hedgedoc: persists session secret

2022-06-22 00:42:06 +02:00 · 2022-06-22 00:42:06 +02:00 · 1ea91a0166
parent 4cbdb88057
commit 1ea91a0166
2 changed files with 11 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -397,6 +397,9 @@
        hedgedoc = nixosSystem' {
          modules = [
            self.nixosModules.microvm
+            {
+              sops.defaultSopsFile = "${secrets}/hosts/hedgedoc/secrets.yaml";
+            }
            ./hosts/containers/hedgedoc
          ];
        };
--- a/hosts/containers/hedgedoc/default.nix
+++ b/hosts/containers/hedgedoc/default.nix
@ -33,6 +33,7 @@
        };
        defaultPermission = "freely";
        domain = "codimd.c3d2.de";
+        sessionSecret = "$sessionSecret";
        useSSL = true;
      };
    };
@ -74,4 +75,11 @@
      package = pkgs.postgresql_14;
    };
  };
+
+  sops = {
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    secrets = {
+      "hedgedoc".owner = config.systemd.services.hedgedoc.serviceConfig.User;
+    };
+  };
 }