hades: secret config for mealie

2025-01-17 17:09:53 +01:00 · 2025-01-17 17:09:53 +01:00 · c624183e4e
parent 6aca4f9f62
commit c624183e4e
5 changed files with 19 additions and 0 deletions
--- a/hosts/hades/default.nix
+++ b/hosts/hades/default.nix
@ -84,6 +84,7 @@ in {
    mealie = {
      enable = true;
      port = 8090;
      credentialsFile = config.age.secrets."mealie/secret-config".path;
    };
    microbin = {
--- a/hosts/hades/secrets.nix
+++ b/hosts/hades/secrets.nix
@ -22,6 +22,10 @@
          owner = "matrix-synapse";
        };
        "mealie/secret-config" = {
          owner = "mealie";
        };
        "microbin/secret-config" = {};
        "miniflux/admin-credentials" = {};
--- a/modules/secrets/mealie/secret-config.age
+++ b/modules/secrets/mealie/secret-config.age
--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@ -22,6 +22,8 @@ in {
  "matrix-synapse/secret-config.age".publicKeys = [alarsyo hades];
  "mealie/secret-config.age".publicKeys = [alarsyo hades];
  "microbin/secret-config.age".publicKeys = [alarsyo hades];
  "miniflux/admin-credentials.age".publicKeys = [alarsyo hades];
--- a/services/mealie.nix
+++ b/services/mealie.nix
@ -29,11 +29,23 @@ in {
      example = 8080;
      description = "Internal port for Mealie webapp";
    };
    credentialsFile = lib.mkOption {
      type = types.nullOr types.path;
      default = null;
      example = "/run/secrets/mealie-credentials.env";
      description = ''
        File containing credentials used in mealie such as {env}`POSTGRES_PASSWORD`
        or sensitive LDAP options.
        Expects the format of an `EnvironmentFile=`, as described by {manpage}`systemd.exec(5)`.
      '';
    };
  };
  config = mkIf cfg.enable {
    services.mealie = {
      inherit listenAddress;
      inherit (cfg) credentialsFile;
      enable = true;
      package = pkgs.unstable.mealie;