modules: services: paperless: use 'secretKeyFile'
In preparation for the migration to agenix.
This commit is contained in:
parent
ca218730ff
commit
0f2c20e51d
|
@ -103,7 +103,9 @@ in
|
||||||
# Insecure, I don't care
|
# Insecure, I don't care
|
||||||
passwordFile =
|
passwordFile =
|
||||||
builtins.toFile "paperless.env" my.secrets.paperless.password;
|
builtins.toFile "paperless.env" my.secrets.paperless.password;
|
||||||
secretKey = my.secrets.paperless.secretKey;
|
secretKeyFile = builtins.toFile "paperless-key.env" ''
|
||||||
|
PAPERLESS_SECRET_KEY=${my.secrets.paperless.secretKey}
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
# The whole *arr software suite
|
# The whole *arr software suite
|
||||||
pirate.enable = true;
|
pirate.enable = true;
|
||||||
|
|
|
@ -13,10 +13,12 @@ in
|
||||||
description = "Internal port for webui";
|
description = "Internal port for webui";
|
||||||
};
|
};
|
||||||
|
|
||||||
secretKey = mkOption {
|
secretKeyFile = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
example = "e11fl1oa-*ytql8p)(06fbj4ukrlo+n7k&q5+$1md7i+mge=ee";
|
example = "/var/lib/paperless/secret-key.env";
|
||||||
description = "Secret key used for sessions tokens";
|
description = ''
|
||||||
|
Secret key as an 'EnvironmentFile' (see `systemd.exec(5)`)
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
documentPath = mkOption {
|
documentPath = mkOption {
|
||||||
|
@ -65,7 +67,6 @@ in
|
||||||
PAPERLESS_DBNAME = "paperless";
|
PAPERLESS_DBNAME = "paperless";
|
||||||
|
|
||||||
# Security settings
|
# Security settings
|
||||||
PAPERLESS_SECRET_KEY = cfg.secretKey; # Insecure, I don't care
|
|
||||||
PAPERLESS_ALLOWED_HOSTS = paperlessDomain;
|
PAPERLESS_ALLOWED_HOSTS = paperlessDomain;
|
||||||
PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}";
|
PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}";
|
||||||
|
|
||||||
|
@ -81,6 +82,20 @@ in
|
||||||
passwordFile = cfg.passwordFile;
|
passwordFile = cfg.passwordFile;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services = {
|
||||||
|
paperless-ng-server.serviceConfig = {
|
||||||
|
EnvironmentFile = cfg.secretKeyFile;
|
||||||
|
};
|
||||||
|
|
||||||
|
paperless-ng-consumer.serviceConfig = {
|
||||||
|
EnvironmentFile = cfg.secretKeyFile;
|
||||||
|
};
|
||||||
|
|
||||||
|
paperless-ng-web.serviceConfig = {
|
||||||
|
EnvironmentFile = cfg.secretKeyFile;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# Set-up database
|
# Set-up database
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
Loading…
Reference in a new issue