feat(garage): Use environmentFile for secrets

2023-09-24 13:27:14 +02:00 · 2023-09-24 13:27:14 +02:00 · f08259134a
commit f08259134a
parent c937a56e4f
3 changed files with 6 additions and 8 deletions
--- a/machines/storage01/garage.nix
+++ b/machines/storage01/garage.nix
@ -1,4 +1,4 @@
-_:
+{ config, ... }:

 let
  host = "s3.dgnum.eu";
@ -18,8 +18,6 @@ in {

      rpc_bind_addr = "[::]:3901";
      rpc_public_addr = "127.0.0.1:3901";
-      rpc_secret =
-        "a79e86c6fc0e0a02ff71fd3c6127887b6e029ea6e8ade6c3de1a0b7b09ad2873";

      s3_api = {
        s3_region = "garage";
@ -33,13 +31,12 @@ in {
        index = "index.html";
      };

-      k2v_api = { api_bind_addr = "[::]:3904"; };
+       k2v_api.api_bind_addr = "[::]:3904"; 

-      admin = {
-        api_bind_addr = "0.0.0.0:3903";
-        admin_token = "KVGyC6SNrIwT4o9alxg7T1SWFs29vjev0AzLBwqchjo=";
-      };
+       admin.api_bind_addr = "0.0.0.0:3903"; 
    };
+
+    environmentFile = config.age.secrets."garage-environment_file".path;
  };

  systemd.services.garage.serviceConfig = {
--- a/machines/storage01/secrets/garage-environment_file
+++ b/machines/storage01/secrets/garage-environment_file
--- a/machines/storage01/secrets/secrets.nix
+++ b/machines/storage01/secrets/secrets.nix
@ -5,6 +5,7 @@ in

 lib.setDefault { inherit publicKeys; } [
  "forgejo-database_password_file"
+  "garage-environment_file"
  "lychee-environment_file"
  "peertube-secrets_file"
  "peertube-service_environment_file"