deluge: migrate auth file to vault
This commit is contained in:
parent
a3ef78701e
commit
2536214734
3 changed files with 26 additions and 15 deletions
|
@ -27,9 +27,19 @@ in {
|
|||
move_completed_paths_list = [ "/store/content/Anime" "/store/content/Films" "/store/content/TV" ];
|
||||
enabled_plugins = [ "Label" ];
|
||||
};
|
||||
authFile = secrets.deluge.authFile;
|
||||
authFile = config.my.vault.secrets.deluge-auth-file.path;
|
||||
|
||||
web.enable = true;
|
||||
package = depot.pkgs.deluge;
|
||||
};
|
||||
|
||||
my.vault.secrets.deluge-auth-file = {
|
||||
reloadOrRestartUnits = ["deluge.service"];
|
||||
group = "deluge";
|
||||
template = ''
|
||||
{{ with secret "kv/apps/pomerium" }}
|
||||
{{ .Data.data.authfile }}
|
||||
{{ end }}
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -41,19 +41,14 @@
|
|||
path = "kv/misc-input";
|
||||
};
|
||||
|
||||
my.apps.deluge = {};
|
||||
my.apps.pomerium = {};
|
||||
my.servers.etheroute-lon01.apps = [ "pomerium" ];
|
||||
|
||||
my.apps.sslrenew-raritan = {
|
||||
policy = ''
|
||||
my.apps.sslrenew-raritan.policy = ''
|
||||
# sslrenew-raritan is permitted to issue certificates.
|
||||
path "acme/certs/*" {
|
||||
capabilities = ["create"]
|
||||
}
|
||||
'';
|
||||
};
|
||||
my.servers.totoro.apps = [ "sslrenew-raritan" ];
|
||||
|
||||
my.apps.deployer.policy = ''
|
||||
# Allow reading nix-daemon secrets
|
||||
path "kv/data/apps/nix-daemon" {
|
||||
|
@ -63,4 +58,8 @@
|
|||
capabilities = ["read"]
|
||||
}
|
||||
'';
|
||||
|
||||
my.servers.etheroute-lon01.apps = [ "pomerium" ];
|
||||
my.servers.totoro.apps = [ "sslrenew-raritan" "deluge" ];
|
||||
my.servers.clouvider-fra01.apps = [ "deluge" ];
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ depot, lib, config, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) mkOption nameValuePair mapToAttrs types mkEnableOption mapAttrs' filterAttrs mkMerge mapAttrsToList concatStringsSep;
|
||||
inherit (lib) mkOption nameValuePair mapToAttrs types mkEnableOption mapAttrs' filterAttrs mkMerge mapAttrsToList concatStringsSep mkBefore;
|
||||
|
||||
minutes = m: m * 60;
|
||||
|
||||
|
@ -25,7 +25,7 @@ let
|
|||
|
||||
apps = mkOption {
|
||||
type = with types; listOf str;
|
||||
default = [ "deployer" ];
|
||||
default = [];
|
||||
};
|
||||
|
||||
appPolicies = mkOption {
|
||||
|
@ -63,6 +63,8 @@ let
|
|||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config.apps = mkBefore [ "deployer" ];
|
||||
}));
|
||||
|
||||
cfg = config.my.enabledServers;
|
||||
|
|
Loading…
Reference in a new issue