cluster/services/dns: load API key directly

This commit is contained in:
Max Headroom 2022-08-07 20:59:16 +02:00
parent 0eed86421b
commit cfd82880e4
3 changed files with 10 additions and 8 deletions

View file

@ -12,6 +12,7 @@ let
translateConfig = withQuotes: cfg: let
pythonValue = val: if lib.isString val then "'${val}'"
else if lib.isAttrs val && val ? file then "[(f.read().strip('\\n'), f.close()) for f in [open('${val.file}')]][0][0]"
else if lib.isAttrs val && val ? env then "__import__('os').getenv('${val.env}')"
else if lib.isBool val then (if val then "True" else "False")
else if lib.isInt val then toString val
@ -41,10 +42,7 @@ in {
owner = "powerdnsadmin";
group = "powerdnsadmin";
};
pdns-api-key = {
file = ./pdns-api-key.age;
mode = "0400";
};
pdns-api-key = vars.pdns-api-key-secret // { owner = "powerdnsadmin"; };
};
links.pdnsAdmin.protocol = "http";
@ -78,7 +76,7 @@ in {
SQLALCHEMY_DATABASE_URI = "sqlite:///${dataDirUI}/pda.db";
PDNS_VERSION = pkgs.pdns.version;
PDNS_API_URL = pdns-api.url;
PDNS_API_KEY.env = "PDNS_API_KEY";
PDNS_API_KEY.file = config.age.secrets.pdns-api-key.path;
SIGNUP_ENABLED = false;
OIDC_OAUTH_ENABLED = true;
@ -94,11 +92,11 @@ in {
};
systemd.services.powerdns-admin.serviceConfig = {
BindPaths = [ dataDirUI ];
EnvironmentFile = [
BindPaths = [
dataDirUI
config.age.secrets.pdns-api-key.path
config.age.secrets.pdns-admin-oidc-secrets.path
];
EnvironmentFile = config.age.secrets.pdns-admin-oidc-secrets.path;
};
services.nginx.virtualHosts."dnsadmin.${domain}" = lib.recursiveUpdate

View file

@ -4,6 +4,10 @@ let
inherit (config.vars) hosts;
in
{
vars.pdns-api-key-secret = {
file = ./pdns-api-key.age;
mode = "0400";
};
links = {
dnsResolver = {
ipv4 = hosts.VEGAS.interfaces.vstub.addr;