hosting/selfhostblocks
1
0
Fork 0
Code Issues Activity

remove dependency of vpn.nix on sops-nix

Browse source 
part of #24
This commit is contained in:
ibizaman 2024-02-07 22:53:57 -08:00 committed by Pierre Penninckx
parent b90054f7bc
commit f56f997307
1 changed files with 2 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
modules/blocks/vpn.nix
View file

@ -232,7 +232,7 @@ in
type = lib.types.str; type = lib.types.str;
}; };
sopsFile = lib.mkOption { authFile = lib.mkOption {
description = "Location of file holding authentication secrets for provider."; description = "Location of file holding authentication secrets for provider.";
type = lib.types.anything; type = lib.types.anything;
}; };
@ -264,8 +264,7 @@ in
config = nordvpnConfig { config = nordvpnConfig {
inherit name; inherit name;
inherit (c) dev remoteServerIP; inherit (c) dev remoteServerIP authFile;
authFile = config.sops.secrets."${name}/auth".path;
dependentServices = lib.optional (c.proxyPort != null) "tinyproxy-${name}.service"; dependentServices = lib.optional (c.proxyPort != null) "tinyproxy-${name}.service";
}; };
}; };
@ -273,18 +272,6 @@ in
in in
lib.mkMerge (lib.mapAttrsToList instanceConfig cfg); lib.mkMerge (lib.mapAttrsToList instanceConfig cfg);
sops.secrets =
let
instanceConfig = name: c: lib.mkIf c.enable {
"${name}/auth" = {
sopsFile = c.sopsFile;
mode = "0440";
restartUnits = [ "openvpn-${name}" ];
};
};
in
lib.mkMerge (lib.mapAttrsToList instanceConfig cfg);
systemd.tmpfiles.rules = map (name: systemd.tmpfiles.rules = map (name:
"d /tmp/openvpn/${name}.status 0700 root root" "d /tmp/openvpn/${name}.status 0700 root root"
) (lib.attrNames cfg); ) (lib.attrNames cfg);