add secret keys from SOPS
This commit is contained in:
parent
e4a599a1ef
commit
ed38402eec
|
@ -50,6 +50,21 @@ in {
|
||||||
|
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
||||||
|
sops.secrets = {
|
||||||
|
"mediawiki/adminPassword" = {
|
||||||
|
owner = config.systemd.services.mediawiki.serviceConfig.User;
|
||||||
|
};
|
||||||
|
"mediawiki/upgradeKey" = {
|
||||||
|
owner = config.systemd.services.mediawiki.serviceConfig.User;
|
||||||
|
};
|
||||||
|
"mediawiki/secretKey" = {
|
||||||
|
owner = config.systemd.services.mediawiki.serviceConfig.User;
|
||||||
|
path = "/var/lib/mediawiki/secret.key";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
||||||
services.logrotate.checkConfig = false;
|
services.logrotate.checkConfig = false;
|
||||||
|
|
||||||
services.mediawiki = let
|
services.mediawiki = let
|
||||||
|
@ -135,6 +150,8 @@ in {
|
||||||
$wgUseAjax = true;
|
$wgUseAjax = true;
|
||||||
$wgEnableMWSuggest = true;
|
$wgEnableMWSuggest = true;
|
||||||
|
|
||||||
|
//TODO what about $wgUpgradeKey ?
|
||||||
|
|
||||||
$wgScribuntoDefaultEngine = 'luastandalone';
|
$wgScribuntoDefaultEngine = 'luastandalone';
|
||||||
'';
|
'';
|
||||||
# see https://extdist.wmflabs.org/dist/extensions/ for list of extensions
|
# see https://extdist.wmflabs.org/dist/extensions/ for list of extensions
|
||||||
|
@ -181,7 +198,7 @@ in {
|
||||||
sha256 = "sha256-YCYsjh/3g2P8oT6IomP3UWjOoggH7jYjiiix7poOYnA=";
|
sha256 = "sha256-YCYsjh/3g2P8oT6IomP3UWjOoggH7jYjiiix7poOYnA=";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
passwordFile = pkgs.writeText "password" "topSecretF0rAll!!!!";
|
passwordFile = config.sops.secrets."mediawiki/adminPassword".path;
|
||||||
database = {
|
database = {
|
||||||
type = "postgres";
|
type = "postgres";
|
||||||
socket = "/run/postgresql";
|
socket = "/run/postgresql";
|
||||||
|
|
Loading…
Reference in New Issue