUtH6RG4nesYZ7Fc
             bB3e2p6Mrp/t1Oa/8p6WQXxu4vf5y0XCNLXeW6I6/3udrTXARaNNPA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-17T01:25:38Z"
-    mac: ENC[AES256_GCM,data:Q40uJD5jrOlgtu+btENYGn7lx9bN0kjOqAl+ud88UGzFUEUuEOG2i1k5ytsp0bV8X5ZB3QNrw1LTrMcrmeZMmt38qwKd05TGmOM+5h8eu/yGKyuLAsCpD59AmRHknBPV4qrZMWoHj6sFOekHcY7qYOW5kOE+4xM2rtUE+MA2Lp0=,iv:2lVYv5QrtGJt/fm6y+O/brND0MIF29CpLAk2rGvCkt4=,tag:8POiWZUf/pFG2JeKxEJrrA==,type:str]
+    lastmodified: "2024-12-23T21:45:57Z"
+    mac: ENC[AES256_GCM,data:+J1yViwQts9qbWb8EaB3WT5hHdhXrQEz+vW8Gr2NGAhwMtpgOPZPf+MArwA8TkdALJzQytXAZ96MyGiOkbDNVIKK0E33jjTtp2emDiTeEs4jwiYf+iji6f0uCZToHgmBuCsD2gT3yMp4mef/7vgojZQ5g6/uoLzZEzKE+PzaOcU=,iv:vjdYCJgBfVtyNpRMP8UuGwHkGH4LvYwVKvjInlIHfcc=,tag:JDPnZ+rmROJMZTiVnZw+Ww==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.2