modules: caddy switch to sops

stepbrobd · Dec 31, 2024 · 35126eb · 35126eb
1 parent 67c2669
commit 35126eb
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 11 deletions.
diff --git a/modules/common/secrets.yaml b/modules/common/secrets.yaml
@@ -9,10 +9,7 @@ attic:
         aws_access_key: ENC[AES256_GCM,data:prPkF6ZjkWCpwQmuK6PlAlBUUNuabnkUaeo/oPAs2M495CY4Y/BAr3h+SBnzYyGWLvuxqW6ez6OIhVFq1BTSKA==,iv:qRpyr0wpXgD0WtPgpkLw2bmpEZXMoKQ09RitzPA+WqI=,tag:y7KjfTztL3sYOfHtaywMwA==,type:str]
         secret: ENC[AES256_GCM,data:eeb1KR+g4lL+NBqoVQ0k5OAOzBu2gnKQFZUQ6QJMIJz429UzigFMO3pi2Mnwue8ZL/Ab3LkBsF466unwGG1pXW8iJe3iQIYhl8Wtp8q/Hz7MYS+P8ZE1BA==,iv:RS6PDmupif9F6CGKM3VXh968dKiL4FIkG60fraCdZaE=,tag:fnHwVNit/2PZCWi8jk8Nmw==,type:str]
         raw: ENC[AES256_GCM,data:9JZnYnujJroMJ1OErnpOWM/Zt1UcHwYzDyLUClzpI0QyZ/vCwxs608AJ8syX2mEdBigwJhFtqlqW0si0vswt+QZK0zbmMxazYa4sMdiQ/QRd/mA0YERFvgW35LUVrA8yyuZhYlybkE13Wa+8o6cFz5ieGVG0+16MGaQpST31vKYPHb926NqZ2XZTz0GQ0owV7Xmf7IbSzRS0EK0dTlXBzk72KMRha6KYf/XiiVmAAhjv4k6L/9Z15TWcWwHqQLcny6FxC98D35fnI4i2tsg8ArEa2+4uqa+gdrZ/jikaDn8aBK86zNjGy2e3OQegZkDFiqfGqLnWwtlVHC2lquVKNFeC0W3p0QIuKLY=,iv:2F2m+matr+JTGCZ3HJrb1djnp+m10ZQ++kXxvW7IAOM=,tag:hkGbPXCh1gYDgMlywafmRw==,type:str]
-caddy:
-    cf_email: ENC[AES256_GCM,data:2HuUjKqKURLoanOQx5BagWE4,iv:57BusDPQjyneCNvTXWMV+5J8ngZyU2bi0Y4BNAK96yw=,tag:fMNJnRQqHoSYfuwzsLsMcA==,type:str]
-    cf_token: ENC[AES256_GCM,data:+yoal22Wnzr5zGnoyR7ZL5ur05YwfO0BxeYFYmXyzo901+7V2fSnNQ==,iv:2X3QWEbTCgqVjOnSlPPUucjuUqgzUGhlMpKzRf1+vmA=,tag:VNrdZJNIoAqwpuUfCEOUXQ==,type:str]
-    raw: ENC[AES256_GCM,data:1iDXEyjdveALFXnhNSW7pKAw6wO4uNBIOp9agxUD9vutzZ10WUWCGkIf97lUBuJ/VM+Td07ujqd40v8jwjO7EywsmykDbTB6aIkXOfrXBKEm4kY0e4U=,iv:80MfS7TCPCWWbl91IO7+LGGJpdOjLroAeKuGGwNSlyE=,tag:vS4xWmRRjPemu9p+T8L1TQ==,type:str]
+caddy: ENC[AES256_GCM,data:ftZXD71OrgntEIm38BA8BgyuoC1Rem2RN9DgNbMCxjsg3MxwliZT//EkqwM3gYXzmlW+MfHo07roHMDrYrnfnV5re9usaN97QbNqraAwiOPDXO7L+9o=,iv:MQ9AyxzmziDrLW/iG9UUAynsoNgl4S+iLvArjPAAlUI=,tag:trrjXoQgOivznnj723+qiw==,type:str]
 plausible:
     smtp:
         ssl: ENC[AES256_GCM,data:YiLmYQ==,iv:IscAm0OL40FbjHDxP/0zi29C+vTWt6MBI9ymGLmh0tY=,tag:XudQ1mh/NOwft4e8UoAiww==,type:bool]
@@ -87,8 +84,8 @@ sops:
             YzlBcVJhUXNYNmpNWFpzcURwZjMxQVUKD8YktFFC99MdM0WvFtLUAaby/hMwt1w/
             kAV/K10gsXY8AuMRc7xThHODiHytnMiw3cmk6GKZ0muoYMINLrTIxQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-31T22:51:07Z"
-    mac: ENC[AES256_GCM,data:J4uNoE1d5zSdf76+FXC/97EuvSrtePUBiWQs6zdJmcejLz3+wRfUUXCySHHkP1lHRx4qALTJXbdk1AF1RD/O+6yD18ZN33TRaF6pwLZJwXLF7ogS+gn3Q4PgN7oAZOUoPfAIwG6ncY8XKfk9XI23yvoxNt1BPGANOAaoVEcRdlA=,iv:xsr+Vm+2HhQeLWbGdHxQLZuDbetDRxKjyYl4hTtOQxA=,tag:teyvR4Njks4xTv5760eGSw==,type:str]
+    lastmodified: "2024-12-31T22:58:17Z"
+    mac: ENC[AES256_GCM,data:Pzl6wsz76PFpTHJZpXnKbU74MNrKsxwBDug/HohTbwF6ZsgG4RisMB2jH1Kqw190ZxeoJy/Ujk+yAoZCIrb+5OjfqG5kS+jDfRlwxwwSc1g3rf/vXI+s2WPdhFmk2aq0DjXMRF/By+nMyo5gqbXpZcjK+QeFllIscEmacckpfJE=,iv:FxYOexglt4uyYhxReKet9UDTg3v99uMQUwLBXmsQNFc=,tag:atcXWeJkSxL7zb3iYIl7pQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.2
diff --git a/modules/nixos/caddy.nix b/modules/nixos/caddy.nix
@@ -1,9 +1,9 @@
-{ inputs, lib, ... }:
+{ lib, ... }:
 
 { config, pkgs, ... }:
 
 {
-  config = lib.mkIf (config.services.caddy.enable) {
+  config = lib.mkIf config.services.caddy.enable {
     networking.firewall.allowedTCPPorts = [ 80 443 ];
 
     services.caddy = {
@@ -46,14 +46,13 @@
       '';
     };
 
-    age.secrets.cloudflare = {
-      file = "${inputs.self.outPath}/secrets/cloudflare-caddy.age";
+    sops.secrets.caddy = {
       owner = config.services.caddy.user;
       group = config.services.caddy.group;
     };
 
     systemd.services.caddy.serviceConfig = {
-      EnvironmentFile = [ config.age.secrets.cloudflare.path ];
+      EnvironmentFile = [ config.sops.secrets.caddy.path ];
       AmbientCapabilities = "CAP_NET_BIND_SERVICE";
     };
   };