sops: move secrets to specific services

2023-05-14 23:03:38 -04:00 · 2023-05-14 23:03:38 -04:00 · d714b3cdae
commit d714b3cdae
parent a886511ca0
3 changed files with 5 additions and 6 deletions
--- a/modules/services/foundryvtt.nix
+++ b/modules/services/foundryvtt.nix
@ -1,4 +1,6 @@
-{config, ...}: {
+{...}: {
+  sops.secrets.foundry-username = {};
+  sops.secrets.foundry-password = {};
  virtualisation.oci-containers.containers.foundryvtt = {
    image = "felddy/foundryvtt:release";
    volumes = [
--- a/modules/services/traefik.nix
+++ b/modules/services/traefik.nix
@ -1,6 +1,6 @@
 {config, ...}: {
+  sops.secrets.cloudflare-api-key = {};
  networking.firewall.allowedTCPPorts = [80 443 8080];
-
  systemd.user.services.traefik.after = ["docker.service"];
  systemd.services.traefik = {
    environment = {
--- a/modules/sops.nix
+++ b/modules/sops.nix
@ -1,9 +1,6 @@
-{config, ...}: {
+{...}: {
  sops = {
    defaultSopsFile = ../secrets/secrets.yaml;
    age.keyFile = "/home/notoh/.config/sops/age/keys.txt";
-    secrets.foundry-username = {};
-    secrets.foundry-password = {};
-    secrets.cloudflare-api-key = {};
  };
 }