From 03d198631645ba3013e6e16bdf26a327cd51ccf7 Mon Sep 17 00:00:00 2001 From: sterni Date: Sun, 22 May 2022 23:51:49 +0200 Subject: feat(3p/agenix): update to 2022-05-16 and add to niv The new version brings the new secretsDir setting which means we no longer have to hardcode /run/agenix everywhere. Change-Id: I4b579d7233d315a780d7671869d5d06722d769fa Reviewed-on: https://cl.tvl.fyi/c/depot/+/5646 Tested-by: BuildkiteCI Reviewed-by: tazjin Reviewed-by: grfn Autosubmit: sterni --- users/grfn/bbbg/module.nix | 4 ++-- users/grfn/system/system/machines/mugwump.nix | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'users/grfn') diff --git a/users/grfn/bbbg/module.nix b/users/grfn/bbbg/module.nix index 7a49f7934a37..70bb2c77e4cf 100644 --- a/users/grfn/bbbg/module.nix +++ b/users/grfn/bbbg/module.nix @@ -64,7 +64,7 @@ in serviceConfig = { DynamicUser = true; Restart = "always"; - EnvironmentFile = "/run/agenix/bbbg"; + EnvironmentFile = config.age.secretsDir + "/bbbg"; }; environment = { @@ -88,7 +88,7 @@ in serviceConfig = { Type = "oneshot"; - EnvironmentFile = "/run/agenix/bbbg"; + EnvironmentFile = config.age.secretsDir + "/bbbg"; }; environment = { diff --git a/users/grfn/system/system/machines/mugwump.nix b/users/grfn/system/system/machines/mugwump.nix index c5b60284d40a..05b78ce51703 100644 --- a/users/grfn/system/system/machines/mugwump.nix +++ b/users/grfn/system/system/machines/mugwump.nix @@ -153,7 +153,7 @@ with lib; zone = "gws.fyi"; protocol = "cloudflare"; username = "root@gws.fyi"; - passwordFile = "/run/agenix/ddclient-password"; + passwordFile = config.age.secretsDir + "/ddclient-password"; quiet = true; }; @@ -161,7 +161,7 @@ with lib; security.acme.certs."metrics.gws.fyi" = { dnsProvider = "cloudflare"; - credentialsFile = "/run/agenix/cloudflare"; + credentialsFile = config.age.secretsDir + "/cloudflare"; webroot = mkForce null; }; @@ -272,8 +272,8 @@ with lib; value = { inherit name; enable = true; - tokenPath = "/run/agenix/buildkite-token"; - privateSshKeyPath = "/run/agenix/buildkite-ssh-key"; + tokenPath = config.age.secretsDir + "/buildkite-token"; + privateSshKeyPath = config.age.secretsDir + "/buildkite-ssh-key"; runtimePackages = with pkgs; [ docker nix -- cgit 1.4.1