feat: use private sops repo for secrets
This commit is contained in:
parent
956e845635
commit
117162cd5d
3 changed files with 4 additions and 4 deletions
|
@ -5,14 +5,14 @@
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
caddy = caddy-plugins.packages.${pkgs.system}.default;
|
caddy = caddy-plugins.packages.${pkgs.system}.default;
|
||||||
|
|
||||||
# TODO: use agenix?
|
|
||||||
verySecretToken = "TODO";
|
|
||||||
in {
|
in {
|
||||||
imports = [caddy-plugins.nixosModules.default];
|
imports = [caddy-plugins.nixosModules.default];
|
||||||
environment.systemPackages = [caddy];
|
environment.systemPackages = [caddy];
|
||||||
users.users.${config.vars.user}.extraGroups = ["caddy"];
|
users.users.${config.vars.user}.extraGroups = ["caddy"];
|
||||||
|
|
||||||
|
systemd.services.caddy.serviceConfig.EnvironmentFile =
|
||||||
|
config.sops.secrets.caddy-cloudflare.path;
|
||||||
|
|
||||||
services.caddy = {
|
services.caddy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableReload = false;
|
enableReload = false;
|
||||||
|
@ -28,7 +28,7 @@ in {
|
||||||
serverAliases = ["*.nelim.org"];
|
serverAliases = ["*.nelim.org"];
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
tls {
|
tls {
|
||||||
dns cloudflare ${verySecretToken}
|
dns cloudflare {$TLS}
|
||||||
resolvers 1.0.0.1
|
resolvers 1.0.0.1
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
|
|
BIN
flake.lock
BIN
flake.lock
Binary file not shown.
BIN
flake.nix
BIN
flake.nix
Binary file not shown.
Loading…
Reference in a new issue