dendrite: Use LoadCredential to load private key

2024-04-24 14:59:02 +02:00 · 2024-04-24 14:59:02 +02:00 · e532ad8538
commit e532ad8538
parent c80dd6998b
2 changed files with 5 additions and 3 deletions
--- a/machines/default.nix
+++ b/machines/default.nix
@ -73,8 +73,8 @@ inputs: {
  neo = {
    config = import ./neo/configuration.nix inputs;
    deploy = {
-      host = "10.0.0.157";
-      # host = "neo.barn-beaver.ts.net";
+      # host = "10.0.0.213";
+      host = "neo.barn-beaver.ts.net";
      targetUser = "erwin";
      tags = [ "container" ];
    };
--- a/machines/neo/dendrite/default.nix
+++ b/machines/neo/dendrite/default.nix
@ -17,7 +17,8 @@ let
  settings = {
    global = {
      server_name = "matrix.boskma.frl";
-      private_key = config.sops.secrets.dendrite-private-key.path;
+      # private_key = config.sops.secrets.dendrite-private-key.path;
+      private_key = "$$CREDENTIALS_DIRECTORY/private_key";

      database = {
        connection_string = "postgresql://%2Frun%2Fpostgresql/dendrite";
@ -114,6 +115,7 @@ in
      RuntimeDirectoryMode = "0700";
      LimitNOFILE = 65535;
      EnvironmentFile = environmentFile;
+      LoadCredential = [ "private_key:${config.sops.secrets.dendrite-private-key.path}" ];
      ExecStartPre = [
        ''
          ${pkgs.envsubst}/bin/envsubst \