From 4f8ba4bf3c08a2487859a9e4dba11e4a2fc7172a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Mon, 11 Nov 2024 17:10:44 +0100 Subject: [PATCH] Require secrets file also when on metal --- fediversity/default.nix | 5 +++++ fediversity/peertube.nix | 4 +++- vm/peertube-vm.nix | 4 ---- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/fediversity/default.nix b/fediversity/default.nix index b4a3172..90f7a02 100644 --- a/fediversity/default.nix +++ b/fediversity/default.nix @@ -40,6 +40,11 @@ in { description = "number of cores; should be obtained from NixOps4"; type = types.int; }; + + peertubeSecretsFile = mkOption { + description = "should it be provided by NixOps4? or maybe we should just ask for a main secret from which to derive all the others?"; + type = types.path; + }; }; }; }; diff --git a/fediversity/peertube.nix b/fediversity/peertube.nix index 03e9e71..7b121ed 100644 --- a/fediversity/peertube.nix +++ b/fediversity/peertube.nix @@ -61,13 +61,15 @@ lib.mkIf (config.fediversity.enable && config.fediversity.peertube.enable) { database.createLocally = true; configureNginx = true; + secrets.secretsFile = config.fediversity.temp.peertubeSecretsFile; + settings = { object_storage = { enabled = true; endpoint = config.fediversity.internal.garage.api.url; region = "garage"; - # not supported by garage + # not supported by garage # SEE: https://garagehq.deuxfleurs.fr/documentation/connect/apps/#peertube proxy.proxyify_private_files = false; diff --git a/vm/peertube-vm.nix b/vm/peertube-vm.nix index 58c4667..7bf1783 100644 --- a/vm/peertube-vm.nix +++ b/vm/peertube-vm.nix @@ -8,10 +8,6 @@ listen.hostname = "0.0.0.0"; instance.name = "PeerTube Test VM"; }; - # TODO: use agenix - secrets.secretsFile = pkgs.writeText "secret" '' - 574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24 - ''; }; virtualisation.forwardPorts = [