diff options
| author | Silas Schöffel <sils@sils.li> | 2025-01-25 21:51:33 +0100 |
|---|---|---|
| committer | Silas Schöffel <sils@sils.li> | 2025-01-25 21:51:33 +0100 |
| commit | 567630adeb82eadfa5bcf0b19afd16173a470a97 (patch) | |
| tree | f829df20edc40294caadf2602f5635e5996d4391 | |
| parent | feat(secrets.nix): remove server1 (diff) | |
| download | nixos-server-567630adeb82eadfa5bcf0b19afd16173a470a97.zip | |
feat(peertube): make secrets configurable
| -rw-r--r-- | hosts/by-name/server3/configuration.nix | 6 | ||||
| -rw-r--r-- | hosts/by-name/server3/secrets/peertube/general.age (renamed from modules/by-name/pe/peertube/secrets/general.age) | 0 | ||||
| -rw-r--r-- | hosts/by-name/server3/secrets/peertube/smtp.age (renamed from modules/by-name/pe/peertube/secrets/smtp.age) | 0 | ||||
| -rw-r--r-- | modules/by-name/pe/peertube/module.nix | 13 | ||||
| -rw-r--r-- | secrets.nix | 4 |
5 files changed, 17 insertions, 6 deletions
diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix index de4c1dd..33dfd48 100644 --- a/hosts/by-name/server3/configuration.nix +++ b/hosts/by-name/server3/configuration.nix @@ -40,7 +40,11 @@ }; nixconfig.enable = true; openssh.enable = true; - peertube.enable = true; + peertube = { + enable = true; + peertubeGeneral = ./secrets/peertube/general.age; + smtpPasswordFile = ./secrets/peertube/smtp.age; + }; persist = { enable = true; directories = [ diff --git a/modules/by-name/pe/peertube/secrets/general.age b/hosts/by-name/server3/secrets/peertube/general.age index f3cba8b..f3cba8b 100644 --- a/modules/by-name/pe/peertube/secrets/general.age +++ b/hosts/by-name/server3/secrets/peertube/general.age diff --git a/modules/by-name/pe/peertube/secrets/smtp.age b/hosts/by-name/server3/secrets/peertube/smtp.age index e0af2d1..e0af2d1 100644 --- a/modules/by-name/pe/peertube/secrets/smtp.age +++ b/hosts/by-name/server3/secrets/peertube/smtp.age diff --git a/modules/by-name/pe/peertube/module.nix b/modules/by-name/pe/peertube/module.nix index a37ff03..e65e0b5 100644 --- a/modules/by-name/pe/peertube/module.nix +++ b/modules/by-name/pe/peertube/module.nix @@ -1,7 +1,6 @@ { config, lib, - pkgs, ... }: let cfg = config.vhack.peertube; @@ -10,6 +9,14 @@ in { enable = lib.mkEnableOption '' the peertube video platform. ''; + peertubeGeneral = lib.mkOption { + type = lib.types.path; + description = "The age encrypted general secret file passed to agenix"; + }; + smtpPasswordFile = lib.mkOption { + type = lib.types.path; + description = "The age encrypted smtp password file passed to agenix"; + }; }; config = lib.mkIf cfg.enable { @@ -86,13 +93,13 @@ in { age.secrets = { peertubeGeneral = { - file = ./secrets/general.age; + file = cfg.peertubeGeneral; mode = "700"; owner = "peertube"; group = "peertube"; }; peertubeSmtp = { - file = ./secrets/smtp.age; + file = cfg.smtpPasswordFile; mode = "700"; owner = "peertube"; group = "peertube"; diff --git a/secrets.nix b/secrets.nix index 9a018f4..d2b2b51 100644 --- a/secrets.nix +++ b/secrets.nix @@ -17,8 +17,6 @@ let server3HostKey ]; in { - "./modules/by-name/pe/peertube/secrets/general.age".publicKeys = server3; - "./modules/by-name/pe/peertube/secrets/smtp.age".publicKeys = server3; "./modules/by-name/mi/miniflux/secrets/admin.age".publicKeys = server3; "./modules/by-name/ma/mastodon/mail.age".publicKeys = server3; "./modules/by-name/ma/matrix/passwd.age".publicKeys = server3; @@ -29,4 +27,6 @@ in { "./hosts/by-name/server3/secrets/backuppass.age".publicKeys = server3; "./hosts/by-name/server3/secrets/backupssh.age".publicKeys = server3; + "./hosts/by-name/server3/secrets/peertube/general.age".publicKeys = server3; + "./hosts/by-name/server3/secrets/peertube/smtp.age".publicKeys = server3; } |