24 lines
1,001 B
Nix
24 lines
1,001 B
Nix
|
{config, ...}: {
|
||
|
# This will add secrets.yml to the nix store
|
||
|
# You can avoid this by adding a string to the full path instead, i.e.
|
||
|
# sops.defaultSopsFile = "/root/.sops/secrets/example.yaml";
|
||
|
sops.defaultSopsFile = ../../secrets/OVHCloud.yaml;
|
||
|
# This will automatically import SSH keys as age keys
|
||
|
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
|
||
|
|
||
|
sops.secrets."caddy/ovh_endpoint".owner = "caddy";
|
||
|
sops.secrets."caddy/ovh_application_key".owner = "caddy";
|
||
|
sops.secrets."caddy/ovh_application_secret".owner = "caddy";
|
||
|
sops.secrets."caddy/ovh_consumer_key".owner = "caddy";
|
||
|
|
||
|
sops.templates."caddy.env" = {
|
||
|
content = ''
|
||
|
OVH_ENDPOINT=${config.sops.placeholder."caddy/ovh_endpoint"}
|
||
|
OVH_APPLICATION_KEY=${config.sops.placeholder."caddy/ovh_application_key"}
|
||
|
OVH_APPLICATION_SECRET=${config.sops.placeholder."caddy/ovh_application_secret"}
|
||
|
OVH_CONSUMER_KEY=${config.sops.placeholder."caddy/ovh_consumer_key"}
|
||
|
'';
|
||
|
owner = "caddy";
|
||
|
};
|
||
|
}
|