From 303c344ffbe51d6429eabeb4aa93f2652e759c2b Mon Sep 17 00:00:00 2001 From: Infinidoge Date: Wed, 15 Jan 2025 23:21:51 -0500 Subject: [PATCH] flake: convert secrets to module argument --- hosts/Infini-DL360/forgejo.nix | 4 ++-- hosts/Infini-DL360/freshrss.nix | 4 ++-- hosts/Infini-DL360/hedgedoc.nix | 4 ++-- hosts/Infini-DL360/hydra.nix | 4 ++-- hosts/Infini-DL360/searx.nix | 4 ++-- hosts/Infini-DL360/vaultwarden.nix | 4 ++-- secrets/default.nix | 1 + 7 files changed, 13 insertions(+), 12 deletions(-) diff --git a/hosts/Infini-DL360/forgejo.nix b/hosts/Infini-DL360/forgejo.nix index 2383c28..7ea987e 100644 --- a/hosts/Infini-DL360/forgejo.nix +++ b/hosts/Infini-DL360/forgejo.nix @@ -1,4 +1,4 @@ -{ config, common, pkgs, ... }: +{ config, common, secrets, pkgs, ... }: let cfg = config.services.forgejo; domain = common.subdomain "git"; @@ -21,7 +21,7 @@ in lfs.enable = true; - secrets.mailer.PASSWD = config.secrets.smtp-password; + secrets.mailer.PASSWD = secrets.smtp-password; settings = { server = { ROOT_URL = "https://${domain}/"; diff --git a/hosts/Infini-DL360/freshrss.nix b/hosts/Infini-DL360/freshrss.nix index cb9f525..be6b9d1 100644 --- a/hosts/Infini-DL360/freshrss.nix +++ b/hosts/Infini-DL360/freshrss.nix @@ -1,4 +1,4 @@ -{ config, common, ... }: +{ common, secrets, ... }: let domain = "freshrss.inx.moe"; @@ -12,6 +12,6 @@ in baseUrl = "https://${domain}"; dataDir = "/srv/freshrss"; defaultUser = "infinidoge"; - passwordFile = config.secrets."freshrss"; + passwordFile = secrets."freshrss"; }; } diff --git a/hosts/Infini-DL360/hedgedoc.nix b/hosts/Infini-DL360/hedgedoc.nix index 19737f0..a1998b7 100644 --- a/hosts/Infini-DL360/hedgedoc.nix +++ b/hosts/Infini-DL360/hedgedoc.nix @@ -1,4 +1,4 @@ -{ config, common, ... }: +{ config, common, secrets, ... }: let cfg = config.services.hedgedoc; domain = common.subdomain "md"; @@ -6,7 +6,7 @@ in { services.hedgedoc = { enable = true; - environmentFile = config.secrets."hedgedoc"; + environmentFile = secrets."hedgedoc"; settings = { inherit domain; protocolUseSSL = true; diff --git a/hosts/Infini-DL360/hydra.nix b/hosts/Infini-DL360/hydra.nix index 1482cdf..e27a260 100644 --- a/hosts/Infini-DL360/hydra.nix +++ b/hosts/Infini-DL360/hydra.nix @@ -1,4 +1,4 @@ -{ config, common, ... }: +{ config, common, secrets, ... }: let domain = common.subdomain "hydra"; in @@ -24,7 +24,7 @@ in EMAIL_SENDER_TRANSPORT_ssl = "ssl"; }; extraConfig = '' - binary_cache_secret_key_file = ${config.secrets.binary-cache-private-key} + binary_cache_secret_key_file = ${secrets.binary-cache-private-key} allow_import_from_derivation = true timeout = 3600 diff --git a/hosts/Infini-DL360/searx.nix b/hosts/Infini-DL360/searx.nix index 23a9024..e4f9725 100644 --- a/hosts/Infini-DL360/searx.nix +++ b/hosts/Infini-DL360/searx.nix @@ -1,4 +1,4 @@ -{ config, common, ... }: +{ config, common, secrets, ... }: let cfg = config.services.searx; domain = common.subdomain "search"; @@ -8,7 +8,7 @@ in enable = true; runInUwsgi = true; redisCreateLocally = true; - environmentFile = config.secrets."searx"; + environmentFile = secrets."searx"; uwsgiConfig = { disable-logging = true; socket = "/run/searx/searx.sock"; diff --git a/hosts/Infini-DL360/vaultwarden.nix b/hosts/Infini-DL360/vaultwarden.nix index 614247a..b85e589 100644 --- a/hosts/Infini-DL360/vaultwarden.nix +++ b/hosts/Infini-DL360/vaultwarden.nix @@ -1,4 +1,4 @@ -{ config, common, lib, pkgs, ... }: +{ config, common, secrets, lib, pkgs, ... }: let domain = common.subdomain "bitwarden"; in @@ -13,7 +13,7 @@ in services.vaultwarden = { enable = true; - environmentFile = config.secrets."vaultwarden"; + environmentFile = secrets."vaultwarden"; dataDir = "/srv/vaultwarden"; config = with common.email; { DOMAIN = "https://${domain}"; diff --git a/secrets/default.nix b/secrets/default.nix index 3fbc4da..8eba52d 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -20,6 +20,7 @@ in }; config = mkIf config.modules.secrets.enable { + _module.args.secrets = config.secrets; secrets = mapAttrs (n: v: v.path) config.age.secrets; age.secrets = mkMerge [ {