acme ownership for hetzner api key

2026-04-03 16:42:33 +02:00 · 2026-04-03 16:42:33 +02:00 · 6c9fd17e00
commit 6c9fd17e00
parent 04d03398bf
1 changed files with 14 additions and 2 deletions
--- a/hosts/sid/services/nginx.nix
+++ b/hosts/sid/services/nginx.nix
@ -51,8 +51,6 @@ in
      credentialsFile = config.sops.templates.hetzner-dns-api-key.path;
    };
  };
-  sops.secrets.hetzner-dns-api-key = { };
-  sops.templates.hetzner-dns-api-key.content = "HETZNER_API_TOKEN=${config.sops.placeholder.hetzner-dns-api-key}";

  services.nginx = {
    enable = true;
@ -114,4 +112,18 @@ in
    #   };
    # };
  };
+
+  sops =
+    let
+      owner = "acme";
+      group = "acme";
+      mode = "0400";
+    in
+    {
+      secrets.hetzner-dns-api-key = { inherit owner group mode; };
+      templates.hetzner-dns-api-key = {
+        inherit owner group mode;
+        content = "HETZNER_API_TOKEN=${config.sops.placeholder.hetzner-dns-api-key}";
+      };
+    };
 }