add secret keys from SOPS
This commit is contained in:
parent
e4a599a1ef
commit
ed38402eec
|
@ -50,6 +50,21 @@ in {
|
|||
|
||||
system.stateVersion = "22.05";
|
||||
|
||||
sops.secrets = {
|
||||
"mediawiki/adminPassword" = {
|
||||
owner = config.systemd.services.mediawiki.serviceConfig.User;
|
||||
};
|
||||
"mediawiki/upgradeKey" = {
|
||||
owner = config.systemd.services.mediawiki.serviceConfig.User;
|
||||
};
|
||||
"mediawiki/secretKey" = {
|
||||
owner = config.systemd.services.mediawiki.serviceConfig.User;
|
||||
path = "/var/lib/mediawiki/secret.key";
|
||||
};
|
||||
};
|
||||
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
|
||||
services.logrotate.checkConfig = false;
|
||||
|
||||
services.mediawiki = let
|
||||
|
@ -135,6 +150,8 @@ in {
|
|||
$wgUseAjax = true;
|
||||
$wgEnableMWSuggest = true;
|
||||
|
||||
//TODO what about $wgUpgradeKey ?
|
||||
|
||||
$wgScribuntoDefaultEngine = 'luastandalone';
|
||||
'';
|
||||
# see https://extdist.wmflabs.org/dist/extensions/ for list of extensions
|
||||
|
@ -181,7 +198,7 @@ in {
|
|||
sha256 = "sha256-YCYsjh/3g2P8oT6IomP3UWjOoggH7jYjiiix7poOYnA=";
|
||||
};
|
||||
};
|
||||
passwordFile = pkgs.writeText "password" "topSecretF0rAll!!!!";
|
||||
passwordFile = config.sops.secrets."mediawiki/adminPassword".path;
|
||||
database = {
|
||||
type = "postgres";
|
||||
socket = "/run/postgresql";
|
||||
|
|
Loading…
Reference in New Issue