diff options
author | Franck Cuny <franck@fcuny.net> | 2022-04-10 14:44:33 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2022-04-10 14:44:33 -0700 |
commit | 6a5cb9b7544168e7136ab2dbd833c9fc63020db7 (patch) | |
tree | 88db9fe9f436648acba60ffea98fd47942343b74 /modules/services/traefik | |
parent | add a module for backup with restic (diff) | |
download | world-6a5cb9b7544168e7136ab2dbd833c9fc63020db7.tar.gz |
secrets: move all the secrets under module/
Refactor a bit the configuration, which should simplify the management and usage of secrets from now on.
Diffstat (limited to 'modules/services/traefik')
-rw-r--r-- | modules/services/traefik/default.nix | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/modules/services/traefik/default.nix b/modules/services/traefik/default.nix index d6a8c8c..a5cff3d 100644 --- a/modules/services/traefik/default.nix +++ b/modules/services/traefik/default.nix @@ -4,6 +4,7 @@ with lib; let cfg = config.my.services.traefik; + secrets = config.age.secrets; domainPublic = "fcuny.net"; domainPrivate = "fcuny.xyz"; mkServiceConfig = name: url: domain: certResolver: { @@ -22,11 +23,6 @@ in { }; config = lib.mkIf cfg.enable { - age.secrets.traefik_gcp_sa = { - file = ../../../secrets/traefik/gcp_service_account.json.age; - owner = "traefik"; - }; - services.traefik = { enable = true; @@ -94,7 +90,7 @@ in { ]; systemd.services.traefik.environment.GCE_SERVICE_ACCOUNT_FILE = - config.age.secrets.traefik_gcp_sa.path; + secrets."traefik/gcp_service_account.json".path; systemd.services.traefik.environment.GCE_PROJECT = "fcuny-homelab"; networking.firewall.allowedTCPPorts = [ 80 443 ]; |