secrets: move all the secrets under module/

Refactor a bit the configuration, which should simplify the management and usage of secrets from now on.
author: Franck Cuny <franck@fcuny.net> 2022-04-10 14:44:33 -0700
committer: Franck Cuny <franck@fcuny.net> 2022-04-10 14:44:33 -0700
commit: 6a5cb9b7544168e7136ab2dbd833c9fc63020db7 (patch)
tree: 88db9fe9f436648acba60ffea98fd47942343b74 /modules/services/traefik
parent: add a module for backup with restic (diff)
download: world-6a5cb9b7544168e7136ab2dbd833c9fc63020db7.tar.gz
1 files changed, 2 insertions, 6 deletions
diff --git a/modules/services/traefik/default.nix b/modules/services/traefik/default.nix
index d6a8c8c..a5cff3d 100644
--- a/modules/services/traefik/default.nix
+++ b/modules/services/traefik/default.nix
@@ -4,6 +4,7 @@ with lib;
 
 let
   cfg = config.my.services.traefik;
+  secrets = config.age.secrets;
   domainPublic = "fcuny.net";
   domainPrivate = "fcuny.xyz";
   mkServiceConfig = name: url: domain: certResolver: {
@@ -22,11 +23,6 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
-    age.secrets.traefik_gcp_sa = {
-      file = ../../../secrets/traefik/gcp_service_account.json.age;
-      owner = "traefik";
-    };
-
     services.traefik = {
       enable = true;
 
@@ -94,7 +90,7 @@ in {
     ];
 
     systemd.services.traefik.environment.GCE_SERVICE_ACCOUNT_FILE =
-      config.age.secrets.traefik_gcp_sa.path;
+      secrets."traefik/gcp_service_account.json".path;
     systemd.services.traefik.environment.GCE_PROJECT = "fcuny-homelab";
 
     networking.firewall.allowedTCPPorts = [ 80 443 ];
author	Franck Cuny <franck@fcuny.net>	2022-04-10 14:44:33 -0700
committer	Franck Cuny <franck@fcuny.net>	2022-04-10 14:44:33 -0700
commit	6a5cb9b7544168e7136ab2dbd833c9fc63020db7 (patch)
tree	88db9fe9f436648acba60ffea98fd47942343b74 /modules/services/traefik
parent	add a module for backup with restic (diff)
download	world-6a5cb9b7544168e7136ab2dbd833c9fc63020db7.tar.gz