change secrets, cleanup nginx

2021-10-26 03:05:00 +03:00 · 2021-10-26 03:05:00 +03:00 · c994b72600
commit c994b72600
parent e30af1fd46
2 changed files with 7 additions and 22 deletions
--- a/modules/secrets.nix
+++ b/modules/secrets.nix
@ -139,9 +139,14 @@ in {
  }];

  config.home-manager.users.alukard = {
-    xsession.windowManager.i3 = {
+    xsession.windowManager.i3 = lib.mkIf (!config.deviceSpecific.isServer) {
      config.startup = [{ command = "activate-secrets"; }];
    };
+    systemd.services.activate-secrets = lib.mkIf config.deviceSpecific.isServer {
+      script = "activate-secrets";
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig.Type = "oneshot";
+    };
    programs.password-store = {
      enable = true;
      package = pkgs.pass-nodmenu;
--- a/profiles/servers/nginx.nix
+++ b/profiles/servers/nginx.nix
@ -1,23 +1,4 @@
-{ pkgs, config, lib, ... }:
-let
-  # creds = pkgs.writeTextFile {
-  #   name = "cloudflare.env";
-  #   # text = builtins.readFile ./secret/acme-cf.env;
-  #   text = config.secrets."cloudflare.env".decrypted;
-  # };
-in {
-  # security.acme = {
-  #   email = "ataraxiadev@ataraxiadev.com";
-  #   acceptTerms = true;
-  #   certs."ataraxiadev.com" = {
-  #     group = "nginx";
-  #     email = "ataraxiadev@ataraxiadev.com";
-  #     dnsProvider = "cloudflare";
-  #     # credentialsFile = "${creds}";
-  #     credentialsFile = config.secrets."cloudflare.env".decrypted;
-  #     extraDomainNames = [ "*.ataraxiadev.com" ];
-  #   };
-  # };
+{ pkgs, config, lib, ... }: {
  secrets."ataraxiadev.com.pem" = {
    owner = "nginx:nginx";
  };
@ -86,7 +67,6 @@ in {
        default = true;
        locations."/" = {
          root = "/var/lib/ataraxiadev.com";
-          # index = "index.txt";
        };
        locations."/.well-known" = {
          proxyPass = "http://localhost:13748";