kommode/gitea: fix declarative secrets

base: don't lock kernel modules lmao
2025-09-03 01:26:22 +02:00 · 2025-08-03 04:44:37 +02:00 · 2025-08-03 04:36:10 +02:00
2 changed files with 4 additions and 4 deletions
--- a/base/default.nix
+++ b/base/default.nix
@ -66,7 +66,7 @@
  programs.zsh.enable = true;
-  security.lockKernelModules = true;
+  # security.lockKernelModules = true;
  security.protectKernelImage = true;
  security.sudo.execWheelOnly = true;
  security.sudo.extraConfig = ''
--- a/hosts/kommode/services/gitea/default.nix
+++ b/hosts/kommode/services/gitea/default.nix
@ -51,11 +51,11 @@ in {
        START_SSH_SERVER = true;
        START_LFS_SERVER = true;
        LFS_JWT_SECRET = lib.mkForce "";
-        LFS_JWT_SECRET_URI = config.sops.secrets."gitea/lfs-jwt-secret".path;
+        LFS_JWT_SECRET_URI = "file:${config.sops.secrets."gitea/lfs-jwt-secret".path}";
      };
      oauth2 = {
        JWT_SECRET = lib.mkForce "";
-        JWT_SECRET_URI = config.sops.secrets."gitea/oauth2-jwt-secret".path;
+        JWT_SECRET_URI = "file:${config.sops.secrets."gitea/oauth2-jwt-secret".path}";
      };
      "git.timeout" = {
        MIGRATE = 3600;
@ -85,7 +85,7 @@ in {
      session.COOKIE_SECURE = true;
      security = {
        SECRET_KEY = lib.mkForce "";
-        SECRET_KEY_PATH = config.sops.secrets."gitea/secret-key".path;
+        SECRET_KEY_URI = "file:${config.sops.secrets."gitea/secret-key".path}";
      };
      database.LOG_SQL = false;
      repository = {
Author	SHA1	Message	Date
h7x4	2010556643	kommode/gitea: fix declarative secrets	2025-08-03 04:44:37 +02:00
h7x4	8dcd471a6f	base: don't lock kernel modules lmao	2025-08-03 04:36:10 +02:00