treewide: replace <secrets> with sops.secrets

2 files changed, 6 insertions, 4 deletions

diff --git a/2configs/nginx/dl.euer.krebsco.de.nix b/2configs/nginx/dl.euer.krebsco.de.nix
index e31d355a7..fd2515ccc 100644
--- a/2configs/nginx/dl.euer.krebsco.de.nix
+++ b/2configs/nginx/dl.euer.krebsco.de.nix
@@ -1,6 +1,8 @@
 { config, lib, pkgs, ... }:
 
 {
+  sops.secrets."dl.euer.krebsco.de-auth" = {};
+  sops.secrets."dl.gum-auth" = {};
   users.groups.download.members = [ "nginx" ];
   services.nginx = {
     enable = lib.mkDefault true;
@@ -11,13 +13,13 @@
         extraConfig = "autoindex on;";
         forceSSL = true;
         enableACME = true;
-        basicAuth = import <secrets/dl.euer.krebsco.de-auth.nix>;
+        basicAuthFile = config.sops.secrets."dl.euer.krebsco.de-auth".path;
     };
     virtualHosts."dl.gum.r" = {
         serverAliases = [ "dl.gum" "dl.makefu.r" "dl.makefu" ];
         root = config.makefu.dl-dir;
         extraConfig = "autoindex on;";
-        basicAuth = import <secrets/dl.gum-auth.nix>;
+        basicAuthFile = config.sops.secrets."dl.gum-auth".path;
     };
   };
 }
diff --git a/2configs/nginx/euer.wiki.nix b/2configs/nginx/euer.wiki.nix
index bd1744325..ccf3e8844 100644
--- a/2configs/nginx/euer.wiki.nix
+++ b/2configs/nginx/euer.wiki.nix
@@ -2,7 +2,6 @@
 
 with pkgs.stockholm.lib;
 let
-  sec = toString <secrets>;
   ext-dom = "wiki.euer.krebsco.de";
 
   user = config.services.nginx.user;
@@ -18,9 +17,10 @@ let
   #  user1 = pass1
   #  userN = passN
   # afterwards put /var/www/<ext-dom>/user1.html as tiddlywiki
-  tw-pass-file = "${sec}/tw-pass.ini";
+  tw-pass-file = config.sops.secrets."tw-pass.ini".path;
 
 in {
+  sops.secrets."tw-pass.ini" = {};
   state = [ base-dir ];
   # hotfix for broken wiki after reboot
   systemd.services."phpfpm-euer-wiki".serviceConfig.RequiresMountFor = [ "/media/cloud" ];