diff options
| author | seth <[email protected]> | 2023-12-10 07:54:17 -0500 |
|---|---|---|
| committer | seth <[email protected]> | 2023-12-10 07:54:25 -0500 |
| commit | e8a112be9a0bf067c8acb3a26cfd183c2f57c513 (patch) | |
| tree | c3b063cc3a8abbeb3e82ca83eb53cc55e86fd569 /modules/nixos | |
| parent | b68737baf9f8ff6cb6f42b3781b995598bc8ba80 (diff) | |
systems+modules: add secretsDir specialArg
Diffstat (limited to 'modules/nixos')
| -rw-r--r-- | modules/nixos/features/tailscale.nix | 2 | ||||
| -rw-r--r-- | modules/nixos/server/acme.nix | 8 | ||||
| -rw-r--r-- | modules/nixos/server/secrets.nix | 8 | ||||
| -rw-r--r-- | modules/nixos/services/cloudflared.nix | 3 | ||||
| -rw-r--r-- | modules/nixos/services/hercules.nix | 8 |
5 files changed, 16 insertions, 13 deletions
diff --git a/modules/nixos/features/tailscale.nix b/modules/nixos/features/tailscale.nix index d29f1e6..59dabf1 100644 --- a/modules/nixos/features/tailscale.nix +++ b/modules/nixos/features/tailscale.nix @@ -2,10 +2,10 @@ config, lib, pkgs, + secretsDir, ... }: let cfg = config.features.tailscale; - secretsDir = ../../../secrets/${config.networking.hostName}; in { options.features.tailscale = { enable = lib.mkEnableOption "enable support for tailscale"; diff --git a/modules/nixos/server/acme.nix b/modules/nixos/server/acme.nix index e8f0b78..edb499c 100644 --- a/modules/nixos/server/acme.nix +++ b/modules/nixos/server/acme.nix @@ -1,6 +1,10 @@ -{config, ...}: { +{ + config, + secretsDir, + ... +}: { age.secrets = { - cloudflareApiKey.file = ../../../secrets/${config.networking.hostName}/cloudflareApiKey.age; + cloudflareApiKey.file = secretsDir + "/cloudflareApiKey.age"; }; security.acme = { diff --git a/modules/nixos/server/secrets.nix b/modules/nixos/server/secrets.nix index be323df..1d572bd 100644 --- a/modules/nixos/server/secrets.nix +++ b/modules/nixos/server/secrets.nix @@ -1,12 +1,10 @@ -{config, ...}: let - baseDir = ../../../secrets/${config.networking.hostName}; -in { +{secretsDir, ...}: { age = { identityPaths = ["/etc/age/key"]; secrets = { - rootPassword.file = "${baseDir}/rootPassword.age"; - userPassword.file = "${baseDir}/userPassword.age"; + rootPassword.file = secretsDir + "/rootPassword.age"; + userPassword.file = secretsDir + "/userPassword.age"; }; }; } diff --git a/modules/nixos/services/cloudflared.nix b/modules/nixos/services/cloudflared.nix index 30aa36b..39ecef7 100644 --- a/modules/nixos/services/cloudflared.nix +++ b/modules/nixos/services/cloudflared.nix @@ -1,6 +1,7 @@ { config, lib, + secretsDir, ... }: let cfg = config.server.services.cloudflared; @@ -12,7 +13,7 @@ in { config = mkIf cfg.enable { age.secrets.cloudflaredCreds = { - file = ../../../secrets/${config.networking.hostName}/cloudflaredCreds.age; + file = secretsDir + "/cloudflaredCreds.age"; mode = "400"; owner = "cloudflared"; group = "cloudflared"; diff --git a/modules/nixos/services/hercules.nix b/modules/nixos/services/hercules.nix index 0060c08..c394da0 100644 --- a/modules/nixos/services/hercules.nix +++ b/modules/nixos/services/hercules.nix @@ -2,12 +2,12 @@ config, lib, unstable, + secretsDir, ... }: let cfg = config.server.services.hercules-ci; inherit (lib) mkEnableOption mkIf; - baseDir = ../../../secrets/${config.networking.hostName}; hercArgs = { mode = "400"; owner = "hercules-ci-agent"; @@ -23,19 +23,19 @@ in { age.secrets = mkIf cfg.secrets.enable { binaryCache = { - file = "${baseDir}/binaryCache.age"; + file = secretsDir + "/binaryCache.age"; } // hercArgs; clusterToken = { - file = "${baseDir}/clusterToken.age"; + file = secretsDir + "/clusterToken.age"; } // hercArgs; secretsJson = { - file = "${baseDir}/secretsJson.age"; + file = secretsDir + "/secretsJson.age"; } // hercArgs; }; |