deluge: migrate auth file to vault
This commit is contained in:
parent
a3ef78701e
commit
2536214734
3 changed files with 26 additions and 15 deletions
|
@ -27,9 +27,19 @@ in {
|
||||||
move_completed_paths_list = [ "/store/content/Anime" "/store/content/Films" "/store/content/TV" ];
|
move_completed_paths_list = [ "/store/content/Anime" "/store/content/Films" "/store/content/TV" ];
|
||||||
enabled_plugins = [ "Label" ];
|
enabled_plugins = [ "Label" ];
|
||||||
};
|
};
|
||||||
authFile = secrets.deluge.authFile;
|
authFile = config.my.vault.secrets.deluge-auth-file.path;
|
||||||
|
|
||||||
web.enable = true;
|
web.enable = true;
|
||||||
package = depot.pkgs.deluge;
|
package = depot.pkgs.deluge;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
my.vault.secrets.deluge-auth-file = {
|
||||||
|
reloadOrRestartUnits = ["deluge.service"];
|
||||||
|
group = "deluge";
|
||||||
|
template = ''
|
||||||
|
{{ with secret "kv/apps/pomerium" }}
|
||||||
|
{{ .Data.data.authfile }}
|
||||||
|
{{ end }}
|
||||||
|
'';
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -41,19 +41,14 @@
|
||||||
path = "kv/misc-input";
|
path = "kv/misc-input";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
my.apps.deluge = {};
|
||||||
my.apps.pomerium = {};
|
my.apps.pomerium = {};
|
||||||
my.servers.etheroute-lon01.apps = [ "pomerium" ];
|
my.apps.sslrenew-raritan.policy = ''
|
||||||
|
|
||||||
my.apps.sslrenew-raritan = {
|
|
||||||
policy = ''
|
|
||||||
# sslrenew-raritan is permitted to issue certificates.
|
# sslrenew-raritan is permitted to issue certificates.
|
||||||
path "acme/certs/*" {
|
path "acme/certs/*" {
|
||||||
capabilities = ["create"]
|
capabilities = ["create"]
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
};
|
|
||||||
my.servers.totoro.apps = [ "sslrenew-raritan" ];
|
|
||||||
|
|
||||||
my.apps.deployer.policy = ''
|
my.apps.deployer.policy = ''
|
||||||
# Allow reading nix-daemon secrets
|
# Allow reading nix-daemon secrets
|
||||||
path "kv/data/apps/nix-daemon" {
|
path "kv/data/apps/nix-daemon" {
|
||||||
|
@ -63,4 +58,8 @@
|
||||||
capabilities = ["read"]
|
capabilities = ["read"]
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
my.servers.etheroute-lon01.apps = [ "pomerium" ];
|
||||||
|
my.servers.totoro.apps = [ "sslrenew-raritan" "deluge" ];
|
||||||
|
my.servers.clouvider-fra01.apps = [ "deluge" ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ depot, lib, config, ... }:
|
{ depot, lib, config, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (lib) mkOption nameValuePair mapToAttrs types mkEnableOption mapAttrs' filterAttrs mkMerge mapAttrsToList concatStringsSep;
|
inherit (lib) mkOption nameValuePair mapToAttrs types mkEnableOption mapAttrs' filterAttrs mkMerge mapAttrsToList concatStringsSep mkBefore;
|
||||||
|
|
||||||
minutes = m: m * 60;
|
minutes = m: m * 60;
|
||||||
|
|
||||||
|
@ -25,7 +25,7 @@ let
|
||||||
|
|
||||||
apps = mkOption {
|
apps = mkOption {
|
||||||
type = with types; listOf str;
|
type = with types; listOf str;
|
||||||
default = [ "deployer" ];
|
default = [];
|
||||||
};
|
};
|
||||||
|
|
||||||
appPolicies = mkOption {
|
appPolicies = mkOption {
|
||||||
|
@ -63,6 +63,8 @@ let
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
config.apps = mkBefore [ "deployer" ];
|
||||||
}));
|
}));
|
||||||
|
|
||||||
cfg = config.my.enabledServers;
|
cfg = config.my.enabledServers;
|
||||||
|
|
Loading…
Reference in a new issue