switch to keys

2026-01-03 02:26:03 +01:00 · 2026-01-03 02:26:03 +01:00 · 115a711a5f
commit 115a711a5f
parent c40e6e3255
29 changed files with 122 additions and 221 deletions
--- a/fili/services/auth/oauth2-proxy.nix
+++ b/fili/services/auth/oauth2-proxy.nix
@ -1,7 +1,12 @@
-{ pkgs, config, ... }:
+{
+  pkgs,
+  config,
+  secrets,
+  ...
+}:
 {
  sops.secrets.oauth2-proxy = {
-    sopsFile = ../../../secrets/oauth2-proxy.env;
+    sopsFile = "${secrets}/oauth2-proxy.env";
  };

  services.oauth2-proxy =
--- a/fili/services/auth/pocketid.nix
+++ b/fili/services/auth/pocketid.nix
@ -1,8 +1,8 @@
-{ config, ... }:
+{ config, secrets, ... }:
 {
  sops.secrets.pocketid = {
    owner = config.services.pocket-id.user;
-    sopsFile = ../../../secrets/pocketid.env;
+    sopsFile = "${secrets}/pocketid.env";
  };

  services.nginx.virtualHosts."auth.donsz.nl" = {
--- a/fili/services/factorio.nix
+++ b/fili/services/factorio.nix
@ -2,6 +2,7 @@
  lib,
  pkgs,
  config,
+  secrets,
  ...
 }:
 let
@ -100,7 +101,7 @@ in
  };

  sops.secrets.factorio = {
-    sopsFile = ../../secrets/factorio.json;
+    sopsFile = "${secrets}/factorio.json";
    format = "json";
    key = "";
    owner = "factorio";
--- a/fili/services/forgejo.nix
+++ b/fili/services/forgejo.nix
@ -3,6 +3,7 @@
  pkgs,
  config,
  flakes,
+  secrets,
  ...
 }:
 let
@ -11,7 +12,7 @@ let
 in
 {
  sops.secrets.forgejo = {
-    sopsFile = ../../secrets/forgejo.yaml;
+    sopsFile = "${secrets}/forgejo.yaml";
    key = "email_password";
    format = "yaml";
  };
@ -97,7 +98,7 @@ in
  };

  sops.secrets.forgejo-runner = {
-    sopsFile = ../../secrets/forgejo-runner.env;
+    sopsFile = "${secrets}/forgejo-runner.env";
  };

  nix = {
--- a/fili/services/media/torrent.nix
+++ b/fili/services/media/torrent.nix
@ -1,11 +1,12 @@
 {
  config,
  pkgs,
+  secrets,
  ...
 }:
 {
  sops.secrets.mullvad = {
-    sopsFile = ../../../secrets/mullvad.yaml;
+    sopsFile = "${secrets}/mullvad.yaml";
    owner = "root";
    format = "yaml";
  };
--- a/fili/services/metrics.nix
+++ b/fili/services/metrics.nix
@ -1,4 +1,9 @@
-{ pkgs, config, ... }:
+{
+  pkgs,
+  config,
+  secrets,
+  ...
+}:
 let
  lib = pkgs.lib;
 in
@ -285,7 +290,7 @@ in
  };

  sops.secrets.geoip = {
-    sopsFile = ../../secrets/geoip.yaml;
+    sopsFile = "${secrets}/geoip.yaml";
    key = "key";
    format = "yaml";
  };
--- a/fili/services/obsidian-sync.nix
+++ b/fili/services/obsidian-sync.nix
@ -1,10 +1,15 @@
-{ pkgs, config, ... }:
+{
+  pkgs,
+  config,
+  secrets,
+  ...
+}:
 let
  port = 5984;
 in
 {
  sops.secrets.obsidian-sync = {
-    sopsFile = ../../secrets/obsidian-sync.ini;
+    sopsFile = "${secrets}/obsidian-sync.ini";
    format = "ini";
    owner = "couchdb";
  };
--- a/fili/services/websites/mapf.nix
+++ b/fili/services/websites/mapf.nix
@ -2,11 +2,12 @@
  config,
  flakes,
  pkgs,
+  secrets,
  ...
 }:
 {
  sops.secrets.mapf = {
-    sopsFile = ../../../secrets/mapf-prod.env;
+    sopsFile = "${secrets}/mapf-prod.env";
  };

  services.nginx = {
--- a/fili/services/websites/reviewqueue.nix
+++ b/fili/services/websites/reviewqueue.nix
@ -1,7 +1,12 @@
-{ pkgs, flakes, ... }:
+{
+  pkgs,
+  flakes,
+  secrets,
+  ...
+}:
 {
  sops.secrets.reviewqueue = {
-    sopsFile = ../../../secrets/reviewqueue.env;
+    sopsFile = "${secrets}/reviewqueue.env";
  };

  services.nginx = {