cluster/services/idm: use cluster secrets

2024-07-08 18:41:51 +02:00 · 2024-07-08 18:41:51 +02:00 · 7b95308f0d
commit 7b95308f0d
parent deaa423c86
8 changed files with 5 additions and 3 deletions
--- a/cluster/secrets/idm-serviceAccountCredentials-VEGAS.age
+++ b/cluster/secrets/idm-serviceAccountCredentials-VEGAS.age
--- a/cluster/secrets/idm-serviceAccountCredentials-checkmate.age
+++ b/cluster/secrets/idm-serviceAccountCredentials-checkmate.age
--- a/cluster/secrets/idm-serviceAccountCredentials-grail.age
+++ b/cluster/secrets/idm-serviceAccountCredentials-grail.age
--- a/cluster/secrets/idm-serviceAccountCredentials-prophet.age
+++ b/cluster/secrets/idm-serviceAccountCredentials-prophet.age
--- a/cluster/secrets/idm-serviceAccountCredentials-soda.age
+++ b/cluster/secrets/idm-serviceAccountCredentials-soda.age
--- a/cluster/secrets/idm-serviceAccountCredentials-thunderskin.age
+++ b/cluster/secrets/idm-serviceAccountCredentials-thunderskin.age
--- a/cluster/services/idm/client.nix
+++ b/cluster/services/idm/client.nix
@ -5,10 +5,8 @@ let
 in
 {
  age.secrets.idmServiceAccountCredentials.file = ./secrets/service-account-${config.networking.hostName}.age;
  systemd.services.kanidm-unixd.serviceConfig = {
-    EnvironmentFile = config.age.secrets.idmServiceAccountCredentials.path;
+    EnvironmentFile = cluster.config.services.idm.secrets.serviceAccountCredentials.path;
  };
  services.kanidm = {
--- a/cluster/services/idm/default.nix
+++ b/cluster/services/idm/default.nix
@ -33,6 +33,10 @@
        ./policies/soda.nix
      ];
    };
    secrets.serviceAccountCredentials = {
      nodes = config.services.idm.nodes.client;
      shared = false;
    };
  };
  dns.records = let