From 725c7a98f0bc1b36ef0f6edfd4398bf006a69bc0 Mon Sep 17 00:00:00 2001 From: Avery Date: Sun, 16 Feb 2025 18:06:17 +0100 Subject: [PATCH] Change forgejo secret installation --- hosts/greatyamada/services/forgejo.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/hosts/greatyamada/services/forgejo.nix b/hosts/greatyamada/services/forgejo.nix index ddaf216..468e704 100644 --- a/hosts/greatyamada/services/forgejo.nix +++ b/hosts/greatyamada/services/forgejo.nix @@ -1,12 +1,12 @@ { pkgs, ... }: let - forgejoConfigPath = "/var/lib/forgejo/custom/conf"; + forgejoSecretsPath = "/run/secrets/forgejo_"; portDefinitions = import ./_port-definitions.nix; arrayToSecrets = elements: builtins.listToAttrs (map (key: { name = "forgejo/${key}"; value = { - path = "${forgejoConfigPath}/${key}"; + path = "${forgejoSecretsPath}${key}"; owner = "forgejo"; }; }) elements); @@ -18,15 +18,15 @@ in { database = { type = "postgres"; port = portDefinitions.postgresql; - passwordFile = "${forgejoConfigPath}/database_password"; + passwordFile = "${forgejoSecretsPath}database_password"; }; secrets = { - server.LFS_JWT_SECRET = "${forgejoConfigPath}/lfs_jwt_secret"; + server.LFS_JWT_SECRET = "${forgejoSecretsPath}lfs_jwt_secret"; security = { - INTERNAL_TOKEN = "${forgejoConfigPath}/internal_token"; - SECRET_KEY = "${forgejoConfigPath}/secret_key"; + INTERNAL_TOKEN = "${forgejoSecretsPath}internal_token"; + SECRET_KEY = "${forgejoSecretsPath}secret_key"; }; - oauth2.JWT_SECRET = "${forgejoConfigPath}/oauth2_jwt_secret"; + oauth2.JWT_SECRET = "${forgejoSecretsPath}oauth2_jwt_secret"; }; settings = { server = {