From be5708c1fdf13d3406202a89c23df8096690140a Mon Sep 17 00:00:00 2001 From: Niten Date: Thu, 22 Apr 2021 12:20:03 -0700 Subject: [PATCH] Switch back to strings for secret files (no copy to nixstore) --- config/host-config/limina.nix | 2 +- config/host-config/procul.nix | 6 +++--- lib/fudo/secrets.nix | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/config/host-config/limina.nix b/config/host-config/limina.nix index be242ed..c976437 100644 --- a/config/host-config/limina.nix +++ b/config/host-config/limina.nix @@ -61,7 +61,7 @@ in { secrets.limina = { backplane-client-passwd = { - source-file = /srv/secrets/backplane-client/limina.passwd; + source-file = "/srv/secrets/backplane-client/limina.passwd"; target-file = "/srv/backplane/dns/client.passwd"; user = config.fudo.client.dns.user; }; diff --git a/config/host-config/procul.nix b/config/host-config/procul.nix index 62a283e..6ba765d 100644 --- a/config/host-config/procul.nix +++ b/config/host-config/procul.nix @@ -73,19 +73,19 @@ in { secrets.procul = { backplane-client-passwd = { - source-file = /srv/secrets/backplane-client/procul.passwd; + source-file = "/srv/secrets/backplane-client/procul.passwd"; target-file = "/srv/backplane/dns/client.passwd"; user = config.fudo.client.dns.user; }; postgres-keytab = { - source-file = /srv/secrets/kerberos/procul-postgres.keytab; + source-file = "/srv/secrets/kerberos/procul-postgres.keytab"; target-file = "/srv/postgres/secure/postgres.keytab"; user = "root"; }; gitea-database-password = { - source-file = /srv/secrets/gitea/procul-database.passwd; + source-file = "/srv/secrets/gitea/procul-database.passwd"; target-file = "/srv/gitea/secure/database.passwd"; user = config.fudo.git.user; }; diff --git a/lib/fudo/secrets.nix b/lib/fudo/secrets.nix index 83c4d2f..5822d14 100644 --- a/lib/fudo/secrets.nix +++ b/lib/fudo/secrets.nix @@ -57,7 +57,7 @@ let secretOpts = { ... }: { options = with types; { source-file = mkOption { - type = path; + type = str; description = "File from which to load the secret."; };