dendrite: Use LoadCredential to load private key
This commit is contained in:
parent
c80dd6998b
commit
e532ad8538
SSH key fingerprint:
SHA256:/Wk1WZdLg+vQHs3in9qq7PsIp8SMzwGSk/RLZ5zPuZk
2 changed files with 5 additions and 3 deletions
|
|
@ -73,8 +73,8 @@ inputs: {
|
||||||
neo = {
|
neo = {
|
||||||
config = import ./neo/configuration.nix inputs;
|
config = import ./neo/configuration.nix inputs;
|
||||||
deploy = {
|
deploy = {
|
||||||
host = "10.0.0.157";
|
# host = "10.0.0.213";
|
||||||
# host = "neo.barn-beaver.ts.net";
|
host = "neo.barn-beaver.ts.net";
|
||||||
targetUser = "erwin";
|
targetUser = "erwin";
|
||||||
tags = [ "container" ];
|
tags = [ "container" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,8 @@ let
|
||||||
settings = {
|
settings = {
|
||||||
global = {
|
global = {
|
||||||
server_name = "matrix.boskma.frl";
|
server_name = "matrix.boskma.frl";
|
||||||
private_key = config.sops.secrets.dendrite-private-key.path;
|
# private_key = config.sops.secrets.dendrite-private-key.path;
|
||||||
|
private_key = "$$CREDENTIALS_DIRECTORY/private_key";
|
||||||
|
|
||||||
database = {
|
database = {
|
||||||
connection_string = "postgresql://%2Frun%2Fpostgresql/dendrite";
|
connection_string = "postgresql://%2Frun%2Fpostgresql/dendrite";
|
||||||
|
|
@ -114,6 +115,7 @@ in
|
||||||
RuntimeDirectoryMode = "0700";
|
RuntimeDirectoryMode = "0700";
|
||||||
LimitNOFILE = 65535;
|
LimitNOFILE = 65535;
|
||||||
EnvironmentFile = environmentFile;
|
EnvironmentFile = environmentFile;
|
||||||
|
LoadCredential = [ "private_key:${config.sops.secrets.dendrite-private-key.path}" ];
|
||||||
ExecStartPre = [
|
ExecStartPre = [
|
||||||
''
|
''
|
||||||
${pkgs.envsubst}/bin/envsubst \
|
${pkgs.envsubst}/bin/envsubst \
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue