Fix(system/services/invidious): Set correct access permissions on hmac

author: Soispha <soispha@vhack.eu> 2023-08-11 09:54:23 +0200
committer: Soispha <soispha@vhack.eu> 2023-08-11 10:10:39 +0200
commit: c525e36a3dd0345e3ef04b9e2669264b4ec7daa2 (patch)
tree: 02c8d48f9e67481c3e51b0cc5bc41e90d7bb40a1
parent: Fix(system/services/invidious): Check tables on startup (diff)
download: nixos-server-c525e36a3dd0345e3ef04b9e2669264b4ec7daa2.tar.gz
nixos-server-c525e36a3dd0345e3ef04b9e2669264b4ec7daa2.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/system/services/invidious/default.nix b/system/services/invidious/default.nix
index 17ba0c1..8b69c2e 100644
--- a/system/services/invidious/default.nix
+++ b/system/services/invidious/default.nix
@@ -6,10 +6,13 @@
     };
     domain = "invidious.vhack.eu";
     nginx.enable = true;
-    extraSettingsFile = "${config.age.secrets.invidiousHmac.path}";
+    extraSettingsFile = "$CREDENTIALS_DIRECTORY/hmac";
 
     settings = {
       check_tables = true;
     };
   };
+  systemd.services.invidious.serviceConfig = {
+    LoadCredential = "hmac:${config.age.secrets.invidiousHmac.path}";
+  };
 }
author	Soispha <soispha@vhack.eu>	2023-08-11 09:54:23 +0200
committer	Soispha <soispha@vhack.eu>	2023-08-11 10:10:39 +0200
commit	c525e36a3dd0345e3ef04b9e2669264b4ec7daa2 (patch)
tree	02c8d48f9e67481c3e51b0cc5bc41e90d7bb40a1
parent	Fix(system/services/invidious): Check tables on startup (diff)
download	nixos-server-c525e36a3dd0345e3ef04b9e2669264b4ec7daa2.tar.gz nixos-server-c525e36a3dd0345e3ef04b9e2669264b4ec7daa2.zip