From 8d2f6fba252d6885c458c55ba45de8cc8a828ee6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 7 Dec 2021 17:43:00 +0100 Subject: l binary-cache server: use key without secret service --- lass/2configs/binary-cache/server.nix | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix index baa891821..1abf51ae6 100644 --- a/lass/2configs/binary-cache/server.nix +++ b/lass/2configs/binary-cache/server.nix @@ -1,27 +1,14 @@ -{ config, lib, pkgs, ...}: +{ config, lib, pkgs, stockholm, ...}: { # generate private key with: # nix-store --generate-binary-cache-key my-secret-key my-public-key services.nix-serve = { enable = true; - secretKeyFile = config.krebs.secret.files.nix-serve-key.path; + secretKeyFile = toString + "/nix-serve.key"; port = 5005; }; - systemd.services.nix-serve = { - after = [ - config.krebs.secret.files.nix-serve-key.service - ]; - partOf = [ - config.krebs.secret.files.nix-serve-key.service - ]; - }; - krebs.secret.files.nix-serve-key = { - path = "/run/secret/nix-serve.key"; - owner.name = "nix-serve"; - source-path = toString + "/nix-serve.key"; - }; services.nginx = { enable = true; virtualHosts.nix-serve = { -- cgit v1.2.3