feat: setup gitea database secret

2023-03-19 15:49:50 +01:00 · 2023-03-19 15:49:50 +01:00 · 76e6a1d9cc
parent 310eb89618
commit 76e6a1d9cc
2 changed files with 13 additions and 3 deletions
--- a/flake.nix
+++ b/flake.nix
@ -22,7 +22,7 @@
    };
  };

-  outputs = { nixpkgs, flake-utils, agenix, home-manager, webcord, ... }@inputs:
+  outputs = { nixpkgs, flake-utils, agenix, home-manager, webcord, ... }:

    # Provide colmena
    (flake-utils.lib.eachDefaultSystem (system:
@ -33,7 +33,7 @@
            pkgs.colmena
            pkgs.nixfmt
            pkgs.git
-            inputs.agenix.packages.${system}.ragenix
+            agenix.packages.${system}.ragenix
          ];
        };
      })) // {
--- a/hosts/hydrogen/configuration.nix
+++ b/hosts/hydrogen/configuration.nix
@ -144,12 +144,22 @@

  environment.systemPackages = with pkgs; [ htop ];

+  age.secrets.gitea = {
+    file = ../../secrets/gitea.age;
+    owner = "gitea";
+    group = "gitea";
+  };
+  age.identityPaths = [ "/root/.ssh/id_ed25519" ];
+
  services.gitea = {
    enable = true;
    domain = "git.fainsin.bzh";
    rootUrl = "https://git.fainsin.bzh";
    lfs.enable = true;
-    database.type = "postgres";
+    database = {
+      type = "postgres";
+      passwordFile = config.age.secrets.gitea.path;
+    };
    settings = {
      service = {
        "DEFAULT_KEEP_EMAIL_PRIVATE" = true;