ooks/ooknet
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: move secrets off-shore

Browse source
This commit is contained in:
ooks-io 2025-01-20 20:57:53 +11:00
parent 0ecc1cbf40
commit d3d0ae8fcb
23 changed files with 231 additions and 179 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/nixos/server/services/ookflix/lib.nix
View file

@ -132,14 +132,6 @@
};
};
mkServiceSecret = name: service: {
${name} = {
file = "${self}/secrets/containers/${name}.age";
owner = cfg.services.${service}.user.name;
group = cfg.services.${service}.group.name;
};
};
mkNetworkService = name: _network:
nameValuePair "podman-network-${name}" {
description = "Podman network ${name} for ookflix";
@ -151,5 +143,5 @@
};
};
in {
inherit mkServiceStateFile mkServiceSecret mkBasicServiceOptions mkServiceOptions mkServiceStateDir mkServiceUser mkUserOption mkPortOption mkGroupOption mkVolumeOption mkSubdomainOption mkNetworkService;
inherit mkServiceStateFile mkBasicServiceOptions mkServiceOptions mkServiceStateDir mkServiceUser mkUserOption mkPortOption mkGroupOption mkVolumeOption mkSubdomainOption mkNetworkService;
}

3
modules/nixos/server/services/ookflix/networking/gluetun.nix
View file

@ -6,14 +6,13 @@
...
}: let
ookflixLib = import ../lib.nix {inherit self lib config;};
inherit (ookflixLib) mkServiceUser mkServiceSecret;
inherit (ookflixLib) mkServiceUser;
inherit (lib) mkIf;
inherit (ook.lib.container) mkContainerEnvironment;
inherit (config.ooknet.server.ookflix.services) qbittorrent gluetun;
in {
config = mkIf gluetun.enable {
users = mkServiceUser gluetun.user.name;
age.secrets = mkServiceSecret "vpn_env" "gluetun";
virtualisation.oci-containers.containers = {
# vpn container
gluetun = mkIf gluetun.enable {

3
modules/nixos/server/services/ookflix/networking/traefik.nix
View file

@ -6,7 +6,7 @@
...
}: let
ookflixLib = import ../lib.nix {inherit self lib config;};
inherit (ookflixLib) mkServiceUser mkServiceSecret mkServiceStateDir mkServiceStateFile;
inherit (ookflixLib) mkServiceUser mkServiceStateDir mkServiceStateFile;
inherit (lib) mkIf;
inherit (ook.lib.container) mkContainerEnvironment mkContainerLabel mkContainerPort;
inherit (config.ooknet) server;
@ -19,7 +19,6 @@ in {
traefikStateDir = mkServiceStateDir "traefik";
traefikAcmeFile = mkServiceStateFile "traefik" "acme.json";
};
age.secrets = mkServiceSecret "cf_creds" "traefik";
virtualisation.oci-containers.containers = {
# vpn container
traefik = mkIf traefik.enable {