CCCHH/nix-infra
CCCHH/nix-infra
2
3
Fork 2
Code Issues 1 Pull requests 1 Wiki Activity

Switch the public-web-static hosts secret mngmt from colmena to sops-nix

Browse source
This commit is contained in:
June 2024-05-26 03:49:43 +02:00
commit 3aae597752
Signed by: june
SSH key fingerprint: SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
6 changed files with 265 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

16
config/hosts/public-web-static/spaceapid.nix
View file

@ -38,7 +38,7 @@ in
After = [ "network.target" "network-online.target" ];
};
serviceConfig = {
ExecStart = "${spaceapid}/bin/spaceapid -c ${spaceapidConfigResponse},${spaceapidConfigDynamic},/secrets/spaceapid-config-ccchh-credentials.secret";
ExecStart = "${spaceapid}/bin/spaceapid -c ${spaceapidConfigResponse},${spaceapidConfigDynamic},/run/secrets/spaceapid_config_ccchh_credentials";
User = "spaceapi";
Group = "spaceapi";
Restart = "on-failure";
@ -47,14 +47,10 @@ in
wantedBy = [ "multi-user.target" ];
};
deployment.keys = {
"spaceapid-config-ccchh-credentials.secret" = {
keyCommand = [ "pass" "noc/vm-secrets/chaosknoten/public-web-static/spaceapid-config-ccchh-credentials" ];
destDir = "/secrets";
user = "spaceapi";
group = "spaceapi";
permissions = "0640";
uploadAt = "pre-activation";
};
sops.secrets."spaceapid_config_ccchh_credentials" = {
mode = "0440";
owner = "spaceapi";
group = "spaceapi";
restartUnits = [ "spaceapid.service" ];
};
}