From f08259134aa9977ee7fa9d8d91b93c8577d64dc6 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom@hubrecht.ovh>
Date: Sun, 24 Sep 2023 13:27:14 +0200
Subject: [PATCH] feat(garage): Use environmentFile for secrets

---
 machines/storage01/garage.nix                    |  13 +++++--------
 .../storage01/secrets/garage-environment_file    | Bin 0 -> 1454 bytes
 machines/storage01/secrets/secrets.nix           |   1 +
 3 files changed, 6 insertions(+), 8 deletions(-)
 create mode 100644 machines/storage01/secrets/garage-environment_file

diff --git a/machines/storage01/garage.nix b/machines/storage01/garage.nix
index 85201de..280c100 100644
--- a/machines/storage01/garage.nix
+++ b/machines/storage01/garage.nix
@@ -1,4 +1,4 @@
-_:
+{ config, ... }:
 
 let
   host = "s3.dgnum.eu";
@@ -18,8 +18,6 @@ in {
 
       rpc_bind_addr = "[::]:3901";
       rpc_public_addr = "127.0.0.1:3901";
-      rpc_secret =
-        "a79e86c6fc0e0a02ff71fd3c6127887b6e029ea6e8ade6c3de1a0b7b09ad2873";
 
       s3_api = {
         s3_region = "garage";
@@ -33,13 +31,12 @@ in {
         index = "index.html";
       };
 
-      k2v_api = { api_bind_addr = "[::]:3904"; };
+       k2v_api.api_bind_addr = "[::]:3904"; 
 
-      admin = {
-        api_bind_addr = "0.0.0.0:3903";
-        admin_token = "KVGyC6SNrIwT4o9alxg7T1SWFs29vjev0AzLBwqchjo=";
-      };
+       admin.api_bind_addr = "0.0.0.0:3903"; 
     };
+
+    environmentFile = config.age.secrets."garage-environment_file".path;
   };
 
   systemd.services.garage.serviceConfig = {
diff --git a/machines/storage01/secrets/garage-environment_file b/machines/storage01/secrets/garage-environment_file
new file mode 100644
index 0000000000000000000000000000000000000000..7b82d3859fa688ff473ab10d989693674da6fe41
GIT binary patch
literal 1454
zcmZA0{p-{O0LSqHDH=sZ7G_!JLlmv=_x5<Z;S;;(-NPPlx841a?Y7-+x4YeL+ugSN
z#ZVJLvWT)@d_d{JphQIaA*0a3QZa<Yz>>@?)QCu|ly7DBgTMF}yx{%eqngHy;b>m$
z2G-D-9eQSR0s}Lv629M^F?0mSVKU*BhCw|{q}-sHw7|hYb0<+VsM$ff&1DE3oswG5
z?6xZ;QjpcWE148PrzI&KrLzX%MMYLHN24^-tMY*)8@5gH6=md1R50+Inti+0qm>Rv
zC73#=S5-d^k#<1R6>aE}c6S<t<pSOmizbH&CBzBv(5>5m79-K1TZpEGGGSsaR-d-*
ztUxe^lCxDWpxPRvO!M_fn)tVCd|$|re4;-TNeU8m&>Y#Nia9_?gQjB5tD(3)C0U~j
zwa}Ov_YA=YFczEO4HRPnlv2@(mjP>hDC(vem+&bahJz6W=ftREG_l(?4|FO?KEdb4
zs8XqwBU(+hx`a7Og>9)l?&;<Pf<z5NnU0>x#C|aK0km0?8*a<w1Ir4_YTfNcH_J~5
zvrJSi2E`RHBS&rg=5Ww0&GXfS?aA3H4~Vi-K=_=>(^V;G8)+>!XcROb?v@AgWD>g}
z%?nA!8;7iErOYXZ$51a)WyMYEM3KikfLsyss)D<t{?v)HO+*;ynM_T|;J(+EJciXB
z&__~S)5E-?sECbzMTYA+dDtChTv!}%fG!&xF2_~4g*TEB5tY+1E_AvWR;~<!K!iQ6
zUr@D-)HS_+Ys`@8X5_|oKNHo7BI(*C0OV5DBunS>Lfg*8V><Lnh!dSEHjdk|XEq`_
z-GC4r>*zzu$u`D~GRfp&86hl)a|9s*M(swj%9qKqfGLQn$;nt22L+?WLgS>ba%>~?
zLrZ9-jZ9BviggXEu?<qMHPdCSf%=vTz*syEgT4`EvoV{Ez24X<b;4V<Z@nZr33-iA
z<Y9kYrKkC!U>0&HZ8?6fTbA^oG?6&NtNR$NK}ENz8G;Q2XbO)aB4<rGK^SqM0w$q$
zk!!IvBt}IzQWP6zVT;2H+U*)7ki^ZGNNrdi!we=ElTIKN5n0tZw<m-)g`^R*UY(L1
zN}1NW{bC4kAjMT#9gJ<<H?fW>w0d#Nvb0`LNa>n^MVzDMswJ-GQ~zrqRuRz^Gp1*#
zzL8j-N-T|;T;EBAAYdA-+2*||n8}!hE(hxMpw;ulL0af%(GFWyjY>L6my+3=k!EHR
z-Jm=vX_ytHD7s~iDnZ#+(Xpp<nAjoJC{|Qn>9KhSvmt;P-}CILgY(xx-@bYMIzM^+
z_!)EMwY5JjeeCR~i=RJdB+;Gs@BQJpdH#qze>U8+Z1I!-e)RXD?IatuHc{gCQ=PLv
z&Rx5<`PVNN-qC6wK)0TI_l9(I%j~63)-Rt=JiXx1Q_khxZ~VUSgEh>?C54f?@3-m;
zFD7@*eYxX?^z(^1;85nnE8Cvv-nDDhJN3^tzfa}(zfN9!j#;#S?-F{!>`}<gKD74k
z6Du!0vj4Tu)!o^RUn#4gUuM=x7mt4P_yu;|hSR6f!#n5Rd)0a1&z;zVFP*=0&zj5o
zpxlxrFB5;<w}QyIont32T-}m=_}&#uuO6VzZ1{(>=Z%icZYo$Gudf{5v-%Zt^|^(!
f$IiYDT-o}}cI4pK>vzoC_UP{P_unmhYf<YziWdq_

literal 0
HcmV?d00001

diff --git a/machines/storage01/secrets/secrets.nix b/machines/storage01/secrets/secrets.nix
index 408fec2..8bf7f5f 100644
--- a/machines/storage01/secrets/secrets.nix
+++ b/machines/storage01/secrets/secrets.nix
@@ -5,6 +5,7 @@ in
 
 lib.setDefault { inherit publicKeys; } [
   "forgejo-database_password_file"
+  "garage-environment_file"
   "lychee-environment_file"
   "peertube-secrets_file"
   "peertube-service_environment_file"