Serives: Use sops for service secrets (heidi, kopia)
This commit is contained in:
@ -4,19 +4,15 @@
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
# If we need to pass secrets to containers we can't use plain env variables.
|
||||
sops.templates."heidi_secrets.env".content = ''
|
||||
DISCORD_TOKEN=${config.sops.placeholder.heidi-discord-token}
|
||||
'';
|
||||
|
||||
virtualisation.oci-containers.containers.heidi = {
|
||||
image = "gitea.vps.chriphost.de/christoph/discord-heidi:latest";
|
||||
autoStart = true;
|
||||
|
||||
# login = {
|
||||
# # Uses DockerHub by default
|
||||
# # registry = "";
|
||||
#
|
||||
# # DockerHub Credentials
|
||||
# username = "christoph.urlacher@protonmail.com";
|
||||
# passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
|
||||
# };
|
||||
|
||||
dependsOn = [];
|
||||
|
||||
ports = [];
|
||||
@ -28,12 +24,13 @@
|
||||
];
|
||||
|
||||
environment = {
|
||||
# TODO: I can't do this because readFile obviously doesn't
|
||||
# read at runtime but at buildtime, duh...
|
||||
DISCORD_TOKEN = builtins.readFile config.age.secrets.heidi-discord-token.path;
|
||||
DOCKER = "True";
|
||||
};
|
||||
|
||||
environmentFiles = [
|
||||
config.sops.templates."heidi_secrets.env".path
|
||||
];
|
||||
|
||||
extraOptions = [
|
||||
"--init" # Make an init process take up PID 1, to make python receive the SIGTERM
|
||||
"--net=behind-nginx"
|
||||
|
||||
Reference in New Issue
Block a user