feat: move cloudflare tunnel token to sops secret

2025-04-04 20:51:38 -03:00
parent 3d17feec71
commit d94ef00183
4 changed files with 13 additions and 20 deletions
--- a/capytal/network.nix
+++ b/capytal/network.nix
@@ -30,7 +30,7 @@
    };
  };

-  virtualisation.oci-containers.containers.cloudflare-funnel = let
+  virtualisation.oci-containers.containers.cloudflare-tunnel = let
    secrets = config.spacestation-secrets.lesser;
  in {
    image = "cloudflare/cloudflared:latest";
@@ -42,10 +42,11 @@
      "tunnel"
      "--no-autoupdate"
      "run"
-      "--token"
-      secrets.capytal.cloudflare-funnel
+      # secrets.capytal.cloudflare-funnel
+    ];
+    environmentFiles = [
+      config.sops.secrets."cloudflared/tunnel-env".path
    ];
-    environment = {};
  };

  networking.firewall.allowedTCPPorts = [
--- a/capytal/websites.nix
+++ b/capytal/websites.nix
@@ -21,7 +21,7 @@
  services.keikos.web = {
    enable = true;
    port = 7030;
-    envFile = config.sops.secrets."keiko/envFile".path;
+    envFile = config.sops.secrets."keiko/env-file".path;
  };
  services.caddy.virtualHosts.":${toString (config.services.keikos.web.port + 1)}" = {
    extraConfig = ''