cluster/services/irc: use cluster secrets

2024-07-08 18:53:06 +02:00 · 2024-07-08 18:53:06 +02:00 · 579eed6b51
commit 579eed6b51
parent 7b95308f0d
3 changed files with 6 additions and 8 deletions
--- a/cluster/services/irc/irc-peer-key.age
+++ b/cluster/services/irc/irc-peer-key.age
--- a/cluster/services/irc/default.nix
+++ b/cluster/services/irc/default.nix
@ -12,11 +12,6 @@ let
 in
 {
  vars = {
-    ircPeerKey = {
-      file = ./irc-peer-key.age;
-      owner = "ngircd";
-      group = "ngircd";
-    };
    ircOpers = [ "max" "num" "ark" ];
  };
  hostLinks = lib.genAttrs config.services.irc.nodes.host (name: {
@ -50,6 +45,11 @@ in
        ./irc-host.nix
      ];
    };
+    secrets.peerKey = {
+      nodes = config.services.irc.nodes.host;
+      owner = "ngircd";
+      services = [ "ngircd" ];
+    };
  };

  monitoring.blackbox.targets = {
--- a/cluster/services/irc/irc-host.nix
+++ b/cluster/services/irc/irc-host.nix
@ -93,17 +93,15 @@ in {
      auth required ${pkgs.kanidm}/lib/pam_kanidm.so 
    '';
  };
-  age.secrets = { inherit (vars) ircPeerKey; };
  systemd.services.ngircd = {
    after = [ "acme-finished-${serverName}.target" "dhparams-gen-ngircd.service" ];
    wants = [ "acme-finished-${serverName}.target" "dhparams-gen-ngircd.service" ];
-    restartTriggers = [ "${config.age.secrets.ircPeerKey.file}" ];
    serviceConfig.RuntimeDirectory = "ngircd";
    preStart = ''
      install -d -m700 /run/ngircd/secrets
      for cfg in ${builtins.concatStringsSep " " otherServerFiles}; do
        install -m600 $cfg /run/ngircd/secrets/
-        ${pkgs.replace-secret}/bin/replace-secret '@PEER_PASSWORD@' '${config.age.secrets.ircPeerKey.path}' /run/ngircd/secrets/$(basename $cfg)
+        ${pkgs.replace-secret}/bin/replace-secret '@PEER_PASSWORD@' '${cluster.config.services.irc.secrets.peerKey.path}' /run/ngircd/secrets/$(basename $cfg)
      done
    '';
  };