diff options
-rw-r--r-- | hosts/vidhar/default.nix | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index c5bdacdd..9905d1f8 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix | |||
@@ -125,7 +125,7 @@ | |||
125 | ${config.services.grafana.domain} = { | 125 | ${config.services.grafana.domain} = { |
126 | forceSSL = true; | 126 | forceSSL = true; |
127 | sslCertificate = ./selfsigned.crt; | 127 | sslCertificate = ./selfsigned.crt; |
128 | sslCertificateKey = config.sops.secrets."selfsigned.key".path; | 128 | sslCertificateKey = "/run/credentials/nginx.service/selfsigned.key"; |
129 | locations."/" = { | 129 | locations."/" = { |
130 | proxyPass = "http://grafana/"; | 130 | proxyPass = "http://grafana/"; |
131 | proxyWebsockets = true; | 131 | proxyWebsockets = true; |
@@ -155,10 +155,10 @@ | |||
155 | sops.secrets."selfsigned.key" = { | 155 | sops.secrets."selfsigned.key" = { |
156 | format = "binary"; | 156 | format = "binary"; |
157 | sopsFile = ./selfsigned.key; | 157 | sopsFile = ./selfsigned.key; |
158 | group = "ssl"; | ||
159 | mode = "0440"; | ||
160 | }; | 158 | }; |
161 | users.groups.ssl.members = ["nginx"]; | 159 | systemd.services.nginx.serviceConfig = { |
160 | LoadCredential = [ "selfsigned.key:${config.sops.secrets."selfsigned.key".path}" ]; | ||
161 | }; | ||
162 | 162 | ||
163 | services.loki = { | 163 | services.loki = { |
164 | enable = true; | 164 | enable = true; |