secrets: allow extending generate-secrets
`generate-secrets` is no longer a monolithic script. Instead, it's composed of the values of option `nix-bitcoin.generateSecretsCmds`. This has the following advantages: - generate-secrets is now extensible by users - Only secrets of enabled services are generated - RPC IPs in the `lnd` and `loop` certs are no longer hardcoded. Secrets are no longer automatically generated when entering nix-shell. Instead, they are generated before deployment (via `krops-deploy`) because secrets generation is now dependant on the node configuration.
This commit is contained in:
Erik Arvstedt
parent
24fd1e9bdc
commit
a2466b1127
15 changed files with 136 additions and 131 deletions
|
|
@ -247,5 +247,8 @@ in {
|
|||
nix-bitcoin.operator.groups = [ cfg.group ];
|
||||
|
||||
nix-bitcoin.secrets.liquid-rpcpassword.user = cfg.user;
|
||||
nix-bitcoin.generateSecretsCmds.liquid = ''
|
||||
makePasswordSecret liquid-rpcpassword
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue