diff options
author | makefu <github@syntax-fehler.de> | 2023-07-02 17:09:35 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2023-07-02 17:09:35 +0200 |
commit | a41e86290ff75a8c621a9b3dd05f6fc119c0b2ef (patch) | |
tree | 8b2765741c1358bad179479665a197138d24d899 /2configs/nginx | |
parent | f2b95c76172b2e1dae75c89202183d22d79c2cf4 (diff) |
treewide: replace <secrets> with sops.secrets
Diffstat (limited to '2configs/nginx')
-rw-r--r-- | 2configs/nginx/dl.euer.krebsco.de.nix | 6 | ||||
-rw-r--r-- | 2configs/nginx/euer.wiki.nix | 4 |
2 files changed, 6 insertions, 4 deletions
diff --git a/2configs/nginx/dl.euer.krebsco.de.nix b/2configs/nginx/dl.euer.krebsco.de.nix index e31d355a7..fd2515ccc 100644 --- a/2configs/nginx/dl.euer.krebsco.de.nix +++ b/2configs/nginx/dl.euer.krebsco.de.nix @@ -1,6 +1,8 @@ { config, lib, pkgs, ... }: { + sops.secrets."dl.euer.krebsco.de-auth" = {}; + sops.secrets."dl.gum-auth" = {}; users.groups.download.members = [ "nginx" ]; services.nginx = { enable = lib.mkDefault true; @@ -11,13 +13,13 @@ extraConfig = "autoindex on;"; forceSSL = true; enableACME = true; - basicAuth = import <secrets/dl.euer.krebsco.de-auth.nix>; + basicAuthFile = config.sops.secrets."dl.euer.krebsco.de-auth".path; }; virtualHosts."dl.gum.r" = { serverAliases = [ "dl.gum" "dl.makefu.r" "dl.makefu" ]; root = config.makefu.dl-dir; extraConfig = "autoindex on;"; - basicAuth = import <secrets/dl.gum-auth.nix>; + basicAuthFile = config.sops.secrets."dl.gum-auth".path; }; }; } diff --git a/2configs/nginx/euer.wiki.nix b/2configs/nginx/euer.wiki.nix index bd1744325..ccf3e8844 100644 --- a/2configs/nginx/euer.wiki.nix +++ b/2configs/nginx/euer.wiki.nix @@ -2,7 +2,6 @@ with pkgs.stockholm.lib; let - sec = toString <secrets>; ext-dom = "wiki.euer.krebsco.de"; user = config.services.nginx.user; @@ -18,9 +17,10 @@ let # user1 = pass1 # userN = passN # afterwards put /var/www/<ext-dom>/user1.html as tiddlywiki - tw-pass-file = "${sec}/tw-pass.ini"; + tw-pass-file = config.sops.secrets."tw-pass.ini".path; in { + sops.secrets."tw-pass.ini" = {}; state = [ base-dir ]; # hotfix for broken wiki after reboot systemd.services."phpfpm-euer-wiki".serviceConfig.RequiresMountFor = [ "/media/cloud" ]; |