treewide: don't reference <secrets> explicitly

author: tv <tv@krebsco.de> 2023-09-11 15:31:13 +0200
committer: tv <tv@krebsco.de> 2023-09-11 16:10:41 +0200
commit: 5370e0485788224126861e076110ac705013d2de (patch)
tree: 15838192c1ebf685733cbf39b3f3e37fd1ebd639 /krebs/2configs
parent: 8fc162ee3d9525a2b45346a1ca8f34ccb5ef971b (diff)
9 files changed, 12 insertions, 13 deletions
diff --git a/krebs/2configs/cache.nsupdate.info.nix b/krebs/2configs/cache.nsupdate.info.nix
index 74f345614..1ac63eaf5 100644
--- a/krebs/2configs/cache.nsupdate.info.nix
+++ b/krebs/2configs/cache.nsupdate.info.nix
@@ -9,7 +9,7 @@ in {
     enable = true;
     server = "ipv4.nsupdate.info";
     username = domain;
-    password = import ((toString <secrets>) + "/nsupdate-cache.nix");
+    password = import "${config.krebs.secret.directory}/nsupdate-cache.nix";
     domains = [ domain ];
     use= "if, if=et0";
     # use = "web, web=http://ipv4.nsupdate.info/myip";
diff --git a/krebs/2configs/matterbridge.nix b/krebs/2configs/matterbridge.nix
index b96dea300..f42921824 100644
--- a/krebs/2configs/matterbridge.nix
+++ b/krebs/2configs/matterbridge.nix
@@ -2,7 +2,7 @@
   services.matterbridge = {
     enable = true;
     configPath = let
-      bridgeBotToken = lib.strings.fileContents <secrets/telegram.token>;
+      bridgeBotToken = lib.strings.fileContents "${config.krebs.secret.directory}/telegram.token";
     in
       toString ((pkgs.formats.toml {}).generate "config.toml" {
         general = {
diff --git a/krebs/2configs/secret-passwords.nix b/krebs/2configs/secret-passwords.nix
index 0f0d068aa..531d570cc 100644
--- a/krebs/2configs/secret-passwords.nix
+++ b/krebs/2configs/secret-passwords.nix
@@ -1,7 +1,7 @@
-{ lib, ... }:
+{ config, lib, ... }:
 with lib;
 {
   users.extraUsers =
     mapAttrs (_: h: { hashedPassword = h; })
-             (import <secrets/hashedPasswords.nix>);
+             (import "${config.krebs.secret.directory}/hashedPasswords.nix");
 }
diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix
index d525e7987..a27fe29ae 100644
--- a/krebs/2configs/shack/gitlab-runner.nix
+++ b/krebs/2configs/shack/gitlab-runner.nix
@@ -1,4 +1,4 @@
-{ pkgs,lib, ... }:
+{ config, lib, pkgs, ... }:
 {
   boot.kernel.sysctl."net.ipv4.ip_forward" = true;
   services.gitlab-runner = {
@@ -10,7 +10,7 @@
         # File should contain at least these two variables:
         # `CI_SERVER_URL`
         # `REGISTRATION_TOKEN`
-        registrationConfigFile = toString <secrets/shackspace-gitlab-ci>;
+        registrationConfigFile = "${config.krebs.secret.directory}/shackspace-gitlab-ci";
         dockerImage = "alpine";
         dockerVolumes = [
           "/nix/store:/nix/store:ro"
diff --git a/krebs/2configs/shack/grafana.nix b/krebs/2configs/shack/grafana.nix
index f42f1c4af..78ef29f97 100644
--- a/krebs/2configs/shack/grafana.nix
+++ b/krebs/2configs/shack/grafana.nix
@@ -1,7 +1,6 @@
-let
+{ config, ... }: let
   port = 3000;
 in {
-
   networking.firewall.allowedTCPPorts = [ port ]; # legacy
   services.nginx.virtualHosts."grafana.shack" = {
     locations."/" = {
@@ -25,6 +24,6 @@ in {
     users.allowOrgCreate = true;
     users.autoAssignOrg = true;
     auth.anonymous.enable = true;
-    security = import <secrets/grafana_security.nix>;
+    security = import "${config.krebs.secret.directory}/grafana_security.nix";
   };
 }
diff --git a/krebs/2configs/shack/muell_caller.nix b/krebs/2configs/shack/muell_caller.nix
index f3007dd1d..ea335f233 100644
--- a/krebs/2configs/shack/muell_caller.nix
+++ b/krebs/2configs/shack/muell_caller.nix
@@ -21,7 +21,7 @@ let
       install -m755 -D call.py  $out/bin/call-muell
     '';
   };
-  cfg = "${toString <secrets>}/tell.json";
+  cfg = "${config.krebs.secret.directory}/tell.json";
 in {
   systemd.services.call_muell = {
     description = "call muell";
diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix
index 2a8c92e46..69bc33e46 100644
--- a/krebs/2configs/shack/muell_mail.nix
+++ b/krebs/2configs/shack/muell_mail.nix
@@ -9,7 +9,7 @@ let
       sha256 = "0hgchwam5ma96s2v6mx2jfkh833psadmisjbm3k3153rlxp46frx";
     }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; };
     home = "/var/lib/muell_mail";
-    cfg = toString <secrets/shack/muell_mail.js>;
+    cfg = "${config.krebs.secret.directory}/shack/muell_mail.js";
 in {
   users.users.muell_mail = {
     inherit home;
diff --git a/krebs/2configs/shack/prometheus/unifi.nix b/krebs/2configs/shack/prometheus/unifi.nix
index 34e47add9..1e42779f0 100644
--- a/krebs/2configs/shack/prometheus/unifi.nix
+++ b/krebs/2configs/shack/prometheus/unifi.nix
@@ -5,6 +5,6 @@
     unifiAddress = "https://unifi.shack:8443/";
     unifiInsecure = true;
     unifiUsername = "prometheus"; # needed manual login after setup to confirm the password
-    unifiPassword = lib.replaceStrings ["\n"] [""] (builtins.readFile <secrets/shack/unifi-prometheus-pw>);
+    unifiPassword = lib.replaceStrings ["\n"] [""] (builtins.readFile "${config.krebs.secret.directory}/shack/unifi-prometheus-pw");
   };
 }
diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix
index d8033f1e2..e79d15d73 100644
--- a/krebs/2configs/shack/s3-power.nix
+++ b/krebs/2configs/shack/s3-power.nix
@@ -10,7 +10,7 @@ let
     }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; };
 
     home = "/var/lib/s3-power";
-    cfg = toString <secrets/shack/s3-power.json>;
+    cfg = "${config.krebs.secret.directory}/shack/s3-power.json";
 in {
   users.users.s3_power = {
     inherit home;
author	tv <tv@krebsco.de>	2023-09-11 15:31:13 +0200
committer	tv <tv@krebsco.de>	2023-09-11 16:10:41 +0200
commit	5370e0485788224126861e076110ac705013d2de (patch)
tree	15838192c1ebf685733cbf39b3f3e37fd1ebd639 /krebs/2configs
parent	8fc162ee3d9525a2b45346a1ca8f34ccb5ef971b (diff)