summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--hosts/vidhar/default.nix8
1 files changed, 4 insertions, 4 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index c5bdacdd..9905d1f8 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -125,7 +125,7 @@
125 ${config.services.grafana.domain} = { 125 ${config.services.grafana.domain} = {
126 forceSSL = true; 126 forceSSL = true;
127 sslCertificate = ./selfsigned.crt; 127 sslCertificate = ./selfsigned.crt;
128 sslCertificateKey = config.sops.secrets."selfsigned.key".path; 128 sslCertificateKey = "/run/credentials/nginx.service/selfsigned.key";
129 locations."/" = { 129 locations."/" = {
130 proxyPass = "http://grafana/"; 130 proxyPass = "http://grafana/";
131 proxyWebsockets = true; 131 proxyWebsockets = true;
@@ -155,10 +155,10 @@
155 sops.secrets."selfsigned.key" = { 155 sops.secrets."selfsigned.key" = {
156 format = "binary"; 156 format = "binary";
157 sopsFile = ./selfsigned.key; 157 sopsFile = ./selfsigned.key;
158 group = "ssl";
159 mode = "0440";
160 }; 158 };
161 users.groups.ssl.members = ["nginx"]; 159 systemd.services.nginx.serviceConfig = {
160 LoadCredential = [ "selfsigned.key:${config.sops.secrets."selfsigned.key".path}" ];
161 };
162 162
163 services.loki = { 163 services.loki = {
164 enable = true; 164 enable = true;
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-21 21:41:40 +0000