mirror of
https://github.com/SebastianStork/nixos-config.git
synced 2026-01-21 21:01:34 +01:00
Move secrets decryption from containers to server
This commit is contained in:
parent
a4abd033cc
commit
a7e1ced2a2
13 changed files with 58 additions and 196 deletions
|
|
@ -4,21 +4,17 @@ let
|
|||
subdomain = "paper";
|
||||
in
|
||||
{
|
||||
sops.secrets."container/paperless/admin-password" = { };
|
||||
|
||||
containers.${serviceName}.config =
|
||||
{
|
||||
config,
|
||||
dataDir,
|
||||
...
|
||||
}:
|
||||
{ dataDir, ... }:
|
||||
{
|
||||
imports = [ ./backup.nix ];
|
||||
|
||||
sops.secrets."admin-password" = { };
|
||||
|
||||
services.paperless = {
|
||||
enable = true;
|
||||
inherit dataDir;
|
||||
passwordFile = config.sops.secrets."admin-password".path;
|
||||
passwordFile = "/run/secrets/container/paperless/admin-password";
|
||||
settings.PAPERLESS_OCR_LANGUAGE = "deu+eng";
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue