From 168197505d20bc5a04408d055d1024385ba8afb1 Mon Sep 17 00:00:00 2001 From: Adrian G L Date: Sun, 10 Dec 2023 18:34:28 +0100 Subject: [PATCH] fixed secret perms --- profiles/sops.nix | 2 -- services/nginx.nix | 7 +++++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/profiles/sops.nix b/profiles/sops.nix index 65f4381..da0aad5 100644 --- a/profiles/sops.nix +++ b/profiles/sops.nix @@ -25,7 +25,5 @@ # This is the actual specification of the secrets. #sops.secrets."myservice/my_subdir/my_secret" = {}; - sops.secrets."acme/certs" = { }; - sops.secrets."nginx/defaultpass" = { }; } diff --git a/services/nginx.nix b/services/nginx.nix index 318be26..b59c923 100644 --- a/services/nginx.nix +++ b/services/nginx.nix @@ -19,6 +19,13 @@ users.users.nginx.extraGroups = [ "acme" ]; users.users.root.extraGroups = [ "acme" ]; + #declare secrets + sops.secrets."acme/certs" = { }; + sops.secrets."nginx/defaultpass" = { + restartUnits = [ "nginx.service" ]; + owner = "nginx"; + }; + #TODO add oauth2 proxy to auth # services.oauth2_proxy = { # enable = true;