diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-01-23 17:04:32 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-01-23 17:04:32 +0100 |
commit | 93c2272889d661d4d732c8ed989fe907d96660d9 (patch) | |
tree | ff47ee3bc3480810b08c23742b57d861c499afe1 | |
parent | f9548351316e16c173df943e51232e0c143d06d1 (diff) | |
download | nixos-93c2272889d661d4d732c8ed989fe907d96660d9.tar nixos-93c2272889d661d4d732c8ed989fe907d96660d9.tar.gz nixos-93c2272889d661d4d732c8ed989fe907d96660d9.tar.bz2 nixos-93c2272889d661d4d732c8ed989fe907d96660d9.tar.xz nixos-93c2272889d661d4d732c8ed989fe907d96660d9.zip |
...
-rw-r--r-- | hosts/vidhar/default.nix | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index c5bdacdd..9905d1f8 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix | |||
@@ -125,7 +125,7 @@ | |||
125 | ${config.services.grafana.domain} = { | 125 | ${config.services.grafana.domain} = { |
126 | forceSSL = true; | 126 | forceSSL = true; |
127 | sslCertificate = ./selfsigned.crt; | 127 | sslCertificate = ./selfsigned.crt; |
128 | sslCertificateKey = config.sops.secrets."selfsigned.key".path; | 128 | sslCertificateKey = "/run/credentials/nginx.service/selfsigned.key"; |
129 | locations."/" = { | 129 | locations."/" = { |
130 | proxyPass = "http://grafana/"; | 130 | proxyPass = "http://grafana/"; |
131 | proxyWebsockets = true; | 131 | proxyWebsockets = true; |
@@ -155,10 +155,10 @@ | |||
155 | sops.secrets."selfsigned.key" = { | 155 | sops.secrets."selfsigned.key" = { |
156 | format = "binary"; | 156 | format = "binary"; |
157 | sopsFile = ./selfsigned.key; | 157 | sopsFile = ./selfsigned.key; |
158 | group = "ssl"; | ||
159 | mode = "0440"; | ||
160 | }; | 158 | }; |
161 | users.groups.ssl.members = ["nginx"]; | 159 | systemd.services.nginx.serviceConfig = { |
160 | LoadCredential = [ "selfsigned.key:${config.sops.secrets."selfsigned.key".path}" ]; | ||
161 | }; | ||
162 | 162 | ||
163 | services.loki = { | 163 | services.loki = { |
164 | enable = true; | 164 | enable = true; |