summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-01-23 17:04:32 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-01-23 17:04:32 +0100
commit93c2272889d661d4d732c8ed989fe907d96660d9 (patch)
treeff47ee3bc3480810b08c23742b57d861c499afe1
parentf9548351316e16c173df943e51232e0c143d06d1 (diff)
downloadnixos-93c2272889d661d4d732c8ed989fe907d96660d9.tar
nixos-93c2272889d661d4d732c8ed989fe907d96660d9.tar.gz
nixos-93c2272889d661d4d732c8ed989fe907d96660d9.tar.bz2
nixos-93c2272889d661d4d732c8ed989fe907d96660d9.tar.xz
nixos-93c2272889d661d4d732c8ed989fe907d96660d9.zip
...
-rw-r--r--hosts/vidhar/default.nix8
1 files changed, 4 insertions, 4 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index c5bdacdd..9905d1f8 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -125,7 +125,7 @@
125 ${config.services.grafana.domain} = { 125 ${config.services.grafana.domain} = {
126 forceSSL = true; 126 forceSSL = true;
127 sslCertificate = ./selfsigned.crt; 127 sslCertificate = ./selfsigned.crt;
128 sslCertificateKey = config.sops.secrets."selfsigned.key".path; 128 sslCertificateKey = "/run/credentials/nginx.service/selfsigned.key";
129 locations."/" = { 129 locations."/" = {
130 proxyPass = "http://grafana/"; 130 proxyPass = "http://grafana/";
131 proxyWebsockets = true; 131 proxyWebsockets = true;
@@ -155,10 +155,10 @@
155 sops.secrets."selfsigned.key" = { 155 sops.secrets."selfsigned.key" = {
156 format = "binary"; 156 format = "binary";
157 sopsFile = ./selfsigned.key; 157 sopsFile = ./selfsigned.key;
158 group = "ssl";
159 mode = "0440";
160 }; 158 };
161 users.groups.ssl.members = ["nginx"]; 159 systemd.services.nginx.serviceConfig = {
160 LoadCredential = [ "selfsigned.key:${config.sops.secrets."selfsigned.key".path}" ];
161 };
162 162
163 services.loki = { 163 services.loki = {
164 enable = true; 164 enable = true;