sapphic.moe / flake
❄️ Dotfiles for our NixOS system configuration.
fork atom

chore(services:destiny-labeler): use environmentFiles for secret key ig

Chloe 1899e9c5 addafb83

options
unified split
Changed files
+14 -16
secrets
destiny-labeler.age
services
destiny-labeler
default.nix
+12 -14
secrets/destiny-labeler.age 
···

       
1

       
1

       
 

       
-----BEGIN AGE ENCRYPTED FILE-----


     

       
2

       

       
-

       
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGN2U2dKQSBKUEJG


     

       
3

       

       
-

       
S1RtWkR6aVZuUmtWci9tTy90L05ZbDZTbTZGaTZWeGJsVWRoQzNBCkd5cFlEYTVJ


     

       
4

       

       
-

       
QVlzRTlidEJFallZTmMzTERLelNDaWZQM25aeVdnWTBVUTAKLT4gc3NoLWVkMjU1


     

       
5

       

       
-

       
MTkgMUNUOTd3IG1XUHJ5NWk4UUk4Szc1TStxWnZCV1hiQ0JVMDB3OFV3eWZWM2Jj


     

       
6

       

       
-

       
ZkZNU2sKOTBnZFFSYUovNFhxK21vL1cvY0FkMmlpeGJDZ0NGdWlWTElnL2MyTGFY


     

       
7

       

       
-

       
SQotPiBzc2gtZWQyNTUxOSBlUDNUdFEgRjJmT1VCTVVjZk9MK0RMb3ByU1I0N2dk


     

       
8

       

       
-

       
MkZQamVxdXBKL0gvR2JMaFJ6cwpnUkxrbDUweVg5c1FTdHZJbWsyWTdRNVo4U205


     

       
9

       

       
-

       
amNsM3FNZEYrVVoranF3Ci0+IFspby4tZ3JlYXNlIG08I1tJOCBlI3dNXHUgMmAo


     

       
10

       

       
-

       
czdZQwpCZVRBV1J1MDZWTjBhR3FlNlVyOGZ4SmYwcndpQUZXQlRSQkI0bzhnUTVt


     

       
11

       

       
-

       
MzQ0ZTdtTlJKR2FBM00wNUhzbExhCmxFMlBnVm5SaEVyZnoyTGJUYVJ2QTI4Y3E1


     

       
12

       

       
-

       
a3dOZU85a1lYaTRxZjdtWUdXdi9nL29peGZKdWRTeEtsOQotLS0gcTBWZlZKOG8y


     

       
13

       

       
-

       
NW9LZmUrTWFLR3NKbEV0ZnlKNDYzNnhTWmx1Y0w4VnVmcwo6/NlBNJ3sHF7etQ0r


     

       
14

       

       
-

       
K1VzsO6xG9dSwdp5Wj2+PCkqEq8Knd9xEePLw4/hd47pz8JKjaKFhZdo8+QleyyI


     

       
15

       

       
-

       
ovi4czrf8Jc/X75TDASjLIf51EZ0l74en2n8nRPLusuvb8rO


     

       

       
2

       
+

       
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGN2U2dKQSBoNkJV


     

       

       
3

       
+

       
T04yWG9PbFdmRGc0bUhNaU4yTGl2S0lDZERlZ2FYbGNKSFdqMmkwCmdqVzlRYVhJ


     

       

       
4

       
+

       
NmN1VWYrbklIbFVvVUcxSHJnL09ydUVUV2tmaURVMUpKZ2sKLT4gc3NoLWVkMjU1


     

       

       
5

       
+

       
MTkgMUNUOTd3IFMvcVFvQ2M3UUpIZEdkRmtrSUtLaGZscHl0WGM2WFpjMlBPRlN1


     

       

       
6

       
+

       
K1p1MkkKYXg3d04weWdqRGY4RWJtdGZLUytvM1dQanBxVm4zUm91TXFDNjFhNDZk


     

       

       
7

       
+

       
dwotPiBzc2gtZWQyNTUxOSBlUDNUdFEgRUUxWVNLUDR3aVZUbENPai9LclhZTzZS


     

       

       
8

       
+

       
SDJjbDUyeXhqemdxWWlzdHZBSQpTMnhLWXp4MTE1eDVmUVoxYXNUZ2JrSWlFNGtr


     

       

       
9

       
+

       
NklWbmhCcWIxTzZEcEdFCi0+IDxsVypbQjJELWdyZWFzZSB5SnNuYGNjCjRDaXlC


     

       

       
10

       
+

       
cWdLd1EKLS0tIElObUx3SldVcTdtcVozc3A3Q0FROWZlV2JWckFESHBzQTVlNjlH


     

       

       
11

       
+

       
VEJ3YVUKWFcj2Hf3rGa7+aiJKUktkdOmVRF2c7VgKajt/EC3Z61jnMn9rMPWf9ZE


     

       

       
12

       
+

       
PlsfqBNOlLOiLfdEQnrwC3t2ajETUExrjUUhZ3n23rFT7SzB8giiDXEg9r6pV6Vk


     

       

       
13

       
+

       
aevt9JaLH123SxZURnkTJQ==


     

       
16

       
14

       
 

       
-----END AGE ENCRYPTED FILE-----
+2 -2
services/destiny-labeler/default.nix 
···

       
1

       
1

       
 

       
{ config, ... }:


     

       
2

       
2

       
 

       



     

       
3

       
3

       
 

       
{


     

       
4

       

       
-

       



     

       
5

       
4

       
 

       
  systemd.tmpfiles.rules = [


     

       
6

       
5

       
 

       
    "d /var/lib/destiny-labeler/data 0755 root root -"


     

       
7

       
6

       
 

       
    "f /var/lib/destiny-labeler/data/cursor.txt 0644 root root -"


     
···

       
9

       
8

       
 

       
    "f /var/lib/destiny-labeler/data/labels.db-shm 0644 root root -"


     

       
10

       
9

       
 

       
    "f /var/lib/destiny-labeler/data/labels.db-wal 0644 root root -"


     

       
11

       
10

       
 

       
  ];


     

       

       
11

       
+

       



     

       
12

       
12

       
 

       
  age.secrets.destiny-labeler = {


     

       
13

       
13

       
 

       
    file = ../../secrets/destiny-labeler.age;


     

       
14

       
14

       
 

       
    mode = "600";


     
···

       
21

       
21

       
 

       
    ports = [ "4001:4001" ];


     

       
22

       
22

       
 

       
    environment = {


     

       
23

       
23

       
 

       
      DID = "did:plc:zt2oycjggn5gwdtcgphdh4tn";


     

       
24

       

       
-

       
      SIGN_KEY = config.age.secrets.destiny-labeler.path;


     

       
25

       
24

       
 

       
      URL = "wss://jetstream.atproto.tools/subscribe";


     

       
26

       
25

       
 

       
      NODE_ENV = "production";


     

       
27

       
26

       
 

       
    };


     

       

       
27

       
+

       
    environmentFiles = [ config.age.secrets.destiny-labeler.path ];


     

       
28

       
28

       
 

       
    volumes = [


     

       
29

       
29

       
 

       
      "/var/lib/destiny-labeler/data/cursor.txt:/app/cursor.txt"


     

       
30

       
30

       
 

       
      "/var/lib/destiny-labeler/data/labels.db:/app/labels.db"