diff --git a/hosts/common/optional/acme/default.nix b/hosts/common/optional/acme/default.nix index c7bf82c..43a4d10 100644 --- a/hosts/common/optional/acme/default.nix +++ b/hosts/common/optional/acme/default.nix @@ -1,9 +1,16 @@ { - config, - lib, pkgs, + config, ... }: +let + cloudflare = pkgs.writeTextFile { + name = "cloudflare.ini"; + text = '' + CF_DNS_API_TOKEN=${config.secretsSpec.api.cloudflare} + ''; + }; +in { # letsencrypt @@ -12,7 +19,7 @@ defaults = { email = "chris@toph.cc"; dnsProvider = "cloudflare"; - environmentFile = ./cloudflare.ini; + environmentFile = cloudflare; }; certs = { "goldenlemon.cc" = { diff --git a/hosts/common/optional/containers/authentik/default.nix b/hosts/common/optional/containers/authentik/default.nix index a92a8ff..47ea033 100644 --- a/hosts/common/optional/containers/authentik/default.nix +++ b/hosts/common/optional/containers/authentik/default.nix @@ -4,14 +4,13 @@ let # Only available in the Komodo LXC DockerStorage = "/mnt/DockerStorage/komodo/stacks/authentik"; + env = config.secretsSpec.docker.authentik; in { # Containers virtualisation.oci-containers.containers."authentik-postgresql" = { image = "docker.io/library/postgres:16-alpine"; - environmentFiles = [ - ./authentik.env - ]; + environment = env; volumes = [ "${DockerStorage}/database:/var/lib/postgresql/data:rw" ]; @@ -48,9 +47,7 @@ in }; virtualisation.oci-containers.containers."authentik-redis" = { image = "docker.io/library/redis:alpine"; - environmentFiles = [ - ./authentik.env - ]; + environment = env; volumes = [ "${DockerStorage}/redis:/data:rw" ]; @@ -94,9 +91,7 @@ in }; virtualisation.oci-containers.containers."authentik-server" = { image = "ghcr.io/goauthentik/server:2024.12.2"; - environmentFiles = [ - ./authentik.env - ]; + environment = env; volumes = [ "${DockerStorage}/custom-templates:/templates:rw" "${DockerStorage}/media:/media:rw" @@ -138,9 +133,7 @@ in }; virtualisation.oci-containers.containers."authentik-worker" = { image = "ghcr.io/goauthentik/server:2024.12.2"; - environmentFiles = [ - ./authentik.env - ]; + environment = env; volumes = [ "${DockerStorage}/certs:/certs:rw" "${DockerStorage}/media:/media:rw" diff --git a/hosts/common/optional/containers/komodo/default.nix b/hosts/common/optional/containers/komodo/default.nix index 8ae0448..76981b6 100644 --- a/hosts/common/optional/containers/komodo/default.nix +++ b/hosts/common/optional/containers/komodo/default.nix @@ -8,14 +8,13 @@ let # Only available in the Komodo LXC DockerStorage = "/mnt/DockerStorage/komodo"; + env = config.secretsSpec.docker.komodo; in { # Containers virtualisation.oci-containers.containers."komodo-core" = { image = "ghcr.io/moghtech/komodo-core:latest"; - environmentFiles = [ - ./komodo.env - ]; + environment = env; volumes = [ "${DockerStorage}/cache:/repo-cache:rw" ]; @@ -61,9 +60,7 @@ in virtualisation.oci-containers.containers."komodo-mongo" = { image = "mongo"; - environmentFiles = [ - ./komodo.env - ]; + environment = env; volumes = [ "${DockerStorage}/mongo/config:/data/configdb:rw" "${DockerStorage}/mongo/data:/data/db:rw" @@ -110,9 +107,7 @@ in virtualisation.oci-containers.containers."komodo-periphery" = { image = "ghcr.io/moghtech/komodo-periphery:latest"; - environmentFiles = [ - ./komodo.env - ]; + environment = env; volumes = [ "/proc:/proc:rw" "/var/run/docker.sock:/var/run/docker.sock:rw"