using hooks url in sops

2024-07-07 19:47:11 -04:00
parent bf4c08c81b
commit 023661129c
3 changed files with 23 additions and 6 deletions
--- a/systems/jeeves-jr/services.nix
+++ b/systems/jeeves-jr/services.nix
@@ -1,4 +1,4 @@
-{ inputs, ... }:
+{ config, inputs, ... }:
 {
  systemd = {
    services.startup_validation = {
@@ -6,7 +6,7 @@
      description = "validates startup";
      serviceConfig = {
        Type = "oneshot";
-        Environment = "WEBHOOK_URL=test";
+        Environment = config.sops.secrets."server-validation/webhook".path;
        ExecStart = "${inputs.server_tools.packages.x86_64-linux.default}/bin/validate_jeevesjr";
      };
    };
@@ -18,4 +18,8 @@
      };
    };
  };
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+    secrets."server-validation/webhook".owner = "root";
+  };
 }
--- a/systems/jeeves/services.nix
+++ b/systems/jeeves/services.nix
@@ -1,4 +1,9 @@
-{ inputs, pkgs, ... }:
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}:
 {
  systemd = {
    services = {
@@ -6,7 +11,6 @@
        description = "maintains /zfs/storage/plex permissions";
        serviceConfig = {
          Type = "oneshot";
-          Environment = "WEBHOOK_URL=test";
          ExecStart = "${pkgs.bash}/bin/bash ${./scripts/plex_permission.sh}";
        };
      };
@@ -14,6 +18,7 @@
        wantedBy = [ "multi-user.target" ];
        description = "validates startup";
        serviceConfig = {
+          Environment = config.sops.secrets."server-validation/webhook".path;
          Type = "oneshot";
          ExecStart = "${inputs.server_tools.packages.x86_64-linux.default}/bin/validate_jeeves";
        };
@@ -37,4 +42,8 @@
      };
    };
  };
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+    secrets."server-validation/webhook".owner = "root";
+  };
 }
--- a/systems/palatine-hill/services.nix
+++ b/systems/palatine-hill/services.nix
@@ -1,4 +1,4 @@
-{ inputs, ... }:
+{ config, inputs, ... }:
 {
  systemd = {
    services.startup_validation = {
@@ -6,7 +6,7 @@
      description = "validates startup";
      serviceConfig = {
        Type = "oneshot";
-        Environment = "WEBHOOK_URL=test";
+        Environment = config.sops.secrets."server-validation/webhook".path;
        ExecStart = "${inputs.server_tools.packages.x86_64-linux.default}/bin/validate_palatine_hill";
      };
    };
@@ -18,4 +18,8 @@
      };
    };
  };
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+    secrets."server-validation/webhook".owner = "root";
+  };
 }