loptland: more sops configuration

2024-11-06 16:57:10 +01:00 · 2024-11-06 16:57:10 +01:00 · aa08b78056
commit aa08b78056
parent 67c1b1f8e0
2 changed files with 27 additions and 4 deletions
--- a/systems/x86_64-linux/loptland/default.nix
+++ b/systems/x86_64-linux/loptland/default.nix
@ -1,4 +1,5 @@
 {
+  config,
  lib,
  namespace,
  pkgs,
@ -6,12 +7,24 @@
 }:
 let
  inherit (lib.${namespace}) enabled;
+
+  sopsFile = lib.snowfall.fs.get-file "secrets/secrets-loptland.yaml";
 in
 {
  imports = [ ./hardware.nix ];

  environment.systemPackages = [ pkgs.forgejo-cli ];

+  sops.secrets = {
+    domain = {
+      inherit sopsFile;
+    };
+
+    forgejo_db_password = {
+      inherit sopsFile;
+    };
+  };
+
  services.openssh = {
    enable = true;
    settings = {
@ -23,6 +36,13 @@ in
  services.forgejo = {
    enable = true;
    lfs.enable = true;
+    database = {
+      passwordFile = config.sops.secrets.forgejo_db_password.path;
+    };
+    # settings = {
+    #   server.DOMAIN = config.sops.secrets.domain;
+    # };
+
  };

  ${namespace} = {
@ -33,7 +53,7 @@ in
    services = {
      factorio-server = {
        enable = true;
-        sopsFile = lib.snowfall.fs.get-file "secrets/secrets-loptland.yaml";
+        inherit sopsFile;
      };
    };