Switch back to strings for secret files (no copy to nixstore)

2021-04-22 12:20:03 -07:00 · 2021-04-22 12:20:03 -07:00 · be5708c1fd
parent cb0baaade8
commit be5708c1fd
3 changed files with 5 additions and 5 deletions
--- a/config/host-config/limina.nix
+++ b/config/host-config/limina.nix
@ -61,7 +61,7 @@ in {
      secrets.limina = {
        backplane-client-passwd = {
-          source-file = /srv/secrets/backplane-client/limina.passwd;
+          source-file = "/srv/secrets/backplane-client/limina.passwd";
          target-file = "/srv/backplane/dns/client.passwd";
          user = config.fudo.client.dns.user;
        };
--- a/config/host-config/procul.nix
+++ b/config/host-config/procul.nix
@ -73,19 +73,19 @@ in {
    secrets.procul = {
      backplane-client-passwd = {
-        source-file = /srv/secrets/backplane-client/procul.passwd;
+        source-file = "/srv/secrets/backplane-client/procul.passwd";
        target-file = "/srv/backplane/dns/client.passwd";
        user = config.fudo.client.dns.user;
      };
      postgres-keytab = {
-        source-file = /srv/secrets/kerberos/procul-postgres.keytab;
+        source-file = "/srv/secrets/kerberos/procul-postgres.keytab";
        target-file = "/srv/postgres/secure/postgres.keytab";
        user = "root";
      };
      gitea-database-password = {
-        source-file = /srv/secrets/gitea/procul-database.passwd;
+        source-file = "/srv/secrets/gitea/procul-database.passwd";
        target-file = "/srv/gitea/secure/database.passwd";
        user = config.fudo.git.user;
      };
--- a/lib/fudo/secrets.nix
+++ b/lib/fudo/secrets.nix
@ -57,7 +57,7 @@ let
  secretOpts = { ... }: {
    options = with types; {
      source-file = mkOption {
-        type = path;
+        type = str;
        description = "File from which to load the secret.";
      };