mastodon: use agenix
This commit is contained in:
parent
c3edc30ee7
commit
93939f4664
SSH key fingerprint:
SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
4 changed files with 49 additions and 6 deletions
|
|
@ -1,5 +1,41 @@
|
|||
{
|
||||
age.secrets = {
|
||||
mastodon-database-password = {
|
||||
file = ./mastodon/databasePassword.age;
|
||||
owner = "mastodon";
|
||||
group = "mastodon";
|
||||
};
|
||||
|
||||
mastodon-smtp-password = {
|
||||
file = ./mastodon/smtpPassword.age;
|
||||
owner = "mastodon";
|
||||
group = "mastodon";
|
||||
};
|
||||
|
||||
mastodon-otp-secret = {
|
||||
file = ./mastodon/otpSecret.age;
|
||||
owner = "mastodon";
|
||||
group = "mastodon";
|
||||
};
|
||||
|
||||
mastodon-secret-key-base = {
|
||||
file = ./mastodon/secretKeyBase.age;
|
||||
owner = "mastodon";
|
||||
group = "mastodon";
|
||||
};
|
||||
|
||||
mastodon-vapid-private-key = {
|
||||
file = ./mastodon/vapidPrivateKey.age;
|
||||
owner = "mastodon";
|
||||
group = "mastodon";
|
||||
};
|
||||
|
||||
mastodon-vapid-public-key = {
|
||||
file = ./mastodon/vapidPublicKey.age;
|
||||
owner = "mastodon";
|
||||
group = "mastodon";
|
||||
};
|
||||
|
||||
freshrss-user-password = {
|
||||
file = ./freshrss/userPassword.age;
|
||||
owner = "freshrss";
|
||||
|
|
|
|||
Binary file not shown.
|
|
@ -7,6 +7,13 @@ let
|
|||
in
|
||||
{
|
||||
# sail
|
||||
"agenix/hosts/sail/mastodon/databasePassword.age".publicKeys = sail;
|
||||
"agenix/hosts/sail/mastodon/smtpPassword.age".publicKeys = sail;
|
||||
"agenix/hosts/sail/mastodon/otpSecret.age".publicKeys = sail;
|
||||
"agenix/hosts/sail/mastodon/secretKeyBase.age".publicKeys = sail;
|
||||
"agenix/hosts/sail/mastodon/vapidPrivateKey.age".publicKeys = sail;
|
||||
"agenix/hosts/sail/mastodon/vapidPublicKey.age".publicKeys = sail;
|
||||
|
||||
"agenix/hosts/sail/freshrss/userPassword.age".publicKeys = sail;
|
||||
"agenix/hosts/sail/freshrss/databasePassword.age".publicKeys = sail;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,10 +30,10 @@ in
|
|||
|
||||
trustedProxy = "127.0.0.1";
|
||||
|
||||
vapidPublicKeyFile = "/var/lib/mastodon/secrets/vapid-public-key";
|
||||
secretKeyBaseFile = "/var/lib/mastodon/secrets/secret-key-base";
|
||||
otpSecretFile = "/var/lib/mastodon/secrets/otp-secret";
|
||||
vapidPrivateKeyFile = "/var/lib/mastodon/secrets/vapid-private-key";
|
||||
vapidPublicKeyFile = config.age.secrets.mastodon-vapid-public-key.path;
|
||||
secretKeyBaseFile = config.age.secrets.mastodon-secret-key-base.path;
|
||||
otpSecretFile = config.age.secrets.mastodon-otp-secret.path;
|
||||
vapidPrivateKeyFile = config.age.secrets.mastodon-vapid-private-key.path;
|
||||
|
||||
database = {
|
||||
createLocally = false;
|
||||
|
|
@ -41,7 +41,7 @@ in
|
|||
port = 5432;
|
||||
name = "mastodon";
|
||||
inherit (secret.mastodon.database) user;
|
||||
inherit (secret.mastodon.database) passwordFile;
|
||||
passwordFile = config.age.secrets.mastodon-database-password.path;
|
||||
};
|
||||
|
||||
redis = {
|
||||
|
|
@ -62,7 +62,7 @@ in
|
|||
port = 587;
|
||||
fromAddress = "mastodon@mg.kempkens.io";
|
||||
inherit (secret.mastodon.smtp) user;
|
||||
inherit (secret.mastodon.smtp) passwordFile;
|
||||
passwordFile = config.age.secrets.mastodon-smtp-password.path;
|
||||
};
|
||||
|
||||
automaticMigrations = true;
|
||||
|
|
|
|||
Loading…
Reference in a new issue