tbarnouin/nixos-hypervisor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add specific cs key per machine (not ideal, not declarative)

Browse source
This commit is contained in:
Théo Barnouin 2025-04-14 14:14:59 +02:00
parent 5be466302d
commit 21cbf45c5d
2 changed files with 8 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
services/jellyfin/default.nix
View file

@ -10,6 +10,12 @@ in {
enable = lib.mkEnableOption "Enable minimal config"; enable = lib.mkEnableOption "Enable minimal config";
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
age.secrets = {
cs-lapi-key = {
file = ../secrets/jellyfin-lapi-key.age;
owner = "crowdsec";
};
};
systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "iHD"; systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "iHD";
environment = { environment = {
sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; }; sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; };
@ -40,6 +46,7 @@ in {
hub.collections = [ hub.collections = [
"LePresidente/jellyfin" "LePresidente/jellyfin"
]; ];
settings.lapi.credentialsFile = "${config.age.secrets.jellyfin-lapi-key.path}";
localConfig = { localConfig = {
acquisitions = [ acquisitions = [
{ {

11
systems/minimalVMConfig.nix
View file

@ -1,6 +1,5 @@
{ {
config, config, pkgs,
pkgs,
lib, lib,
inputs, inputs,
modulesPath, modulesPath,
@ -86,13 +85,6 @@
]; ];
}; };
age.secrets = {
cs-lapi-key = {
file = ../secrets/cs-lapi-key.age;
owner = "crowdsec";
};
};
services = { services = {
cloud-init.network.enable = true; cloud-init.network.enable = true;
openssh = { openssh = {
@ -119,7 +111,6 @@
general = { general = {
prometheus.listen_addr = "0.0.0.0"; prometheus.listen_addr = "0.0.0.0";
}; };
lapi.credentialsFile = "${config.age.secrets.cs-lapi-token.path}";
}; };
hub.collections = [ hub.collections = [
"crowdsecurity/linux" "crowdsecurity/linux"