SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 21:01:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

sops: Make secrets root owned when possible

Browse source
This commit is contained in:
SebastianStork 2025-08-27 15:17:29 +02:00
parent 63d025f00f
commit 0cc7c80407
2 changed files with 6 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/system/services/hedgedoc.nix
View file

@ -27,14 +27,10 @@ in
ports.list = [ cfg.port ]; ports.list = [ cfg.port ];
}; };
sops = sops = {
let secrets."hedgedoc/gitlab-auth-secret" = { };
owner = config.users.users.hedgedoc.name;
in
{
secrets."hedgedoc/gitlab-auth-secret".owner = owner;
templates."hedgedoc/environment" = { templates."hedgedoc/environment" = {
inherit owner; owner = config.users.users.hedgedoc.name;
content = "GITLAB_CLIENTSECRET=${config.sops.placeholder."hedgedoc/gitlab-auth-secret"}"; content = "GITLAB_CLIENTSECRET=${config.sops.placeholder."hedgedoc/gitlab-auth-secret"}";
}; };
}; };

2
modules/system/services/radicale.nix
View file

@ -22,7 +22,7 @@ in
}; };
sops = { sops = {
secrets."radicale/admin-password".owner = config.users.users.radicale.name; secrets."radicale/admin-password" = { };
templates."radicale/htpasswd" = { templates."radicale/htpasswd" = {
owner = config.users.users.radicale.name; owner = config.users.users.radicale.name;
content = "seb:${config.sops.placeholder."radicale/admin-password"}"; content = "seb:${config.sops.placeholder."radicale/admin-password"}";