Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

flake: convert secrets to module argument

Browse source
This commit is contained in:
Infinidoge 2025-01-15 23:21:51 -05:00
parent 941b8060c9
commit 303c344ffb
Signed by: Infinidoge
SSH key fingerprint: SHA256:EMoPe5e2dO0gEvtBb2xkZTz5dkyL0rBmuiGTKG5s96E
7 changed files with 13 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

4
hosts/Infini-DL360/forgejo.nix
View file

@ -1,4 +1,4 @@
{ config, common, pkgs, ... }: { config, common, secrets, pkgs, ... }:
let let
cfg = config.services.forgejo; cfg = config.services.forgejo;
domain = common.subdomain "git"; domain = common.subdomain "git";
@ -21,7 +21,7 @@ in
lfs.enable = true; lfs.enable = true;
secrets.mailer.PASSWD = config.secrets.smtp-password; secrets.mailer.PASSWD = secrets.smtp-password;
settings = { settings = {
server = { server = {
ROOT_URL = "https://${domain}/"; ROOT_URL = "https://${domain}/";

4
hosts/Infini-DL360/freshrss.nix
View file

@ -1,4 +1,4 @@
{ config, common, ... }: { common, secrets, ... }:
let let
domain = "freshrss.inx.moe"; domain = "freshrss.inx.moe";
@ -12,6 +12,6 @@ in
baseUrl = "https://${domain}"; baseUrl = "https://${domain}";
dataDir = "/srv/freshrss"; dataDir = "/srv/freshrss";
defaultUser = "infinidoge"; defaultUser = "infinidoge";
passwordFile = config.secrets."freshrss"; passwordFile = secrets."freshrss";
}; };
} }

4
hosts/Infini-DL360/hedgedoc.nix
View file

@ -1,4 +1,4 @@
{ config, common, ... }: { config, common, secrets, ... }:
let let
cfg = config.services.hedgedoc; cfg = config.services.hedgedoc;
domain = common.subdomain "md"; domain = common.subdomain "md";
@ -6,7 +6,7 @@ in
{ {
services.hedgedoc = { services.hedgedoc = {
enable = true; enable = true;
environmentFile = config.secrets."hedgedoc"; environmentFile = secrets."hedgedoc";
settings = { settings = {
inherit domain; inherit domain;
protocolUseSSL = true; protocolUseSSL = true;

4
hosts/Infini-DL360/hydra.nix
View file

@ -1,4 +1,4 @@
{ config, common, ... }: { config, common, secrets, ... }:
let let
domain = common.subdomain "hydra"; domain = common.subdomain "hydra";
in in
@ -24,7 +24,7 @@ in
EMAIL_SENDER_TRANSPORT_ssl = "ssl"; EMAIL_SENDER_TRANSPORT_ssl = "ssl";
}; };
extraConfig = '' extraConfig = ''
binary_cache_secret_key_file = ${config.secrets.binary-cache-private-key} binary_cache_secret_key_file = ${secrets.binary-cache-private-key}
allow_import_from_derivation = true allow_import_from_derivation = true
<git-input> <git-input>
timeout = 3600 timeout = 3600

4
hosts/Infini-DL360/searx.nix
View file

@ -1,4 +1,4 @@
{ config, common, ... }: { config, common, secrets, ... }:
let let
cfg = config.services.searx; cfg = config.services.searx;
domain = common.subdomain "search"; domain = common.subdomain "search";
@ -8,7 +8,7 @@ in
enable = true; enable = true;
runInUwsgi = true; runInUwsgi = true;
redisCreateLocally = true; redisCreateLocally = true;
environmentFile = config.secrets."searx"; environmentFile = secrets."searx";
uwsgiConfig = { uwsgiConfig = {
disable-logging = true; disable-logging = true;
socket = "/run/searx/searx.sock"; socket = "/run/searx/searx.sock";

4
hosts/Infini-DL360/vaultwarden.nix
View file

@ -1,4 +1,4 @@
{ config, common, lib, pkgs, ... }: { config, common, secrets, lib, pkgs, ... }:
let let
domain = common.subdomain "bitwarden"; domain = common.subdomain "bitwarden";
in in
@ -13,7 +13,7 @@ in
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
environmentFile = config.secrets."vaultwarden"; environmentFile = secrets."vaultwarden";
dataDir = "/srv/vaultwarden"; dataDir = "/srv/vaultwarden";
config = with common.email; { config = with common.email; {
DOMAIN = "https://${domain}"; DOMAIN = "https://${domain}";

1
secrets/default.nix
View file

@ -20,6 +20,7 @@ in
}; };
config = mkIf config.modules.secrets.enable { config = mkIf config.modules.secrets.enable {
_module.args.secrets = config.secrets;
secrets = mapAttrs (n: v: v.path) config.age.secrets; secrets = mapAttrs (n: v: v.path) config.age.secrets;
age.secrets = mkMerge [ age.secrets = mkMerge [
{ {