Move secrets and keys into agenix

Signed-off-by: Mel <einebeere@gmail.com>
author: Mel <einebeere@gmail.com> 2024-12-07 03:24:15 +0100
committer: Mel <einebeere@gmail.com> 2024-12-07 03:41:20 +0100
commit: 44a4f7c6bac97a3381a2b7de8707cd9389f5460f (patch)
tree: f31f04984119dbdb6adba41ed8a1ff1303558d27 /machines/lapin/default.nix
parent: 8930b867a5bc863cf1362d3d27579e784a4bbe97 (diff)
download: network-44a4f7c6bac97a3381a2b7de8707cd9389f5460f.tar.zst
network-44a4f7c6bac97a3381a2b7de8707cd9389f5460f.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/machines/lapin/default.nix b/machines/lapin/default.nix
index 69960c3..3178a1d 100644
--- a/machines/lapin/default.nix
+++ b/machines/lapin/default.nix
@@ -1,4 +1,4 @@
-{ me, pkgs, lib, ... }:
+{ me, config, ... }:
 
 {
   imports = [
@@ -14,14 +14,17 @@
     ../../services/akkoma
   ];
 
+  age.secrets.cloudflare-dns = {
+    file = ../../secrets/cloudflare-dns.age;
+  };
+
   security.acme.certs."pds.rnrd.eu" = {
     group = "nginx";
     domain = "*.pds.rnrd.eu";
     extraDomainNames = [ "pds.rnrd.eu" ];
     dnsProvider = "cloudflare";
     credentialFiles = {
-      # TODO: use age
-      CLOUDFLARE_DNS_API_TOKEN_FILE = "/home/mel/cloudflare-dns-token.pw";
+      CLOUDFLARE_DNS_API_TOKEN_FILE = config.age.secrets.cloudflare-dns.path;
     };
   };
author	Mel <einebeere@gmail.com>	2024-12-07 03:24:15 +0100
committer	Mel <einebeere@gmail.com>	2024-12-07 03:41:20 +0100
commit	44a4f7c6bac97a3381a2b7de8707cd9389f5460f (patch)
tree	f31f04984119dbdb6adba41ed8a1ff1303558d27 /machines/lapin/default.nix
parent	8930b867a5bc863cf1362d3d27579e784a4bbe97 (diff)
download	network-44a4f7c6bac97a3381a2b7de8707cd9389f5460f.tar.zst network-44a4f7c6bac97a3381a2b7de8707cd9389f5460f.zip