fix(etna): use LoadCredential for dendrite key
This commit is contained in:
parent
5fb0e92992
commit
429d4d49de
SSH key fingerprint:
SHA256:4P0aN6M8ajKukNi6aPOaX0LacanGYtlfjmN+m/sHY/o
1 changed files with 4 additions and 2 deletions
|
|
@ -3,7 +3,7 @@
|
||||||
mkSecret,
|
mkSecret,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
age.secrets = mkSecret "dendriteKey" {mode = "444";};
|
age.secrets = mkSecret "dendriteKey" {};
|
||||||
cfTunnels."m.uku.moe" = "http://localhost:80";
|
cfTunnels."m.uku.moe" = "http://localhost:80";
|
||||||
|
|
||||||
systemd.services.dendrite = {
|
systemd.services.dendrite = {
|
||||||
|
|
@ -22,10 +22,12 @@
|
||||||
in {
|
in {
|
||||||
enable = true;
|
enable = true;
|
||||||
httpPort = 8008;
|
httpPort = 8008;
|
||||||
|
loadCredential = ["private_key:${config.age.secrets.dendriteKey.path}"];
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
global = {
|
global = {
|
||||||
server_name = "m.uku.moe";
|
server_name = "m.uku.moe";
|
||||||
private_key = config.age.secrets.dendriteKey.path;
|
private_key = "$CREDENTIALS_DIRECTORY/private_key";
|
||||||
inherit database;
|
inherit database;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue