diff --git a/flake.nix b/flake.nix index 4447cdba..610f480f 100644 --- a/flake.nix +++ b/flake.nix @@ -103,6 +103,7 @@ specialArgs = {inherit inputs self;}; modules = [ ./hosts/${host} + inputs.agenix.nixosModules.default ]; } ); diff --git a/nixosModules/containers/nixos/navidrome/default.nix b/nixosModules/containers/nixos/navidrome/default.nix index 5fb1f04b..2a9487f0 100644 --- a/nixosModules/containers/nixos/navidrome/default.nix +++ b/nixosModules/containers/nixos/navidrome/default.nix @@ -1,7 +1,8 @@ { - pkgs, - lib, config, + inputs, + lib, + pkgs, self, ... }: { @@ -21,6 +22,11 @@ }; config = lib.mkIf config.alyraffauf.containers.nixos.navidrome.enable { + # Spotify secrets aren't exactly safe, because they are world-readable in the nix store. + # But they're reasonably disposable and hidden from the public git repo. + age.secrets.spotifyClientId.file = ../../../../secrets/spotify/clientId.age; + age.secrets.spotifyClientSecret.file = ../../../../secrets/spotify/clientSecret.age; + containers.navidrome = { autoStart = true; bindMounts."/Music".hostPath = config.alyraffauf.containers.nixos.navidrome.musicDirectory; @@ -39,9 +45,9 @@ openFirewall = true; settings = { Address = "0.0.0.0"; - Port = port; - MusicFolder = "/Music"; DefaultTheme = "Auto"; + MusicFolder = "/Music"; + Port = port; SubsonicArtistParticipations = true; UIWelcomeMessage = "Welcome to Navidrome! Registrations are closed."; }; diff --git a/nixosModules/system/wifi.nix b/nixosModules/system/wifi.nix index 60c5acae..89596ecd 100644 --- a/nixosModules/system/wifi.nix +++ b/nixosModules/system/wifi.nix @@ -5,10 +5,6 @@ pkgs, ... }: { - imports = [ - inputs.agenix.nixosModules.default - ]; - age.secrets.Stargate-Discovery.file = ../../secrets/wifi/Stargate-Discovery.age; age.secrets.wattson.file = ../../secrets/wifi/wattson.age;