Skip to content

Commit

Permalink
Add google oauth key to secrets
Browse files Browse the repository at this point in the history
  • Loading branch information
@Lucus16
Lucus16 committed May 7, 2023
1 parent 781c878 commit 193d7eb
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 3 deletions.
12 changes: 12 additions & 0 deletions nix/infra.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,18 @@ in rec {
};
};

production = { config, ... }: {
age.secrets = {
google-oauth-key.file = ../secrets/google-oauth-key.json.age;
google-oauth-key.owner = "giedo";
kn-env.file = ../secrets/production.age;
};

kn.settings = {
GOOGLE_OAUTH2_KEY = config.age.secrets.google-oauth-key.path;
};
};

staging = { lib, ... }: {
# nixos-rebuild switch --flake '.#staging' --target-host root@dev.kn.cx --build-host localhost
imports = [ vipassana ./hetzner.nix ];
Expand Down
3 changes: 0 additions & 3 deletions nix/services/kn/settings.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,6 @@ in {

STORAGE_ROOT = "/var/lib/kndjango/storage";

# TODO: Import sankhara:/home/infra/google-oauth-key.json into age-nix
GOOGLE_OAUTH2_KEY = pkgs.emptyFile;

BASE_URL = SCHEME + "://" + DOMAINNAME;
PHOTOS_CACHE_DIR = "/var/cache/fotos";
MAILDOMAIN = DOMAINNAME;
Expand Down
Binary file added secrets/google-oauth-key.json.age
View file
Binary file not shown.
1 change: 1 addition & 0 deletions secrets/secrets.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,5 @@ in with hosts; {
"vm.age".publicKeys = allUsers ++ [ vm ];
"staging.age".publicKeys = allUsers ++ [ staging ];
"production.age".publicKeys = allUsers ++ [ production ];
"google-oauth-key.json.age".publicKeys = allUsers ++ [ production ];
}

0 comments on commit 193d7eb

Please sign in to comment.