titaniumtown/server-config
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

secrets: migrate build-time secrets to agenix runtime

Browse Source 
- coturn: switch static-auth-secret to static-auth-secret-file
- matrix: switch registration_token and turn_secret to file-based
- murmur: switch password to environmentFile with agenix
- p2pool: move public wallet address to service-configs.nix
This commit is contained in:
Simon Gardling
2026-03-30 17:14:47 -04:00
parent eaeeed7f45
commit e4feaa35ad
9 changed files with 41 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
services/coturn.nix
View File

@@ -9,7 +9,7 @@
enable = true;
realm = service_configs.https.domain;
use-auth-secret = true;
static-auth-secret = lib.strings.trim (builtins.readFile ../secrets/coturn_static_auth_secret);
static-auth-secret-file = config.age.secrets.coturn-auth-secret.path;
listening-port = service_configs.ports.public.coturn.port;
tls-listening-port = service_configs.ports.public.coturn_tls.port;
no-cli = true;

4
services/matrix.nix
View File

@@ -21,7 +21,7 @@
port = [ service_configs.ports.private.matrix.port ];
server_name = service_configs.https.domain;
allow_registration = true;
registration_token = lib.strings.trim (builtins.readFile ../secrets/matrix_reg_token);
registration_token_file = config.age.secrets.matrix-reg-token.path;
new_user_displayname_suffix = "";
@@ -37,7 +37,7 @@
];
# TURN server config (coturn)
turn_secret = config.services.coturn.static-auth-secret;
turn_secret_file = config.age.secrets.matrix-turn-secret.path;
turn_uris = [
"turn:${service_configs.https.domain}?transport=udp"
"turn:${service_configs.https.domain}?transport=tcp"

5
services/p2pool.nix
View File

@@ -4,9 +4,6 @@
lib,
...
}:
let
walletAddress = lib.strings.trim (builtins.readFile ../secrets/xmrig-wallet);
in
{
imports = [
(lib.serviceMountWithZpool "p2pool" service_configs.zpool_ssds [
@@ -20,7 +17,7 @@ in
services.p2pool = {
enable = true;
dataDir = service_configs.p2pool.dataDir;
walletAddress = walletAddress;
walletAddress = service_configs.p2pool.walletAddress;
sidechain = "nano";
host = "127.0.0.1";
rpcPort = service_configs.ports.public.monero_rpc.port;