sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: update to new agenix-rekey format

Browse source
This commit is contained in:
oddlama 2023-06-07 19:48:15 +02:00
parent 972b0456da
commit dec790c589
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
21 changed files with 195 additions and 100 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/sentinel/acme.nix
View file

@ -1,8 +1,8 @@
{config, ...}: let
inherit (config.repo.secrets.local) acme;
in {
rekey.secrets.acme-credentials = {
file = ./secrets/acme-credentials.age;
age.secrets.acme-credentials = {
rekeyFile = ./secrets/acme-credentials.age;
mode = "440";
group = "acme";
};
@ -11,7 +11,7 @@ in {
acceptTerms = true;
defaults = {
inherit (acme) email;
credentialsFile = config.rekey.secrets.acme-credentials.path;
credentialsFile = config.age.secrets.acme-credentials.path;
dnsProvider = "cloudflare";
dnsPropagationCheck = true;
reloadServices = ["nginx"];

6
hosts/sentinel/caddy.nix
View file

@ -15,8 +15,8 @@ in {
# TODO message = "non-deterministic uid detected for: ${name}";
# TODO });
rekey.secrets.loki-basic-auth = {
file = ./secrets/loki-basic-auth.age;
age.secrets.loki-basic-auth = {
rekeyFile = ./secrets/loki-basic-auth.age;
mode = "440";
group = "caddy";
};
@ -125,7 +125,7 @@ in {
encode zstd gzip
skip_log
basicauth {
import ${config.rekey.secrets.loki-basic-auth.path}
import ${config.age.secrets.loki-basic-auth.path}
}
reverse_proxy {
to http://${nodes.ward-loki.config.extra.wireguard.proxy-sentinel.ipv4}:${lokiPort}

BIN
hosts/sentinel/secrets/loki-basic-auth.age
View file

Binary file not shown.