flake: convert secrets to module argument
This commit is contained in:
parent
941b8060c9
commit
303c344ffb
SSH key fingerprint:
SHA256:EMoPe5e2dO0gEvtBb2xkZTz5dkyL0rBmuiGTKG5s96E
7 changed files with 13 additions and 12 deletions
|
|
@ -1,4 +1,4 @@
|
|||
{ config, common, pkgs, ... }:
|
||||
{ config, common, secrets, pkgs, ... }:
|
||||
let
|
||||
cfg = config.services.forgejo;
|
||||
domain = common.subdomain "git";
|
||||
|
|
@ -21,7 +21,7 @@ in
|
|||
|
||||
lfs.enable = true;
|
||||
|
||||
secrets.mailer.PASSWD = config.secrets.smtp-password;
|
||||
secrets.mailer.PASSWD = secrets.smtp-password;
|
||||
settings = {
|
||||
server = {
|
||||
ROOT_URL = "https://${domain}/";
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{ config, common, ... }:
|
||||
{ common, secrets, ... }:
|
||||
|
||||
let
|
||||
domain = "freshrss.inx.moe";
|
||||
|
|
@ -12,6 +12,6 @@ in
|
|||
baseUrl = "https://${domain}";
|
||||
dataDir = "/srv/freshrss";
|
||||
defaultUser = "infinidoge";
|
||||
passwordFile = config.secrets."freshrss";
|
||||
passwordFile = secrets."freshrss";
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{ config, common, ... }:
|
||||
{ config, common, secrets, ... }:
|
||||
let
|
||||
cfg = config.services.hedgedoc;
|
||||
domain = common.subdomain "md";
|
||||
|
|
@ -6,7 +6,7 @@ in
|
|||
{
|
||||
services.hedgedoc = {
|
||||
enable = true;
|
||||
environmentFile = config.secrets."hedgedoc";
|
||||
environmentFile = secrets."hedgedoc";
|
||||
settings = {
|
||||
inherit domain;
|
||||
protocolUseSSL = true;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{ config, common, ... }:
|
||||
{ config, common, secrets, ... }:
|
||||
let
|
||||
domain = common.subdomain "hydra";
|
||||
in
|
||||
|
|
@ -24,7 +24,7 @@ in
|
|||
EMAIL_SENDER_TRANSPORT_ssl = "ssl";
|
||||
};
|
||||
extraConfig = ''
|
||||
binary_cache_secret_key_file = ${config.secrets.binary-cache-private-key}
|
||||
binary_cache_secret_key_file = ${secrets.binary-cache-private-key}
|
||||
allow_import_from_derivation = true
|
||||
<git-input>
|
||||
timeout = 3600
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{ config, common, ... }:
|
||||
{ config, common, secrets, ... }:
|
||||
let
|
||||
cfg = config.services.searx;
|
||||
domain = common.subdomain "search";
|
||||
|
|
@ -8,7 +8,7 @@ in
|
|||
enable = true;
|
||||
runInUwsgi = true;
|
||||
redisCreateLocally = true;
|
||||
environmentFile = config.secrets."searx";
|
||||
environmentFile = secrets."searx";
|
||||
uwsgiConfig = {
|
||||
disable-logging = true;
|
||||
socket = "/run/searx/searx.sock";
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{ config, common, lib, pkgs, ... }:
|
||||
{ config, common, secrets, lib, pkgs, ... }:
|
||||
let
|
||||
domain = common.subdomain "bitwarden";
|
||||
in
|
||||
|
|
@ -13,7 +13,7 @@ in
|
|||
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
environmentFile = config.secrets."vaultwarden";
|
||||
environmentFile = secrets."vaultwarden";
|
||||
dataDir = "/srv/vaultwarden";
|
||||
config = with common.email; {
|
||||
DOMAIN = "https://${domain}";
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ in
|
|||
};
|
||||
|
||||
config = mkIf config.modules.secrets.enable {
|
||||
_module.args.secrets = config.secrets;
|
||||
secrets = mapAttrs (n: v: v.path) config.age.secrets;
|
||||
age.secrets = mkMerge [
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue