Compare commits
No commits in common. "1e8d26bc6e4f054c69cea71274ae87c7583f31c4" and "bd417f57844c82bb7d2af7a2f9660a18da5c1b8d" have entirely different histories.
1e8d26bc6e
...
bd417f5784
3 changed files with 2 additions and 12 deletions
1
.envrc
1
.envrc
|
|
@ -1 +0,0 @@
|
||||||
use flake
|
|
||||||
3
.gitignore
vendored
3
.gitignore
vendored
|
|
@ -1,3 +1,2 @@
|
||||||
*~
|
*~
|
||||||
result
|
result
|
||||||
/.direnv/
|
|
||||||
10
tide.nix
10
tide.nix
|
|
@ -11,7 +11,7 @@
|
||||||
# Reuse the wildcard cert already issued for *.${domainName}
|
# Reuse the wildcard cert already issued for *.${domainName}
|
||||||
# in configuration.nix instead of requesting a new one per
|
# in configuration.nix instead of requesting a new one per
|
||||||
# subdomain.
|
# subdomain.
|
||||||
nginx.useACMEHost = null;
|
nginx.useACMEHost = domainName;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Don't fail evaluation when secrets/tide.yaml is missing (e.g.
|
# Don't fail evaluation when secrets/tide.yaml is missing (e.g.
|
||||||
|
|
@ -20,14 +20,6 @@
|
||||||
# the file is absent, which is the right place for that failure.
|
# the file is absent, which is the right place for that failure.
|
||||||
sops.validateSopsFiles = false;
|
sops.validateSopsFiles = false;
|
||||||
|
|
||||||
# Use the host's age key generated with age-keygen, not the
|
|
||||||
# SSH-host-key-derived identity sops-nix falls back to by default.
|
|
||||||
# The encrypted file's recipient is the public key paired with
|
|
||||||
# this private key.
|
|
||||||
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
|
||||||
sops.age.sshKeyPaths = [ ];
|
|
||||||
sops.gnupg.sshKeyPaths = [ ];
|
|
||||||
|
|
||||||
sops.secrets."tide-env" = {
|
sops.secrets."tide-env" = {
|
||||||
sopsFile = ./secrets/tide.yaml;
|
sopsFile = ./secrets/tide.yaml;
|
||||||
# phpfpm reads this via EnvironmentFile, which runs as root
|
# phpfpm reads this via EnvironmentFile, which runs as root
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue