mastodon: move extra config to age-encrypted file

2023-02-05 21:08:03 +01:00 · 2023-02-05 21:08:03 +01:00 · e7c94b293c
parent 014a2fa123
commit e7c94b293c
5 changed files with 9 additions and 16 deletions
--- a/agenix/hosts/sail/config.nix
+++ b/agenix/hosts/sail/config.nix
@ -36,6 +36,12 @@
      group = "mastodon";
    };

+    mastodon-extra-config = {
+      file = ./mastodon/extraConfig.age;
+      owner = "mastodon";
+      group = "mastodon";
+    };
+
    freshrss-user-password = {
      file = ./freshrss/userPassword.age;
      owner = "freshrss";
--- a/agenix/hosts/sail/mastodon/extraConfig.age
+++ b/agenix/hosts/sail/mastodon/extraConfig.age
--- a/secret/hosts/sail.nix
+++ b/secret/hosts/sail.nix
--- a/secrets.nix
+++ b/secrets.nix
@ -13,6 +13,7 @@ in
  "agenix/hosts/sail/mastodon/secretKeyBase.age".publicKeys = sail;
  "agenix/hosts/sail/mastodon/vapidPrivateKey.age".publicKeys = sail;
  "agenix/hosts/sail/mastodon/vapidPublicKey.age".publicKeys = sail;
+  "agenix/hosts/sail/mastodon/extraConfig.age".publicKeys = sail;

  "agenix/hosts/sail/freshrss/userPassword.age".publicKeys = sail;
  "agenix/hosts/sail/freshrss/databasePassword.age".publicKeys = sail;
--- a/system/nixos/mastodon.nix
+++ b/system/nixos/mastodon.nix
@ -75,23 +75,9 @@ in

    extraConfig = {
      WEB_DOMAIN = web-domain;
-
-      ES_USER = secret.mastodon.elasticsearch.user;
-      ES_PASS = secret.mastodon.elasticsearch.password;
-
-      S3_ENABLED = "true";
-      S3_BUCKET = secret.mastodon.s3.bucket;
-      AWS_ACCESS_KEY_ID = secret.mastodon.s3.accessKeyId;
-      AWS_SECRET_ACCESS_KEY = secret.mastodon.s3.secretAccessKey;
-      S3_PROTOCOL = "https";
-      S3_REGION = secret.mastodon.s3.region;
-      S3_ENDPOINT = secret.mastodon.s3.endpoint;
-      S3_ALIAS_HOST = "mastodon-cdn.kempkens.io";
-      S3_HOSTNAME = "mastodon-cdn.kempkens.io";
-
-      DEEPL_PLAN = "free";
-      DEEPL_API_KEY = secret.mastodon.deepl.apiKey;
    };
+
+    extraEnvFiles = [ config.age.secrets.mastodon-extra-config.path ];
  };

  services.nginx = {