Avery/NixOS
Avery/NixOS
1
0
Fork 0
Code Activity

Change forgejo secret installation

Browse source
This commit is contained in:
Avery 2025-02-16 18:06:17 +01:00
parent 06ce631cf3
commit 725c7a98f0
Signed by: Avery
GPG key ID: B684FD451B692E04
1 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
hosts/greatyamada/services/forgejo.nix
View file

@ -1,12 +1,12 @@
{ pkgs, ... }: { pkgs, ... }:
let let
forgejoConfigPath = "/var/lib/forgejo/custom/conf"; forgejoSecretsPath = "/run/secrets/forgejo_";
portDefinitions = import ./_port-definitions.nix; portDefinitions = import ./_port-definitions.nix;
arrayToSecrets = elements: arrayToSecrets = elements:
builtins.listToAttrs (map (key: { builtins.listToAttrs (map (key: {
name = "forgejo/${key}"; name = "forgejo/${key}";
value = { value = {
path = "${forgejoConfigPath}/${key}"; path = "${forgejoSecretsPath}${key}";
owner = "forgejo"; owner = "forgejo";
}; };
}) elements); }) elements);
@ -18,15 +18,15 @@ in {
database = { database = {
type = "postgres"; type = "postgres";
port = portDefinitions.postgresql; port = portDefinitions.postgresql;
passwordFile = "${forgejoConfigPath}/database_password"; passwordFile = "${forgejoSecretsPath}database_password";
}; };
secrets = { secrets = {
server.LFS_JWT_SECRET = "${forgejoConfigPath}/lfs_jwt_secret"; server.LFS_JWT_SECRET = "${forgejoSecretsPath}lfs_jwt_secret";
security = { security = {
INTERNAL_TOKEN = "${forgejoConfigPath}/internal_token"; INTERNAL_TOKEN = "${forgejoSecretsPath}internal_token";
SECRET_KEY = "${forgejoConfigPath}/secret_key"; SECRET_KEY = "${forgejoSecretsPath}secret_key";
}; };
oauth2.JWT_SECRET = "${forgejoConfigPath}/oauth2_jwt_secret"; oauth2.JWT_SECRET = "${forgejoSecretsPath}oauth2_jwt_secret";
}; };
settings = { settings = {
server = { server = {