Require secrets file also when on metal

2024-11-11 17:10:44 +01:00 · 2024-11-11 17:10:44 +01:00 · 4f8ba4bf3c
parent 8e03b4b34e
commit 4f8ba4bf3c
3 changed files with 8 additions and 5 deletions
--- a/fediversity/default.nix
+++ b/fediversity/default.nix
@ -40,6 +40,11 @@ in {
              description = "number of cores; should be obtained from NixOps4";
              type = types.int;
            };
+
+            peertubeSecretsFile = mkOption {
+              description = "should it be provided by NixOps4? or maybe we should just ask for a main secret from which to derive all the others?";
+              type = types.path;
+            };
          };
        };
      };
--- a/fediversity/peertube.nix
+++ b/fediversity/peertube.nix
@ -61,6 +61,8 @@ lib.mkIf (config.fediversity.enable && config.fediversity.peertube.enable) {
    database.createLocally = true;
    configureNginx = true;

+    secrets.secretsFile = config.fediversity.temp.peertubeSecretsFile;
+
    settings = {
      object_storage = {
        enabled = true;
--- a/vm/peertube-vm.nix
+++ b/vm/peertube-vm.nix
@ -8,10 +8,6 @@
      listen.hostname = "0.0.0.0";
      instance.name = "PeerTube Test VM";
    };
-    # TODO: use agenix
-    secrets.secretsFile = pkgs.writeText "secret" ''
-      574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24
-    '';
  };

  virtualisation.forwardPorts = [