privatevoid.net/depot
1
1
Fork 0
Code Issues 18 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

cluster/services/attic: switch to locksmith secrets

Browse source
This commit is contained in:
Max Headroom 2024-07-10 23:54:07 +02:00
parent a8041ec87f
commit e73a340ff0
3 changed files with 8 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
cluster/secrets/attic-s3Credentials.age
View file

Binary file not shown.

10
cluster/services/attic/default.nix
View file

@ -22,15 +22,15 @@
nodes = nodes.server; nodes = nodes.server;
owner = "atticd"; owner = "atticd";
}; };
s3Credentials = {
nodes = nodes.server;
owner = "atticd";
};
}; };
}; };
garage = { garage = {
keys.attic = { }; keys.attic.locksmith = {
nodes = config.services.attic.nodes.server;
owner = "atticd";
format = "aws";
};
buckets.attic = { buckets.attic = {
allow.attic = [ "read" "write" ]; allow.attic = [ "read" "write" ];
}; };

4
cluster/services/attic/server.nix
View file

@ -11,6 +11,8 @@ in
links.atticServer.protocol = "http"; links.atticServer.protocol = "http";
services.locksmith.waitForSecrets.atticd = [ "garage-attic" ];
services.atticd = { services.atticd = {
enable = true; enable = true;
@ -60,7 +62,7 @@ in
DynamicUser = lib.mkForce false; DynamicUser = lib.mkForce false;
}; };
environment = { environment = {
AWS_SHARED_CREDENTIALS_FILE = secrets.s3Credentials.path; AWS_SHARED_CREDENTIALS_FILE = "/run/locksmith/garage-attic";
PGPASSFILE = secrets.dbCredentials.path; PGPASSFILE = secrets.dbCredentials.path;
}; };
}; };