From 44a4f7c6bac97a3381a2b7de8707cd9389f5460f Mon Sep 17 00:00:00 2001
From: Mel <einebeere@gmail.com>
Date: Sat, 7 Dec 2024 03:24:15 +0100
Subject: Move secrets and keys into agenix

Signed-off-by: Mel <einebeere@gmail.com>
---
 services/pds.nix | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'services/pds.nix')

diff --git a/services/pds.nix b/services/pds.nix
index 55dc157..45be843 100644
--- a/services/pds.nix
+++ b/services/pds.nix
@@ -1,4 +1,4 @@
-{ pkgs, auxiliaryPkgs, ... }:
+{ config, pkgs, auxiliaryPkgs, ... }:
 
 let
   inherit (pkgs) dockerTools glibc;
@@ -25,6 +25,10 @@ let
 
 in
 {
+  age.secrets.pds-secrets = {
+    file = ../secrets/pds-secrets.age;
+  };
+
   foundation.services.pds = {
     image = { imageFile = pdsImage; image = "pds:${pds.version}"; };
     ports = [ [ pdsLocalPort 3000 ] ];
@@ -51,8 +55,7 @@ in
       LOG_ENABLED = "true";
     };
 
-    # TODO: use age
-    environmentFiles = [ /srv/pds/secret.env ];
+    environmentFiles = [ config.age.secrets.pds-secrets.path ];
 
     workdir = "/pds";
     entrypoint = "${pds}/bin/pds";
-- 
cgit 1.4.1