summaryrefslogtreecommitdiffstats
path: root/lass/2configs/binary-cache/server.nix
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2021-12-07 17:43:00 +0100
committerlassulus <lassulus@lassul.us>2021-12-07 17:43:00 +0100
commit8d2f6fba252d6885c458c55ba45de8cc8a828ee6 (patch)
tree697b70bb9740238b7be9ff3548c4c825e7b6a97c /lass/2configs/binary-cache/server.nix
parenta479db862635872461d0db5ded693e6e13f3c62b (diff)
l binary-cache server: use key without secret service
Diffstat (limited to 'lass/2configs/binary-cache/server.nix')
-rw-r--r--lass/2configs/binary-cache/server.nix17
1 files changed, 2 insertions, 15 deletions
diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
index baa891821..1abf51ae6 100644
--- a/lass/2configs/binary-cache/server.nix
+++ b/lass/2configs/binary-cache/server.nix
@@ -1,27 +1,14 @@
-{ config, lib, pkgs, ...}:
+{ config, lib, pkgs, stockholm, ...}:
{
# generate private key with:
# nix-store --generate-binary-cache-key my-secret-key my-public-key
services.nix-serve = {
enable = true;
- secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+ secretKeyFile = toString <secrets> + "/nix-serve.key";
port = 5005;
};
- systemd.services.nix-serve = {
- after = [
- config.krebs.secret.files.nix-serve-key.service
- ];
- partOf = [
- config.krebs.secret.files.nix-serve-key.service
- ];
- };
- krebs.secret.files.nix-serve-key = {
- path = "/run/secret/nix-serve.key";
- owner.name = "nix-serve";
- source-path = toString <secrets> + "/nix-serve.key";
- };
services.nginx = {
enable = true;
virtualHosts.nix-serve = {