about summary refs log tree commit diff
path: root/users/grfn/system
diff options
context:
space:
mode:
Diffstat (limited to 'users/grfn/system')
-rw-r--r--users/grfn/system/system/machines/mugwump.nix11
1 files changed, 9 insertions, 2 deletions
diff --git a/users/grfn/system/system/machines/mugwump.nix b/users/grfn/system/system/machines/mugwump.nix
index 9ef428c2399b..d4e61b74a4c6 100644
--- a/users/grfn/system/system/machines/mugwump.nix
+++ b/users/grfn/system/system/machines/mugwump.nix
@@ -8,6 +8,7 @@ with lib;
     (modulesPath + "/installer/scan/not-detected.nix")
     "${depot.path}/ops/modules/prometheus-fail2ban-exporter.nix"
     "${depot.path}/users/grfn/xanthous/server/module.nix"
+    "${depot.third_party.agenix.src}/modules/age.nix"
   ];
 
   networking.hostName = "mugwump";
@@ -64,6 +65,12 @@ with lib;
 
   nix.gc.dates = "monthly";
 
+  age.secrets = let
+    secret = name: depot.users.grfn.secrets."${name}.age";
+  in {
+    cloudflare.file = secret "cloudflare";
+  };
+
   services.depot.auto-deploy = {
     enable = true;
     interval = "1d";
@@ -132,7 +139,7 @@ with lib;
   };
 
   systemd.services.ddclient.serviceConfig = {
-    EnvironmentFile = "/etc/secrets/cloudflare.env";
+    EnvironmentFile = "/run/agenix/cloudflare";
     DynamicUser = lib.mkForce false;
     ExecStart = lib.mkForce (
       let runtimeDir =
@@ -149,7 +156,7 @@ with lib;
 
   security.acme.certs."metrics.gws.fyi" = {
     dnsProvider = "cloudflare";
-    credentialsFile = "/etc/secrets/cloudflare.env";
+    credentialsFile = "/run/agenix/cloudflare";
     webroot = mkForce null;
   };
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-11-09T11ยท32+0000