added agenix file links throughout configurations

This commit is contained in:
naturallaw77 2023-06-01 21:40:58 -07:00
parent aeeceae980
commit b987011e62
4 changed files with 13 additions and 11 deletions

View File

@ -301,14 +301,14 @@ in
}; };
services.postgresql.initialScript = pkgs.writeText "begin-init.sql" '' services.postgresql.initialScript = pkgs.writeText "begin-init.sql" ''
CREATE ROLE "ncusr" WITH LOGIN PASSWORD '${personalization.nextclouddb_pass}'; CREATE ROLE "ncusr" WITH LOGIN PASSWORD '${age.secrets.nextclouddb.file}';
CREATE DATABASE "nextclouddb" WITH OWNER "ncusr" CREATE DATABASE "nextclouddb" WITH OWNER "ncusr"
TEMPLATE template0 TEMPLATE template0
LC_COLLATE = "C" LC_COLLATE = "C"
LC_CTYPE = "C"; LC_CTYPE = "C";
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${personalization.matrix-synapsedb_pass}'; CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${age.secrets.matrixdb.file}';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0 TEMPLATE template0
LC_COLLATE = "C" LC_COLLATE = "C"
@ -319,7 +319,7 @@ in
services.mysql.initialScript = pkgs.writeText "wordpress-init.sql" '' services.mysql.initialScript = pkgs.writeText "wordpress-init.sql" ''
CREATE DATABASE wordpressdb; CREATE DATABASE wordpressdb;
GRANT ALL ON *.* TO 'wpusr'@'localhost' IDENTIFIED BY '${personalization.wordpressdb_pass}'; GRANT ALL ON *.* TO 'wpusr'@'localhost' IDENTIFIED BY '${age.secrets.wordpressdb.file}';
FLUSH PRIVILEGES; FLUSH PRIVILEGES;
'' ''
; ;

View File

@ -35,7 +35,7 @@ let
services.coturn = { services.coturn = {
enable = true; enable = true;
use-auth-secret = true; use-auth-secret = true;
static-auth-secret = "${personalization.turn_shared}"; static-auth-secret = "${age.secrets.turn.file}";
realm = personalization.matrix_url; realm = personalization.matrix_url;
cert = "/var/lib/coturn/${personalization.matrix_url}.crt.pem"; cert = "/var/lib/coturn/${personalization.matrix_url}.crt.pem";
pkey = "/var/lib/coturn/${personalization.matrix_url}.key.pem"; pkey = "/var/lib/coturn/${personalization.matrix_url}.key.pem";

View File

@ -7,11 +7,13 @@ btcpayserver_url = builtins.readFile /var/lib/domains/btcpayserver;
caddy_email_for_zerossl = builtins.readFile /var/lib/domains/sslemail; caddy_email_for_zerossl = builtins.readFile /var/lib/domains/sslemail;
vaultwarden_url = builtins.readFile /var/lib/domains/vaultwarden; vaultwarden_url = builtins.readFile /var/lib/domains/vaultwarden;
wordpressdb_pass = builtins.readFile /var/lib/secrets/wordpressdb;
matrix-synapsedb_pass = builtins.readFile /var/lib/secrets/matrixdb; age.secrets.turn.file = /var/lib/agenix-secrets/turn.age;
nextclouddb_pass = builtins.readFile /var/lib/secrets/nextclouddb; age.secrets.matrix_reg_secret.file = /var/lib/agenix-secrets/matrix_reg_secret.age;
turn_shared = builtins.readFile /var/lib/secrets/turn; age.secrets.matrixdb.file = /var/lib/agenix-secrets/matrixdb.age;
matrix_reg_secret = builtins.readFile /var/lib/secrets/matrix_reg_secret; age.secrets.nextclouddb.file = /var/lib/agenix-secrets/nextclouddb.age;
age.secrets.wordpressdb.file = /var/lib/agenix-secrets/wordpressdb.age;
external_ip_secret = builtins.readFile /var/lib/secrets/external_ip; external_ip_secret = builtins.readFile /var/lib/secrets/external_ip;
} }

View File

@ -43,7 +43,7 @@ in
"ff00::/8" "ff00::/8"
]; ];
url_preview_ip_ranger_whitelist = [ "127.0.0.1" ]; url_preview_ip_ranger_whitelist = [ "127.0.0.1" ];
turn_shared_secret = "${personalization.turn_shared}"; turn_shared_secret = "${age.secrets.turn.file}";
turn_uris = [ turn_uris = [
"turn:${personalization.matrix_url}:5349?transport=udp" "turn:${personalization.matrix_url}:5349?transport=udp"
"turn:${personalization.matrix_url}:5349?transport=tcp" "turn:${personalization.matrix_url}:5349?transport=tcp"
@ -52,7 +52,7 @@ in
]; ];
presence.enabled = true; presence.enabled = true;
enable_registration = false; enable_registration = false;
registration_shared_secret = "${personalization.matrix_reg_secret}"; registration_shared_secret = "${age.secrets.matrix_reg_secret.file}";
listeners = [ listeners = [
{ {
port = 8008; port = 8008;