From 44a4f7c6bac97a3381a2b7de8707cd9389f5460f Mon Sep 17 00:00:00 2001
From: Mel <einebeere@gmail.com>
Date: Sat, 7 Dec 2024 03:24:15 +0100
Subject: Move secrets and keys into agenix

Signed-off-by: Mel <einebeere@gmail.com>
---
 machines/lapin/default.nix | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'machines/lapin')

diff --git a/machines/lapin/default.nix b/machines/lapin/default.nix
index 69960c3..3178a1d 100644
--- a/machines/lapin/default.nix
+++ b/machines/lapin/default.nix
@@ -1,4 +1,4 @@
-{ me, pkgs, lib, ... }:
+{ me, config, ... }:
 
 {
   imports = [
@@ -14,14 +14,17 @@
     ../../services/akkoma
   ];
 
+  age.secrets.cloudflare-dns = {
+    file = ../../secrets/cloudflare-dns.age;
+  };
+
   security.acme.certs."pds.rnrd.eu" = {
     group = "nginx";
     domain = "*.pds.rnrd.eu";
     extraDomainNames = [ "pds.rnrd.eu" ];
     dnsProvider = "cloudflare";
     credentialFiles = {
-      # TODO: use age
-      CLOUDFLARE_DNS_API_TOKEN_FILE = "/home/mel/cloudflare-dns-token.pw";
+      CLOUDFLARE_DNS_API_TOKEN_FILE = config.age.secrets.cloudflare-dns.path;
     };
   };
 
-- 
cgit 1.4.1