aiolabs/nix-bitcoin
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

simplify secrets file format

Browse source 
Each secret file to be deployed is now backed by one local file.
This simplifies 'setup-secrets' and the secret definitions.
Also, with the old format it was not possible to add new secrets
to secrets.nix in a simple way.

Old secrets are automatically converted to the new format when running
nix-shell.

Using the new option 'nix-bitcoin.secrets', secrets are now directly
defined by the services that use them.
This commit is contained in:
Erik Arvstedt 2020-01-12 20:52:38 +01:00
parent 314272a228
commit b1e13e9415
No known key found for this signature in database
GPG key ID: 33312B944DD97846
15 changed files with 151 additions and 152 deletions
Download patch file Download diff file Expand all files Collapse all files

11
modules/electrs.nix
View file

@ -103,8 +103,8 @@ in {
listen ${toString config.services.electrs.nginxport} ssl;
proxy_pass electrs;
ssl_certificate /secrets/nginx_cert;
ssl_certificate_key /secrets/nginx_key;
ssl_certificate /secrets/nginx-cert;
ssl_certificate_key /secrets/nginx-key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 4h;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
@ -117,5 +117,12 @@ in {
requires = [ "nix-bitcoin-secrets.target" ];
after = [ "nix-bitcoin-secrets.target" ];
};
nix-bitcoin.secrets = rec {
nginx-key = {
user = "nginx";
group = "root";
};
nginx-cert = nginx-key;
};
};
}