SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 22:11:33 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move secrets decryption from containers to server

Browse source
This commit is contained in:
SebastianStork 2024-09-22 19:10:52 +02:00
parent a4abd033cc
commit a7e1ced2a2
13 changed files with 58 additions and 196 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/stratus/containers/docker/default.nix
View file

@ -5,9 +5,7 @@ in
{
imports = lib.mapAttrsToList (name: _: ./${name}) containers;
sops.secrets = lib.mapAttrs' (
name: _: lib.nameValuePair "container/${name}/tailscale-auth-key" { }
) containers;
sops.secrets."container/tailscale-auth-key" = { };
virtualisation.oci-containers = {
backend = "docker";
@ -23,7 +21,7 @@ in
};
environmentFiles = [
# Contains "TS_AUTHKEY=<token>"
config.sops.secrets."container/${name}/tailscale-auth-key".path
config.sops.secrets."container/tailscale-auth-key".path
];
volumes = [ "/var/lib/tailscale-${name}:/var/lib/tailscale" ];
extraOptions = [ "--network=container:${name}" ];