SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 14:01:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove redundant group assignments for sops secrets

Browse source
This commit is contained in:
SebastianStork 2025-05-24 15:31:52 +02:00
parent 529bf4abec
commit 9bfcf3b023
3 changed files with 11 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

26
modules/system/hedgedoc/default.nix
View file

@ -8,7 +8,6 @@ let
cfg = config.myConfig.hedgedoc; cfg = config.myConfig.hedgedoc;
user = config.users.users.hedgedoc.name; user = config.users.users.hedgedoc.name;
inherit (config.users.users.hedgedoc) group;
manage_users = "CMD_CONFIG_FILE=/run/hedgedoc/config.json NODE_ENV=production ${lib.getExe' pkgs.hedgedoc "manage_users"}"; manage_users = "CMD_CONFIG_FILE=/run/hedgedoc/config.json NODE_ENV=production ${lib.getExe' pkgs.hedgedoc "manage_users"}";
in in
@ -27,24 +26,17 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
sops = { sops = {
secrets = { secrets = {
"hedgedoc/seb-password" = { "hedgedoc/seb-password".owner = user;
owner = user; "hedgedoc/gitlab-auth-secret".owner = user;
inherit group;
};
"hedgedoc/gitlab-auth-secret" = {
owner = user;
inherit group;
};
};
templates."hedgedoc/environment" = {
owner = user;
inherit group;
content = "GITLAB_CLIENTSECRET=${config.sops.placeholder."hedgedoc/gitlab-auth-secret"}";
};
}; };
templates."hedgedoc/environment" = {
owner = user;
content = "GITLAB_CLIENTSECRET=${config.sops.placeholder."hedgedoc/gitlab-auth-secret"}";
};
};
services.hedgedoc = { services.hedgedoc = {
enable = true; enable = true;

6
modules/system/nextcloud/default.nix
View file

@ -9,7 +9,6 @@ let
cfg = config.myConfig.nextcloud; cfg = config.myConfig.nextcloud;
user = config.users.users.nextcloud.name; user = config.users.users.nextcloud.name;
inherit (config.users.users.nextcloud) group;
in in
{ {
options.myConfig.nextcloud = { options.myConfig.nextcloud = {
@ -26,10 +25,7 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
sops.secrets."nextcloud/admin-password" = { sops.secrets."nextcloud/admin-password".owner = user;
owner = user;
inherit group;
};
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;

5
modules/system/tailscale/caddy-serve.nix
View file

@ -38,10 +38,7 @@ in
}; };
config = lib.mkIf (nodes != { }) { config = lib.mkIf (nodes != { }) {
sops.secrets."service-tailscale-auth-key" = { sops.secrets."service-tailscale-auth-key".owner = config.services.caddy.user;
owner = config.services.caddy.user;
inherit (config.services.caddy) group;
};
services.caddy = { services.caddy = {
enable = true; enable = true;