added agenix file links throughout configurations

2023-06-01 21:40:58 -07:00 · 2023-06-01 21:40:58 -07:00 · b987011e62
commit b987011e62
parent aeeceae980
4 changed files with 13 additions and 11 deletions
--- a/modules/configuration.nix
+++ b/modules/configuration.nix
@ -301,14 +301,14 @@ in
 			};
 	services.postgresql.initialScript = pkgs.writeText "begin-init.sql" ''
-		CREATE ROLE "ncusr" WITH LOGIN PASSWORD '${personalization.nextclouddb_pass}';
+		CREATE ROLE "ncusr" WITH LOGIN PASSWORD '${age.secrets.nextclouddb.file}';
 		CREATE DATABASE "nextclouddb" WITH OWNER "ncusr"
 			TEMPLATE template0
 			LC_COLLATE = "C"
 			LC_CTYPE = "C";
-		CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${personalization.matrix-synapsedb_pass}';
+		CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${age.secrets.matrixdb.file}';
 		CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
 			TEMPLATE template0
 			LC_COLLATE = "C"
@ -319,7 +319,7 @@ in
 	services.mysql.initialScript = pkgs.writeText "wordpress-init.sql" ''
 		CREATE DATABASE wordpressdb;
-		GRANT ALL ON *.* TO 'wpusr'@'localhost' IDENTIFIED BY '${personalization.wordpressdb_pass}';
+		GRANT ALL ON *.* TO 'wpusr'@'localhost' IDENTIFIED BY '${age.secrets.wordpressdb.file}';
 		FLUSH PRIVILEGES;
 	''
 	;
--- a/modules/coturn.nix
+++ b/modules/coturn.nix
@ -35,7 +35,7 @@ let
 	services.coturn = {
 		enable = true;
 		use-auth-secret = true;
-		static-auth-secret = "${personalization.turn_shared}";
+		static-auth-secret = "${age.secrets.turn.file}";
 		realm = personalization.matrix_url;
 		cert = "/var/lib/coturn/${personalization.matrix_url}.crt.pem";
 		pkey = "/var/lib/coturn/${personalization.matrix_url}.key.pem";
--- a/modules/personalization.nix
+++ b/modules/personalization.nix
@ -7,11 +7,13 @@ btcpayserver_url = builtins.readFile /var/lib/domains/btcpayserver;
 caddy_email_for_zerossl = builtins.readFile /var/lib/domains/sslemail;
 vaultwarden_url = builtins.readFile /var/lib/domains/vaultwarden;
-wordpressdb_pass = builtins.readFile /var/lib/secrets/wordpressdb;
+
-matrix-synapsedb_pass = builtins.readFile /var/lib/secrets/matrixdb;
+age.secrets.turn.file = /var/lib/agenix-secrets/turn.age;
-nextclouddb_pass = builtins.readFile /var/lib/secrets/nextclouddb;
+age.secrets.matrix_reg_secret.file = /var/lib/agenix-secrets/matrix_reg_secret.age;
-turn_shared = builtins.readFile /var/lib/secrets/turn;
+age.secrets.matrixdb.file = /var/lib/agenix-secrets/matrixdb.age;
-matrix_reg_secret = builtins.readFile /var/lib/secrets/matrix_reg_secret;
+age.secrets.nextclouddb.file = /var/lib/agenix-secrets/nextclouddb.age;
 age.secrets.wordpressdb.file = /var/lib/agenix-secrets/wordpressdb.age;
 external_ip_secret = builtins.readFile /var/lib/secrets/external_ip;
 }
--- a/modules/synapse.nix
+++ b/modules/synapse.nix
@ -43,7 +43,7 @@ in
 				"ff00::/8"
 				];
 		 	url_preview_ip_ranger_whitelist = [ "127.0.0.1" ];
-		 	turn_shared_secret = "${personalization.turn_shared}";
+		 	turn_shared_secret = "${age.secrets.turn.file}";
    		turn_uris = [
      			"turn:${personalization.matrix_url}:5349?transport=udp"
      			"turn:${personalization.matrix_url}:5349?transport=tcp"
@ -52,7 +52,7 @@ in
          	];
 			presence.enabled = true;
 			enable_registration = false;
-			registration_shared_secret = "${personalization.matrix_reg_secret}";
+			registration_shared_secret = "${age.secrets.matrix_reg_secret.file}";
 			listeners = [
 				{
 					port = 8008;