SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 19:51:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move secrets decryption from containers to server

Browse source
This commit is contained in:
SebastianStork 2024-09-22 19:10:52 +02:00
parent a4abd033cc
commit a7e1ced2a2
13 changed files with 58 additions and 196 deletions
Download patch file Download diff file Expand all files Collapse all files

13
hosts/stratus/containers/nspawn/nextcloud/default.nix
View file

@ -4,6 +4,11 @@ let
subdomain = "cloud";
in
{
sops.secrets = {
"container/nextcloud/admin-password" = { };
"container/nextcloud/gmail-password" = { };
};
containers.${serviceName}.config =
{
config,
@ -22,12 +27,8 @@ in
./backup.nix
];
sops.secrets."admin-password" = {
owner = userName;
group = groupName;
};
systemd.tmpfiles.rules = [
"z /run/secrets/container/nextcloud/admin-password - ${userName} ${groupName} -"
"d ${dataDir}/home 750 ${userName} ${groupName} -"
"d ${dataDir}/postgresql 700 postgres postgres -"
];
@ -44,7 +45,7 @@ in
config = {
dbtype = "pgsql";
adminuser = "admin";
adminpassFile = config.sops.secrets."admin-password".path;
adminpassFile = "/run/secrets/container/nextcloud/admin-password";
};
https = true;