deluge: migrate auth file to vault

This commit is contained in:
Luke Granger-Brown 2022-04-09 20:59:11 +01:00
parent a3ef78701e
commit 2536214734
3 changed files with 26 additions and 15 deletions

View file

@ -27,9 +27,19 @@ in {
move_completed_paths_list = [ "/store/content/Anime" "/store/content/Films" "/store/content/TV" ]; move_completed_paths_list = [ "/store/content/Anime" "/store/content/Films" "/store/content/TV" ];
enabled_plugins = [ "Label" ]; enabled_plugins = [ "Label" ];
}; };
authFile = secrets.deluge.authFile; authFile = config.my.vault.secrets.deluge-auth-file.path;
web.enable = true; web.enable = true;
package = depot.pkgs.deluge; package = depot.pkgs.deluge;
}; };
my.vault.secrets.deluge-auth-file = {
reloadOrRestartUnits = ["deluge.service"];
group = "deluge";
template = ''
{{ with secret "kv/apps/pomerium" }}
{{ .Data.data.authfile }}
{{ end }}
'';
};
} }

View file

@ -41,19 +41,14 @@
path = "kv/misc-input"; path = "kv/misc-input";
}; };
my.apps.deluge = {};
my.apps.pomerium = {}; my.apps.pomerium = {};
my.servers.etheroute-lon01.apps = [ "pomerium" ]; my.apps.sslrenew-raritan.policy = ''
# sslrenew-raritan is permitted to issue certificates.
my.apps.sslrenew-raritan = { path "acme/certs/*" {
policy = '' capabilities = ["create"]
# sslrenew-raritan is permitted to issue certificates. }
path "acme/certs/*" { '';
capabilities = ["create"]
}
'';
};
my.servers.totoro.apps = [ "sslrenew-raritan" ];
my.apps.deployer.policy = '' my.apps.deployer.policy = ''
# Allow reading nix-daemon secrets # Allow reading nix-daemon secrets
path "kv/data/apps/nix-daemon" { path "kv/data/apps/nix-daemon" {
@ -63,4 +58,8 @@
capabilities = ["read"] capabilities = ["read"]
} }
''; '';
my.servers.etheroute-lon01.apps = [ "pomerium" ];
my.servers.totoro.apps = [ "sslrenew-raritan" "deluge" ];
my.servers.clouvider-fra01.apps = [ "deluge" ];
} }

View file

@ -1,7 +1,7 @@
{ depot, lib, config, ... }: { depot, lib, config, ... }:
let let
inherit (lib) mkOption nameValuePair mapToAttrs types mkEnableOption mapAttrs' filterAttrs mkMerge mapAttrsToList concatStringsSep; inherit (lib) mkOption nameValuePair mapToAttrs types mkEnableOption mapAttrs' filterAttrs mkMerge mapAttrsToList concatStringsSep mkBefore;
minutes = m: m * 60; minutes = m: m * 60;
@ -25,7 +25,7 @@ let
apps = mkOption { apps = mkOption {
type = with types; listOf str; type = with types; listOf str;
default = [ "deployer" ]; default = [];
}; };
appPolicies = mkOption { appPolicies = mkOption {
@ -63,6 +63,8 @@ let
''; '';
}; };
}; };
config.apps = mkBefore [ "deployer" ];
})); }));
cfg = config.my.enabledServers; cfg = config.my.enabledServers;