From c994b726002ad3dfb727f2e252da057dd14eb6fe Mon Sep 17 00:00:00 2001 From: Dmitriy Kholkin Date: Tue, 26 Oct 2021 03:05:00 +0300 Subject: [PATCH] change secrets, cleanup nginx --- modules/secrets.nix | 7 ++++++- profiles/servers/nginx.nix | 22 +--------------------- 2 files changed, 7 insertions(+), 22 deletions(-) diff --git a/modules/secrets.nix b/modules/secrets.nix index 3ee7887..06f13b0 100644 --- a/modules/secrets.nix +++ b/modules/secrets.nix @@ -139,9 +139,14 @@ in { }]; config.home-manager.users.alukard = { - xsession.windowManager.i3 = { + xsession.windowManager.i3 = lib.mkIf (!config.deviceSpecific.isServer) { config.startup = [{ command = "activate-secrets"; }]; }; + systemd.services.activate-secrets = lib.mkIf config.deviceSpecific.isServer { + script = "activate-secrets"; + wantedBy = [ "multi-user.target" ]; + serviceConfig.Type = "oneshot"; + }; programs.password-store = { enable = true; package = pkgs.pass-nodmenu; diff --git a/profiles/servers/nginx.nix b/profiles/servers/nginx.nix index cccd0c9..dded3a4 100644 --- a/profiles/servers/nginx.nix +++ b/profiles/servers/nginx.nix @@ -1,23 +1,4 @@ -{ pkgs, config, lib, ... }: -let - # creds = pkgs.writeTextFile { - # name = "cloudflare.env"; - # # text = builtins.readFile ./secret/acme-cf.env; - # text = config.secrets."cloudflare.env".decrypted; - # }; -in { - # security.acme = { - # email = "ataraxiadev@ataraxiadev.com"; - # acceptTerms = true; - # certs."ataraxiadev.com" = { - # group = "nginx"; - # email = "ataraxiadev@ataraxiadev.com"; - # dnsProvider = "cloudflare"; - # # credentialsFile = "${creds}"; - # credentialsFile = config.secrets."cloudflare.env".decrypted; - # extraDomainNames = [ "*.ataraxiadev.com" ]; - # }; - # }; +{ pkgs, config, lib, ... }: { secrets."ataraxiadev.com.pem" = { owner = "nginx:nginx"; }; @@ -86,7 +67,6 @@ in { default = true; locations."/" = { root = "/var/lib/ataraxiadev.com"; - # index = "index.txt"; }; locations."/.well-known" = { proxyPass = "http://localhost:13748";