diff --git a/hosts/servers/hosting-02.nix b/hosts/servers/hosting-02.nix index ecc554f..902e777 100644 --- a/hosts/servers/hosting-02.nix +++ b/hosts/servers/hosting-02.nix @@ -98,6 +98,7 @@ services.wrtagweb = { enable = true; settings.web-api-key = "test"; + envFile = config.sops.secrets.wrtagwebEnvFile.path; }; services.nginx.virtualHosts."tag.escapeangle.com" = { @@ -130,6 +131,9 @@ slskdEnvFile = { owner = config.services.slskd.user; }; + wrtagwebEnvFile = { + owner = "wrtagweb"; + }; bandcampcdCookieFile = { owner = "bandcampcd"; }; diff --git a/hosts/servers/hosting-02.yaml b/hosts/servers/hosting-02.yaml index 8fc7c8a..a3bbd47 100644 --- a/hosts/servers/hosting-02.yaml +++ b/hosts/servers/hosting-02.yaml @@ -3,6 +3,7 @@ storageboxKey: ENC[AES256_GCM,data:uWDkiWIk3OePRfoaqjllVlRVzW5+ryE4sIOs8qm6cS8JN storageboxCryptKey: ENC[AES256_GCM,data:ryYOzFvdPaVkOHmypYbqw+KU6aB2OQutLw==,iv:FL4c7P36qxYR1KJlg7t0dvFHlKGMIrTlQG+CDkeJu9U=,tag:Ia4mhV9Ed/m1rRMCNnHqXw==,type:str] slskdEnvFile: ENC[AES256_GCM,data:K1S1PXQMiBoEdbuM/NTBUYRrUSnAC/KBhm/PFzoCJATiLLPsstzgqzbe9vG8tnULb2driAH4Ytd03cmROp30V+9vW6J9eyCofWySWZNEYriRfY1y7y5AR8W13zQL0FGZOewUy/1T7YRvN8FjZFh4n7S3c0GREX3FSSNrmaHwOqgueDs=,iv:VziNMRpC2clhFyOMG8LRReMGUxhYqjUaZeA8gh599aM=,tag:H1tQBZ8nSgATSJB6nFSdlA==,type:str] bandcampcdCookieFile: ENC[AES256_GCM,data:vHw7utB2mAUiys+zBNpGDW9URdSMkWbvv0bZyNUgbDwHkg0ZkbxHBbnspbU4gM5AmUc0OPKjgoqaLEfy+mrylfyXxdKyVlLWGVDwH/9SjsgLjNWBnZOfS0/JN0h8nD9DDfQ9+KVKwfnndIBDwc3Qr+/uQe88JOWeN27ZZoqMXAA7y92aHAn/cdjV9opJL3zq2Gk9ZSjW6pX0W382/+P2d+n5pvnJCGaVcz6NqYj36V7eu+jqtCdpN0ugb7bEQLBEPxN6vDkB1EaWiuI+JXUqPyAlyRqH/9D9IKFu+HWVjryz6WILkJ8rpAEKUtgr4DUDgW/ukTp8/gCe/w126YljuGYj283WYZOTJQHnNdqZFur1qmIosSRLzw4atnD1CAEpZzHFXGz19wMk5+U3OkPQkC/PxmzhqQlyKw7JQ8rNu+WTcHmF3YqYZjtPj1aayXxLqQ9IbZOwXwa0BLRZX7FOFJz/znQa7kR2VE5/Q8vbYA3sz0gBQiIcl8VSzGtQlVM7K+TtkiUSA4DwKH+deSlUnjauIsLldENlbOWwDdm+ckdIRUUuIXiHRq9VM+1UPJdxLGScsPUgsIMZckIkdcEXDyBo3HPdwvQ0lX2msqTIyJxgBMyvSC37Frb0l7hiE6j5HndLv0nfT8krik12WpfR9PKjJqy6kIl3fwSwTqNHA7yPeQKHR8QizGXmkwxEBtsYufKE0Oi1u7VUwwyJe9IU2Gkr0TQYiHo7Glg0lNtkrpPIM+hOjxJJE2MVRe+S117RluvvfEjAmEhyb9cjW+TAw3kQttwO2vMk+RHV3mFF5G2/0tmRbvpbou68eFDDOBQ8ILrUo35GuR8ziPXJeJ+5EuCgePGavEP4qX4FX/GpnMEo85b6m5Vow5EOu8dakHX4fcFTPQeCZ0FoLTGYzGxqUsMG4E8upsPZMw4xBxeVjQO35l4FVhwNyrsIaep1mZWf5vBgAN4q2FYyfJ7jnClJkSrNxg0zW8sEgqEZXIZcFfhPYC1DWZZRMII5n8zJXoeGHDLEIuT4zeIpoXRN3+S4X3AFL4I/gm6mAbFQv3IJ8+g/EOThTZh0PRl70v0Imd3EDetjy4rKphPDpeb6QJWPQkWnIcIeE7Nkg19VoOcWmL8UDxUpsD0NIL1QSZ5ElBuoFVsKuOlkBD5UucLOGZgF01n4BXQjZ9DIW1xBm3lWDDxzuwh4F1rf2MvgesZCEGVn/Y3VF3YMGgdhxLht4IHo4w6z7Rzuh53acf6TH+uZ+iOmFaBETlxA17n6YyaCVzjCuyBNxAxTvX0y+49saYctF9PExYwoKtKL2X9u8NR2OoZJi+TPVfLwBxSrrr9et7Kxhlqu2zxqzWRt7xQXUxWL28HqZljBZxpOxdhy9XLCr3Aj2aZa1mH7zFX5hincsT/RiHEMdOXNUtJoQvBFe/HZ+uquM42Q90qf0alO+VT7kpa5anHLMfzwRKub6W7eFbTe5CD9SybwRDnB503WyreTUmDgIJNwoqePC+WYrW1RnBhI8ebdGl+34ou5CuJldqa1UTEzJNeNqCWLzrP/ThAcJRqmZJ945na6mmQqxhRp2edGu5+tIP3FzoHK2hUOlPyv5CgWGwXLCE0E1kP9Acpex53Wz/NxEa5eTB3ZlwsXNeI2fx4rwyAgtTVMQbzvuf3bVgIAN73I5mRfHRdTeKyQqgShtbEIoz2Q5TGvFNl2ALJ4bJzOVRo2LkUYTGHHH2x623o29fN8Ij35DRabVJyt1y5QGwVNWco=,iv:dgV9d8sRSwyNlW3lWZ6ldWw9+Fxs0Wmn1jhRxg5Pkfs=,tag:ZY3frrrk5/bBgx5lRMYvGg==,type:str] +wrtagwebEnvFile: ENC[AES256_GCM,data:wT6kxqgPxcjN7vMPVxnsgHGb+x6TwT7C5mnUK5yUWQQ=,iv:Nl3QSHyP4GSxO/R6J6qOmuObLyOEpELwur4zhdIdJBk=,tag:8z+oNGS5br2+TUFta9tNIw==,type:str] sops: age: - recipient: age1hvrssz7k9akz66evj4kja53zvdtrss8k2ljxsh5myh2mru62sggqznlzrt @@ -14,8 +15,8 @@ sops: b1ZqUzZLUkFwNHJyVlhmK0FOZ1JFYUEKDU4NmBCHRY+ZK+RFK/LioGzjJTaOE1ky MC6jxt7Y5RkCk0BBqeoEVLaNXNViPjwakbvyfH0w0P6l0KDJ4mNlYQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-22T13:13:34Z" - mac: ENC[AES256_GCM,data:Dyy+fNjzpaYcQt5eBC5ibObkpW0qnsT47owGdHNUl1DqRpy4HtnjmHjAIyjeBJn+sE26KrlOS8t7UFUXmw6dRXii8By025YUSytuWUqmBQFS2lB3a8qlPfsxLh64VK0OEfpQleBQXhQV6tKXaCUF1hb0KkN6tyeKtGOK+lfKlUU=,iv:455vimOrZ69X5O6kwkMyZ5vEJNwGOqrZWyKXaOk6PAg=,tag:OVIDGC8dRi9CYwiQAM+hGg==,type:str] + lastmodified: "2025-10-05T21:13:34Z" + mac: ENC[AES256_GCM,data:lkuovs7o4MqvCRz+lY7hiO1v9ncoozqAlslgpzx/TyyY/TXsaXKOiyCIFbMZPkmcQBxNNg89k6MmxApu4kbbh/ZlWgohztPo1MQHT8apH4Uhecphp91LMG/EnMfyoXeHbeWnENdUfDWHwKtEgqbMIpcyGp2vlTYul774iyIXhyM=,iv:csU/IXdux3nLNYeTj1pvnZH4cVHFkrhtcCmTqh5us1s=,tag:lIZBJWlfJbmPAFWSdQfjzg==,type:str] pgp: - created_at: "2025-09-18T21:32:42Z" enc: |- diff --git a/modules/nixos/wrtagweb.nix b/modules/nixos/wrtagweb.nix index f998b64..1a389b5 100644 --- a/modules/nixos/wrtagweb.nix +++ b/modules/nixos/wrtagweb.nix @@ -29,6 +29,13 @@ in ''; }; + envFile = lib.mkOption { + type = lib.types.path; + description = '' + File with environment variables for wrtagweb + ''; + }; + }; }; @@ -47,6 +54,7 @@ in serviceConfig = { User = "wrtagweb"; ExecStart = "${pkgs.unstable.wrtag}/bin/wrtagweb -config-path ${settingsFormat.generate "wrtagweb" cfg.settings}"; + EnvironmentFile = cfg.envFile; }; }; };