mirror of
https://github.com/alyraffauf/nixcfg.git
synced 2024-11-22 07:53:55 -05:00
nixos/navidrome: configure secrets before running navidrome
This commit is contained in:
parent
db40755c05
commit
4e150dd5c2
|
|
@ -5,12 +5,33 @@
|
|||
...
|
||||
}: {
|
||||
config = lib.mkIf config.ar.services.navidrome.enable {
|
||||
age.secrets.lastFMApiKey.file = ../../../secrets/lastFM/apiKey.age;
|
||||
age.secrets.lastFMSecret.file = ../../../secrets/lastFM/secret.age;
|
||||
age.secrets.spotifyClientId.file = ../../../secrets/spotify/clientId.age;
|
||||
age.secrets.spotifyClientSecret.file = ../../../secrets/spotify/clientSecret.age;
|
||||
age.secrets = let
|
||||
owner = "navidrome";
|
||||
in {
|
||||
lastFMApiKey = {
|
||||
inherit owner;
|
||||
file = ../../../secrets/lastFM/apiKey.age;
|
||||
};
|
||||
|
||||
system.activationScripts."navidrome-secrets" = let
|
||||
lastFMSecret = {
|
||||
inherit owner;
|
||||
file = ../../../secrets/lastFM/secret.age;
|
||||
};
|
||||
|
||||
spotifyClientId = {
|
||||
inherit owner;
|
||||
file = ../../../secrets/spotify/clientId.age;
|
||||
};
|
||||
|
||||
spotifyClientSecret = {
|
||||
inherit owner;
|
||||
file = ../../../secrets/spotify/clientSecret.age;
|
||||
};
|
||||
};
|
||||
|
||||
services.navidrome.enable = true;
|
||||
|
||||
systemd.services.navidrome.serviceConfig = let
|
||||
navidromeConfig = builtins.toFile "navidrome.json" (lib.generators.toJSON {} {
|
||||
Address = "0.0.0.0";
|
||||
DefaultTheme = "Auto";
|
||||
|
|
@ -25,7 +46,8 @@
|
|||
"LastFM.Secret" = "@lastFMSecret@";
|
||||
"LastFM.Language" = "en";
|
||||
});
|
||||
in ''
|
||||
|
||||
navidrome-secrets = pkgs.writeShellScript "navidrome-secrets" ''
|
||||
lastFMApiKey=$(cat "${config.age.secrets.lastFMApiKey.path}")
|
||||
lastFMSecret=$(cat "${config.age.secrets.lastFMSecret.path}")
|
||||
spotifyClientId=$(cat "${config.age.secrets.spotifyClientId.path}")
|
||||
|
|
@ -34,17 +56,20 @@
|
|||
-e "s/@spotifyClientId@/$spotifyClientId/" -e "s/@spotifyClientSecret@/$spotifyClientSecret/" \
|
||||
${navidromeConfig} > /var/lib/navidrome/navidrome.json
|
||||
'';
|
||||
in {
|
||||
BindReadOnlyPaths = [
|
||||
config.age.secrets.lastFMApiKey.path
|
||||
config.age.secrets.lastFMSecret.path
|
||||
config.age.secrets.spotifyClientId.path
|
||||
config.age.secrets.spotifyClientSecret.path
|
||||
config.ar.services.navidrome.musicDirectory
|
||||
];
|
||||
|
||||
systemd.services.navidrome.serviceConfig = {
|
||||
BindReadOnlyPaths = "${config.ar.services.navidrome.musicDirectory}";
|
||||
ExecStartPre = navidrome-secrets;
|
||||
ExecStart = lib.mkForce ''
|
||||
${config.services.navidrome.package}/bin/navidrome --configfile /var/lib/navidrome/navidrome.json \
|
||||
--datafolder /var/lib/navidrome/
|
||||
'';
|
||||
};
|
||||
|
||||
services.navidrome = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue