Require secrets file also when on metal

This commit is contained in:
Nicolas Jeannerod 2024-11-11 17:10:44 +01:00
parent 8e03b4b34e
commit 4f8ba4bf3c
Signed by untrusted user: Niols
GPG key ID: 35DB9EC8886E1CB8
3 changed files with 8 additions and 5 deletions

View file

@ -40,6 +40,11 @@ in {
description = "number of cores; should be obtained from NixOps4"; description = "number of cores; should be obtained from NixOps4";
type = types.int; type = types.int;
}; };
peertubeSecretsFile = mkOption {
description = "should it be provided by NixOps4? or maybe we should just ask for a main secret from which to derive all the others?";
type = types.path;
};
}; };
}; };
}; };

View file

@ -61,13 +61,15 @@ lib.mkIf (config.fediversity.enable && config.fediversity.peertube.enable) {
database.createLocally = true; database.createLocally = true;
configureNginx = true; configureNginx = true;
secrets.secretsFile = config.fediversity.temp.peertubeSecretsFile;
settings = { settings = {
object_storage = { object_storage = {
enabled = true; enabled = true;
endpoint = config.fediversity.internal.garage.api.url; endpoint = config.fediversity.internal.garage.api.url;
region = "garage"; region = "garage";
# not supported by garage # not supported by garage
# SEE: https://garagehq.deuxfleurs.fr/documentation/connect/apps/#peertube # SEE: https://garagehq.deuxfleurs.fr/documentation/connect/apps/#peertube
proxy.proxyify_private_files = false; proxy.proxyify_private_files = false;

View file

@ -8,10 +8,6 @@
listen.hostname = "0.0.0.0"; listen.hostname = "0.0.0.0";
instance.name = "PeerTube Test VM"; instance.name = "PeerTube Test VM";
}; };
# TODO: use agenix
secrets.secretsFile = pkgs.writeText "secret" ''
574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24
'';
}; };
virtualisation.forwardPorts = [ virtualisation.forwardPorts = [