matt1432/nixos-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: use private sops repo for secrets

Browse source
This commit is contained in:
matt1432 2023-12-05 20:15:27 -05:00
parent 956e845635
commit 117162cd5d
3 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
devices/oksys/modules/caddy.nix
View file

@ -5,14 +5,14 @@
... ...
}: let }: let
caddy = caddy-plugins.packages.${pkgs.system}.default; caddy = caddy-plugins.packages.${pkgs.system}.default;
# TODO: use agenix?
verySecretToken = "TODO";
in { in {
imports = [caddy-plugins.nixosModules.default]; imports = [caddy-plugins.nixosModules.default];
environment.systemPackages = [caddy]; environment.systemPackages = [caddy];
users.users.${config.vars.user}.extraGroups = ["caddy"]; users.users.${config.vars.user}.extraGroups = ["caddy"];
systemd.services.caddy.serviceConfig.EnvironmentFile =
config.sops.secrets.caddy-cloudflare.path;
services.caddy = { services.caddy = {
enable = true; enable = true;
enableReload = false; enableReload = false;
@ -28,7 +28,7 @@ in {
serverAliases = ["*.nelim.org"]; serverAliases = ["*.nelim.org"];
extraConfig = '' extraConfig = ''
tls { tls {
dns cloudflare ${verySecretToken} dns cloudflare {$TLS}
resolvers 1.0.0.1 resolvers 1.0.0.1
} }
''; '';

BIN
flake.lock
View file

Binary file not shown.

BIN
flake.nix
View file

Binary file not shown.