From c5e818d7a7fc282ab4b626fd19b45f530d5898c8 Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kj@orbekk.com>
Date: Wed, 28 Dec 2022 19:32:08 -0500
Subject: Configure bridge-nightly secret key

---
 modules/bridge.nix | 31 ++++++++++++++-----------------
 1 file changed, 14 insertions(+), 17 deletions(-)

(limited to 'modules')

diff --git a/modules/bridge.nix b/modules/bridge.nix
index a1c405a..e41af2e 100644
--- a/modules/bridge.nix
+++ b/modules/bridge.nix
@@ -1,9 +1,6 @@
 { config, lib, pkgs, ... }:
-let
-  cfg = config.orbekk.bridge;
-in
-with lib;
-{
+let cfg = config.orbekk.bridge;
+in with lib; {
   options = {
     orbekk.bridge = {
       enable = mkEnableOption "Enable bridge service";
@@ -17,18 +14,20 @@ with lib;
   };
 
   config = mkIf cfg.enable {
+    age.secrets.bridge-nightly.file = ./. + "../secrets/bridge-nightly.age";
+
     systemd.services.bridge-nightly = {
       description = "Bridge Nightly backend";
-      wantedBy = ["multi-user.target"];
-      after = ["network.target"];
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
 
       environment = {
         BIND_ADDRESS = "[::]:${toString cfg.port}";
         RUST_BACKTRACE = "1";
         AUTHENTICATOR = "oauth";
-        OPENID_ISSUER_URL= "https://auth.orbekk.com/realms/test";
-        OPENID_CLIENT_ID= "test-client";
-        OPENID_CLIENT_SECRET= "secret";
+        OPENID_ISSUER_URL = "https://auth.orbekk.com/realms/test";
+        OPENID_CLIENT_ID = "test-client";
+        OPENID_CLIENT_SECRET = "secret";
         APP_URL = "https://bridge.orbekk.com";
         DATABASE_URL = "postgres:///bridge_nightly";
         RUST_LOG = "info";
@@ -37,7 +36,7 @@ with lib;
       serviceConfig = {
         User = "bridge_nightly";
         Group = "bridge_nightly";
-        EnvironmentFile = config.age.secrets.bridge-nighly.path;
+        EnvironmentFile = config.age.secrets.bridge-nightly.path;
         ExecStart = "/opt/bridge-nightly/profile/bin/server";
       };
     };
@@ -57,12 +56,10 @@ with lib;
         host  all all 2001:470:8e2e:100::/64      md5
       '';
       ensureDatabases = [ "bridge_nightly" ];
-      ensureUsers = [
-        {
-          name = "bridge_nightly";
-          ensurePermissions."DATABASE bridge_nightly" = "ALL PRIVILEGES";
-        }
-      ];
+      ensureUsers = [{
+        name = "bridge_nightly";
+        ensurePermissions."DATABASE bridge_nightly" = "ALL PRIVILEGES";
+      }];
     };
   };
 }
-- 
cgit v1.2.3