fup: move config to secret
This commit is contained in:
parent
8647af22d7
commit
dca96efffe
2 changed files with 27 additions and 6 deletions
|
@ -4,9 +4,6 @@ let
|
||||||
inherit (depot.ops) secrets;
|
inherit (depot.ops) secrets;
|
||||||
sock = "/run/fup.sock";
|
sock = "/run/fup.sock";
|
||||||
pkg = depot.web.fup;
|
pkg = depot.web.fup;
|
||||||
|
|
||||||
format = pkgs.formats.yaml {};
|
|
||||||
fupConfig = format.generate "fup.yaml" secrets.fup.config;
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options = with lib; {
|
options = with lib; {
|
||||||
|
@ -47,6 +44,9 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
users.users.fup = { isSystemUser = true; group = "fup"; };
|
||||||
|
users.groups.fup = {};
|
||||||
|
|
||||||
systemd.sockets.fup = {
|
systemd.sockets.fup = {
|
||||||
listenStreams = [ sock ];
|
listenStreams = [ sock ];
|
||||||
wantedBy = [ "sockets.target" ];
|
wantedBy = [ "sockets.target" ];
|
||||||
|
@ -65,10 +65,29 @@ in
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
EnvironmentFile = secrets.fup.environment;
|
EnvironmentFile = config.my.vault.secrets.fup-environment.path;
|
||||||
ExecStart = "${pkg}/bin/fup serve --config=${fupConfig}";
|
ExecStart = "${pkg}/bin/fup serve --config=/etc/fup.yaml";
|
||||||
DynamicUser = true;
|
User = "fup";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
environment.etc."fup.yaml".source = config.my.vault.secrets.fup-config.path;
|
||||||
|
my.vault.secrets.fup-config = {
|
||||||
|
reloadOrRestartUnits = ["fup.service"];
|
||||||
|
group = "fup";
|
||||||
|
template = ''
|
||||||
|
{{ with secret "kv/apps/fup" }}
|
||||||
|
{{ .Data.data.config }}
|
||||||
|
{{ end }}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
my.vault.secrets.fup-environment = {
|
||||||
|
reloadOrRestartUnits = ["fup.service"];
|
||||||
|
group = "fup";
|
||||||
|
template = ''
|
||||||
|
{{ with secret "kv/apps/fup" }}
|
||||||
|
{{ .Data.data.environment }}
|
||||||
|
{{ end }}
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -42,6 +42,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
my.apps.deluge = {};
|
my.apps.deluge = {};
|
||||||
|
my.apps.fup = {};
|
||||||
my.apps.matrix-synapse = {};
|
my.apps.matrix-synapse = {};
|
||||||
my.apps.pomerium = {};
|
my.apps.pomerium = {};
|
||||||
my.apps.quotesdb = {};
|
my.apps.quotesdb = {};
|
||||||
|
@ -71,4 +72,5 @@
|
||||||
my.servers.bvm-twitterchiver.apps = [ "twitterchiver" ];
|
my.servers.bvm-twitterchiver.apps = [ "twitterchiver" ];
|
||||||
my.servers.bvm-matrix.apps = [ "turn" "matrix-synapse" ];
|
my.servers.bvm-matrix.apps = [ "turn" "matrix-synapse" ];
|
||||||
my.servers.bvm-prosody.apps = [ "turn" ];
|
my.servers.bvm-prosody.apps = [ "turn" ];
|
||||||
|
my.servers.blade-tuvok.apps = [ "fup" ];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue