private certificate fix
This commit is contained in:
Danilo Reyes
@@ -38,7 +38,7 @@ in
|
||||
"bazarr"
|
||||
"collabora"
|
||||
"gitea"
|
||||
# "homepage"
|
||||
"homepage"
|
||||
"isso"
|
||||
"jellyfin"
|
||||
"kavita"
|
||||
@@ -53,7 +53,7 @@ in
|
||||
"oauth2-proxy"
|
||||
"plausible"
|
||||
"plex"
|
||||
# "prowlarr"
|
||||
"prowlarr"
|
||||
"radarr"
|
||||
"sonarr"
|
||||
"vaultwarden"
|
||||
|
||||
@@ -9,16 +9,9 @@ let
|
||||
in
|
||||
{
|
||||
options.my.servers.homepage = setup.mkOptions "homepage" "home" 8082;
|
||||
config = lib.mkIf (cfg.enable && config.my.secureHost) {
|
||||
sops.secrets = {
|
||||
homepage.sopsFile = ../../secrets/homepage.yaml;
|
||||
"private-ca/pem" = {
|
||||
sopsFile = ../../secrets/certs.yaml;
|
||||
owner = "nginx";
|
||||
group = "nginx";
|
||||
};
|
||||
};
|
||||
my.servers.homepage.certPath = config.sops.secrets."private-ca/pem".path;
|
||||
config = lib.mkMerge [
|
||||
(lib.mkIf (cfg.enable && config.my.secureHost) {
|
||||
sops.secrets.homepage.sopsFile = ../../secrets/homepage.yaml;
|
||||
services.homepage-dashboard = {
|
||||
inherit (cfg) enable;
|
||||
listenPort = cfg.port;
|
||||
@@ -35,5 +28,14 @@ in
|
||||
|> builtins.filter (file: builtins.match ".*\\.nix" file != null)
|
||||
|> map (file: import ./homepage/bookmarks/${file});
|
||||
};
|
||||
})
|
||||
(lib.mkIf (cfg.enableProxy && config.my.enableProxy && config.my.secureHost) {
|
||||
sops.secrets."private-ca/pem" = {
|
||||
sopsFile = ../../secrets/certs.yaml;
|
||||
owner = "nginx";
|
||||
group = "nginx";
|
||||
};
|
||||
my.servers.homepage.certPath = config.sops.secrets."private-ca/pem".path;
|
||||
})
|
||||
];
|
||||
}
|
||||
|
||||
@@ -9,15 +9,8 @@ let
|
||||
in
|
||||
{
|
||||
options.my.servers.prowlarr = setup.mkOptions "prowlarr" "indexer" 9696;
|
||||
config = lib.mkIf cfg.enable {
|
||||
sops.secrets = lib.mkIf cfg.enable {
|
||||
"private-ca/pem" = {
|
||||
sopsFile = ../../secrets/certs.yaml;
|
||||
owner = "nginx";
|
||||
group = "nginx";
|
||||
};
|
||||
};
|
||||
my.servers.prowlarr.certPath = config.sops.secrets."private-ca/pem".path;
|
||||
config = lib.mkMerge [
|
||||
(lib.mkIf cfg.enable {
|
||||
users.users.prowlarr = {
|
||||
uid = 987;
|
||||
group = "piracy";
|
||||
@@ -31,5 +24,14 @@ in
|
||||
inherit (cfg) enable;
|
||||
};
|
||||
};
|
||||
})
|
||||
(lib.mkIf (cfg.enableProxy && config.my.enableProxy && config.my.secureHost) {
|
||||
sops.secrets."private-ca/pem" = {
|
||||
sopsFile = ../../secrets/certs.yaml;
|
||||
owner = "nginx";
|
||||
group = "nginx";
|
||||
};
|
||||
my.servers.prowlarr.certPath = config.sops.secrets."private-ca/pem".path;
|
||||
})
|
||||
];
|
||||
}
|
||||
|
||||
@@ -29,18 +29,13 @@ let
|
||||
in
|
||||
{
|
||||
options.my.servers.stash = setup.mkOptions "stash" "xxx" 9999;
|
||||
config = lib.mkIf (cfg.enable && config.my.secureHost) {
|
||||
config = lib.mkMerge [
|
||||
(lib.mkIf (cfg.enable && config.my.secureHost) {
|
||||
sops.secrets = {
|
||||
"stash/password".sopsFile = ../../secrets/secrets.yaml;
|
||||
"stash/jwt".sopsFile = ../../secrets/secrets.yaml;
|
||||
"stash/session".sopsFile = ../../secrets/secrets.yaml;
|
||||
"private-ca/pem" = {
|
||||
sopsFile = ../../secrets/certs.yaml;
|
||||
owner = "nginx";
|
||||
group = "nginx";
|
||||
};
|
||||
};
|
||||
my.servers.stash.certPath = config.sops.secrets."private-ca/pem".path;
|
||||
services.stash = {
|
||||
inherit (cfg) enable;
|
||||
group = "glue";
|
||||
@@ -76,5 +71,14 @@ in
|
||||
group = "glue";
|
||||
packages = [ stashPythonFHS ];
|
||||
};
|
||||
})
|
||||
(lib.mkIf (cfg.enableProxy && config.my.enableProxy && config.my.secureHost) {
|
||||
sops.secrets."private-ca/pem" = {
|
||||
sopsFile = ../../secrets/certs.yaml;
|
||||
owner = "nginx";
|
||||
group = "nginx";
|
||||
};
|
||||
my.servers.stash.certPath = config.sops.secrets."private-ca/pem".path;
|
||||
})
|
||||
];
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user