ghoscht/nix-config
ghoscht/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nix-config/hosts/franz/sops.nix
GHOSCHT e17fb2a821
Add basic docker config
2024-03-03 20:04:13 +01:00

70 lines
2 KiB
Nix
Raw Blame History

{
pkgs,
inputs,
config,
...
}: let
vars = import ../../vars.nix;
in {
imports = [
inputs.sops-nix.nixosModules.sops
];
environment.systemPackages = with pkgs; [sops];
sops.defaultSopsFile = ../../secrets/franz.yaml;
sops.defaultSopsFormat = "yaml";
sops.age.keyFile = "/home/${vars.user}/.config/sops/age/keys.txt";
sops.secrets."cloudflared/tunnel_token" = {
owner = vars.user;
};
sops.secrets."traefik/cloudflare_email" = {
owner = vars.user;
};
sops.secrets."traefik/cloudflare_api_key" = {
owner = vars.user;
};
sops.secrets."nextcloud/mysql_root_password" = {
owner = vars.user;
};
sops.secrets."nextcloud/mysql_password" = {
owner = vars.user;
};
sops.secrets."nextcloud/mysql_database" = {
owner = vars.user;
};
sops.secrets."nextcloud/mysql_user" = {
owner = vars.user;
};
systemd.services.docker-env-secrets = {
description = "Populate the .env files for the docker stack with values from SOPS";
after = ["home-manager-${vars.user}.service"];
wantedBy = ["multi-user.target"];
script = ''
echo "
TUNNEL_TOKEN="$(cat ${config.sops.secrets."cloudflared/tunnel_token".path})"
" > /home/${vars.user}/.docker/infrastructure/cloudflared.env
echo "
CLOUDFLARE_EMAIL="$(cat ${config.sops.secrets."traefik/cloudflare_email".path})"
CLOUDFLARE_API_KEY="$(cat ${config.sops.secrets."traefik/cloudflare_api_key".path})"
" > /home/${vars.user}/.docker/infrastructure/traefik.env
echo "
MYSQL_ROOT_PASSWORD="$(cat ${config.sops.secrets."nextcloud/mysql_root_password".path})"
MYSQL_PASSWORD="$(cat ${config.sops.secrets."nextcloud/mysql_password".path})"
MYSQL_DATABASE="$(cat ${config.sops.secrets."nextcloud/mysql_database".path})"
MYSQL_USER="$(cat ${config.sops.secrets."nextcloud/mysql_user".path})"
" > /home/${vars.user}/.docker/nas/nextcloud.env
'';
serviceConfig = {
User = "ghoscht";
WorkingDirectory = "/home/${vars.user}/.docker";
};
};
}
Reference in a new issue View git blame Copy permalink