c3d2/nix-config
c3d2
/
nix-config
23
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

add secret keys from SOPS

This commit is contained in:
Winzlieb - 2022-06-28 20:35:02 +02:00
parent e4a599a1ef
commit ed38402eec
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
hosts/containers/mediawiki/default.nix
View File

@ -50,6 +50,21 @@ in {
system.stateVersion = "22.05"; system.stateVersion = "22.05";
sops.secrets = {
"mediawiki/adminPassword" = {
owner = config.systemd.services.mediawiki.serviceConfig.User;
};
"mediawiki/upgradeKey" = {
owner = config.systemd.services.mediawiki.serviceConfig.User;
};
"mediawiki/secretKey" = {
owner = config.systemd.services.mediawiki.serviceConfig.User;
path = "/var/lib/mediawiki/secret.key";
};
};
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
services.logrotate.checkConfig = false; services.logrotate.checkConfig = false;
services.mediawiki = let services.mediawiki = let
@ -135,6 +150,8 @@ in {
$wgUseAjax = true; $wgUseAjax = true;
$wgEnableMWSuggest = true; $wgEnableMWSuggest = true;
//TODO what about $wgUpgradeKey ?
$wgScribuntoDefaultEngine = 'luastandalone'; $wgScribuntoDefaultEngine = 'luastandalone';
''; '';
# see https://extdist.wmflabs.org/dist/extensions/ for list of extensions # see https://extdist.wmflabs.org/dist/extensions/ for list of extensions
@ -181,7 +198,7 @@ in {
sha256 = "sha256-YCYsjh/3g2P8oT6IomP3UWjOoggH7jYjiiix7poOYnA="; sha256 = "sha256-YCYsjh/3g2P8oT6IomP3UWjOoggH7jYjiiix7poOYnA=";
}; };
}; };
passwordFile = pkgs.writeText "password" "topSecretF0rAll!!!!"; passwordFile = config.sops.secrets."mediawiki/adminPassword".path;
database = { database = {
type = "postgres"; type = "postgres";
socket = "/run/postgresql"; socket = "/run/postgresql";