services: move all secrets into /media/secrets
moves all secrets into one centralised location in /media/secrets and uses systemd-tmpfiles to set the appropriate permissions for them
This commit is contained in:
parent
0dc8c93281
commit
93f912d548
SSH key fingerprint:
SHA256:XuacYOrGqRxC3jVFjfLROn1CSvLz85Dec6N7O9Gwu/0
6 changed files with 35 additions and 5 deletions
|
|
@ -21,10 +21,14 @@
|
|||
|
||||
environmentFiles = [
|
||||
# set variable PROVIDERS_KANIDM_CLIENT_SECRET here
|
||||
/var/lib/tinyauth
|
||||
/media/secrets/tinyauth
|
||||
];
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"f /media/secrets/tinyauth 0400 root root"
|
||||
];
|
||||
|
||||
services.caddy.extraConfig = ''
|
||||
(tinyauth_forwarder) {
|
||||
forward_auth 127.0.0.1:3009 {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue