diff options
Diffstat (limited to 'modules/server')
| -rw-r--r-- | modules/server/default.nix | 2 | ||||
| -rw-r--r-- | modules/server/sops.nix | 6 | ||||
| -rw-r--r-- | modules/server/systemd.nix | 16 | ||||
| -rw-r--r-- | modules/server/virtualisation.nix | 6 |
4 files changed, 15 insertions, 15 deletions
diff --git a/modules/server/default.nix b/modules/server/default.nix index c81450d..5ada608 100644 --- a/modules/server/default.nix +++ b/modules/server/default.nix @@ -2,8 +2,10 @@ { imports = [ ../core/networking/vpn/tailscale.nix + ../core/security/sops.nix ../core/nix ./networking + ./sops.nix ./system.nix ./systemd.nix ./users.nix diff --git a/modules/server/sops.nix b/modules/server/sops.nix new file mode 100644 index 0000000..1c12ca5 --- /dev/null +++ b/modules/server/sops.nix @@ -0,0 +1,6 @@ +{ + sops.secrets = { + "ghcr/user" = { }; + "ghcr/password" = { }; + }; +} diff --git a/modules/server/systemd.nix b/modules/server/systemd.nix index 8d0b118..3ad7f06 100644 --- a/modules/server/systemd.nix +++ b/modules/server/systemd.nix @@ -1,7 +1,4 @@ -{ secrets, config, ... }: -let - inherit (config.modules.server) containerEngine; -in +{ secrets, ... }: { systemd.services.tailscale-up = { after = [ "tailscaled.service" ]; @@ -13,15 +10,4 @@ in Restart = "on-failure"; }; }; - - systemd.services.ghcr-login = { - after = [ "${containerEngine}.service" ]; - requires = [ "${containerEngine}.service" ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - ExecStart = "/run/current-system/sw/bin/${containerEngine} login ghcr.io -u ${secrets.ghcr.username} -p ${secrets.ghcr.token}"; - Restart = "on-failure"; - }; - }; } diff --git a/modules/server/virtualisation.nix b/modules/server/virtualisation.nix index bfdb4a9..38027e4 100644 --- a/modules/server/virtualisation.nix +++ b/modules/server/virtualisation.nix @@ -69,6 +69,12 @@ in FINNHUB_TOKEN = secrets.finnhub_token; HEADER_IMAGE = "https://ruu.neocities.org/images/animeHeader.gif"; }; + + login = { + registry = "ghcr.io"; + username = config.sops.secrets."ghcr/user".path; + passwordFile = config.sops.secrets."ghcr/password".path; + }; }; bin = { |