rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-01-18 17:11:39 +01:00
Code Issues Projects Releases Packages Wiki Activity

seafile: put secret on nuc

Browse source
This commit is contained in:
Rouven Seifert 2024-04-30 15:02:46 +02:00
parent 6569db6bfb
commit 3e48779929
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
3 changed files with 1 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
hosts/nuc/modules/seafile/default.nix
View file

@ -3,11 +3,6 @@ let
domain = "seafile.${config.networking.domain}"; domain = "seafile.${config.networking.domain}";
in in
{ {
age.secrets."seafile/oidc-secret" = {
file = ../../../../secrets/nuc/seafile/oidc-secret.age;
mode = "0440";
group = "seafile";
};
services.seafile = { services.seafile = {
enable = true; enable = true;
adminEmail = "admin@rfive.de"; adminEmail = "admin@rfive.de";
@ -20,7 +15,7 @@ in
OAUTH_ENABLE_INSECURE_TRANSPORT = True OAUTH_ENABLE_INSECURE_TRANSPORT = True
OAUTH_CLIENT_ID = "seafile" OAUTH_CLIENT_ID = "seafile"
with open('${config.age.secrets."seafile/oidc-secret".path}') as f: with open('/var/lib/seafile/.oidcSecret') as f:
OAUTH_CLIENT_SECRET = f.readline().rstrip() OAUTH_CLIENT_SECRET = f.readline().rstrip()
OAUTH_REDIRECT_URL = 'https://seafile.rfive.de/oauth/callback/' OAUTH_REDIRECT_URL = 'https://seafile.rfive.de/oauth/callback/'

1
secrets.nix
View file

@ -22,7 +22,6 @@ in
"secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ]; "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
"secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ]; "secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ];
"secrets/nuc/cache.age".publicKeys = [ rouven nuc ]; "secrets/nuc/cache.age".publicKeys = [ rouven nuc ];
"secrets/nuc/seafile/oidc-secret.age".publicKeys = [ rouven nuc ];
"secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];
"secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ];

BIN
secrets/nuc/seafile/oidc-secret.age
View file

Binary file not shown.