simplify secret definitions
This commit is contained in:
parent
cd0fd6926b
commit
f9c29b9318
|
@ -1,75 +1,56 @@
|
||||||
let
|
let
|
||||||
secrets = import ../secrets/secrets.nix;
|
secrets = import ../secrets/secrets.nix;
|
||||||
bitcoin-rpcpassword = {
|
|
||||||
|
secretsDir = "/secrets/";
|
||||||
|
secret = { text ? null, keyFile ? null, user, group ? user }: {
|
||||||
|
inherit text user group;
|
||||||
|
destDir = secretsDir;
|
||||||
|
permissions = "0440";
|
||||||
|
};
|
||||||
|
|
||||||
|
bitcoin-rpcpassword = secret {
|
||||||
text = secrets.bitcoinrpcpassword;
|
text = secrets.bitcoinrpcpassword;
|
||||||
destDir = "/secrets/";
|
|
||||||
user = "bitcoin";
|
user = "bitcoin";
|
||||||
group = "bitcoinrpc";
|
group = "bitcoinrpc";
|
||||||
permissions = "0440";
|
|
||||||
};
|
};
|
||||||
lnd-wallet-password = {
|
lnd-wallet-password = secret {
|
||||||
text = secrets.lnd-wallet-password;
|
text = secrets.lnd-wallet-password;
|
||||||
destDir = "/secrets/";
|
|
||||||
user = "lnd";
|
user = "lnd";
|
||||||
group = "lnd";
|
|
||||||
permissions = "0440";
|
|
||||||
};
|
};
|
||||||
lightning-charge-api-token = {
|
lightning-charge-api-token = secret {
|
||||||
text = "API_TOKEN=" + secrets.lightning-charge-api-token;
|
text = "API_TOKEN=" + secrets.lightning-charge-api-token;
|
||||||
destDir = "/secrets/";
|
|
||||||
user = "clightning";
|
user = "clightning";
|
||||||
group = "clightning";
|
|
||||||
permissions = "0440";
|
|
||||||
};
|
};
|
||||||
# variable is called CHARGE_TOKEN instead of API_TOKEN
|
# variable is called CHARGE_TOKEN instead of API_TOKEN
|
||||||
lightning-charge-api-token-for-nanopos = {
|
lightning-charge-api-token-for-nanopos = secret {
|
||||||
text = "CHARGE_TOKEN=" + secrets.lightning-charge-api-token;
|
text = "CHARGE_TOKEN=" + secrets.lightning-charge-api-token;
|
||||||
destDir = "/secrets/";
|
|
||||||
user = "nanopos";
|
user = "nanopos";
|
||||||
group = "nanopos";
|
|
||||||
permissions = "0440";
|
|
||||||
};
|
};
|
||||||
liquid-rpcpassword = {
|
liquid-rpcpassword = secret {
|
||||||
text = secrets.liquidrpcpassword;
|
text = secrets.liquidrpcpassword;
|
||||||
destDir = "/secrets/";
|
|
||||||
user = "liquid";
|
user = "liquid";
|
||||||
group = "liquid";
|
|
||||||
permissions = "0440";
|
|
||||||
};
|
};
|
||||||
spark-wallet-login = {
|
spark-wallet-login = secret {
|
||||||
text = "login=" + "spark-wallet:" + secrets.spark-wallet-password;
|
text = "login=" + "spark-wallet:" + secrets.spark-wallet-password;
|
||||||
destDir = "/secrets/";
|
|
||||||
user = "clightning";
|
user = "clightning";
|
||||||
group = "clightning";
|
|
||||||
permissions = "0440";
|
|
||||||
};
|
};
|
||||||
nginx_key = {
|
nginx_key = secret {
|
||||||
keyFile = toString ../../secrets/nginx.key;
|
keyFile = toString ../../secrets/nginx.key;
|
||||||
destDir = "/secrets/";
|
|
||||||
user = "nginx";
|
user = "nginx";
|
||||||
group = "root";
|
group = "root";
|
||||||
permissions = "0440";
|
|
||||||
};
|
};
|
||||||
nginx_cert = {
|
nginx_cert = secret {
|
||||||
keyFile = toString ../../secrets/nginx.cert;
|
keyFile = toString ../../secrets/nginx.cert;
|
||||||
destDir = "/secrets/";
|
|
||||||
user = "nginx";
|
user = "nginx";
|
||||||
group = "root";
|
group = "root";
|
||||||
permissions = "0440";
|
|
||||||
};
|
};
|
||||||
lnd_key = {
|
lnd_key = secret {
|
||||||
keyFile = toString ../../secrets/lnd.key;
|
keyFile = toString ../../secrets/lnd.key;
|
||||||
destDir = "/secrets/";
|
|
||||||
user = "lnd";
|
user = "lnd";
|
||||||
group = "lnd";
|
|
||||||
permissions = "0440";
|
|
||||||
};
|
};
|
||||||
lnd_cert = {
|
lnd_cert = secret {
|
||||||
keyFile = toString ../../secrets/lnd.cert;
|
keyFile = toString ../../secrets/lnd.cert;
|
||||||
destDir = "/secrets/";
|
|
||||||
user = "lnd";
|
user = "lnd";
|
||||||
group = "lnd";
|
|
||||||
permissions = "0440";
|
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
network.description = "Bitcoin Core node";
|
network.description = "Bitcoin Core node";
|
||||||
|
|
Loading…
Reference in New Issue
Block a user