Skip to content
Snippets Groups Projects
Unverified Commit 8725d655 authored by Jean-Paul Calderone's avatar Jean-Paul Calderone
Browse files

Put the keys in the secrets directory instead of the nix store

parent 24c19c19
No related branches found
No related tags found
1 merge request!26Update PaymentServer and improve secret handling
...@@ -17,6 +17,14 @@ ...@@ -17,6 +17,14 @@
permissions = "0400"; permissions = "0400";
action = ["sudo" "systemctl" "restart" "zkapissuer.service"]; action = ["sudo" "systemctl" "restart" "zkapissuer.service"];
}; };
"stripe-secret-key" = {
source = stripeSecretKeyPath;
destination = "/var/secrets/stripe.secret-key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
action = ["sudo" "systemctl" "restart" "zkapissuer.service"];
};
}; };
}; };
...@@ -28,8 +36,8 @@ ...@@ -28,8 +36,8 @@
services.private-storage-issuer = { services.private-storage-issuer = {
enable = true; enable = true;
tls = true; tls = true;
ristrettoSigningKeyPath = ./../.. + ristrettoSigningKeyPath; ristrettoSigningKeyPath = "/var/secrets/ristretto.signing-key";
stripeSecretKeyPath = ./../.. + stripeSecretKeyPath; stripeSecretKeyPath = "/var/secrets/stripe.secret-key";
database = "SQLite3"; database = "SQLite3";
databasePath = "/var/db/vouchers.sqlite3"; databasePath = "/var/db/vouchers.sqlite3";
inherit letsEncryptAdminEmail; inherit letsEncryptAdminEmail;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment