diff options
author | William Carroll <wpcarro@gmail.com> | 2020-08-13T21·26+0100 |
---|---|---|
committer | William Carroll <wpcarro@gmail.com> | 2020-08-20T10·26+0100 |
commit | 4a836f363b203b78dc6ff083051ec0f9a69f9941 (patch) | |
tree | 29c02eca2f2ecb2f80f1bea9ca4c0e0d33a945aa | |
parent | 0b34482b6da9ef0d2178d5dba5a99485d62281d8 (diff) |
Disabling the monzo-token-server
I haven't used this since I wrote it... and now the .tokens attribute is missing and it's screwing up my other deployment... *sigh*
-rw-r--r-- | nixos/socrates/configuration.nix | 40 |
1 files changed, 19 insertions, 21 deletions
diff --git a/nixos/socrates/configuration.nix b/nixos/socrates/configuration.nix index c04281e4ac61..65084d29ca81 100644 --- a/nixos/socrates/configuration.nix +++ b/nixos/socrates/configuration.nix @@ -115,27 +115,25 @@ in { rootUrl = "https://git.wpcarro.dev/"; }; - systemd.services.monzo-token-server = { - enable = true; - description = "Ensure my Monzo access token is valid"; - script = "${briefcase.monzo_ynab.tokens}/bin/token-server"; - - # TODO(wpcarro): I'm unsure of the size of this security risk, but if a - # non-root user runs `systemctl cat monzo-token-server`, they could read the - # following, sensitive environment variables. - environment = { - store_path = "/var/cache/monzo_ynab"; - monzo_client_id = readSecret "monzo-client-id"; - monzo_client_secret = readSecret "monzo-client-secret"; - ynab_personal_access_token = readSecret "ynab-personal-access-token"; - ynab_account_id = readSecret "ynab-account-id"; - ynab_budget_id = readSecret "ynab-budget-id"; - }; - - serviceConfig = { - Type = "simple"; - }; - }; + # systemd.services.monzo-token-server = { + # enable = true; + # description = "Ensure my Monzo access token is valid"; + # script = "${briefcase.monzo_ynab.tokens}/bin/token-server"; + # # TODO(wpcarro): I'm unsure of the size of this security risk, but if a + # # non-root user runs `systemctl cat monzo-token-server`, they could read the + # # following, sensitive environment variables. + # environment = { + # store_path = "/var/cache/monzo_ynab"; + # monzo_client_id = readSecret "monzo-client-id"; + # monzo_client_secret = readSecret "monzo-client-secret"; + # ynab_personal_access_token = readSecret "ynab-personal-access-token"; + # ynab_account_id = readSecret "ynab-account-id"; + # ynab_budget_id = readSecret "ynab-budget-id"; + # }; + # serviceConfig = { + # Type = "simple"; + # }; + # }; services.gitDaemon = { enable = true; |