diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix index 68b06fa..e3f8c57 100644 --- a/containers/emerald/configuration.nix +++ b/containers/emerald/configuration.nix @@ -9,6 +9,7 @@ services.navidrome = { enable = true; + environmentFile = "/binds/navidrome_env"; settings = { Port = 4533; Address = "[::]"; diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index d8578fc..80f6dac 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -24,7 +24,7 @@ nixosConfigurations.container = nixpkgs.lib.nixosSystem { inherit modules; }; - nixosModule = { ... }: { + nixosModule = { config, ... }: { networking.nat = { enable = true; enableIPv6 = true; @@ -63,6 +63,11 @@ mountPoint = "/persist"; isReadOnly = false; }; + bindMounts."navidrome_env" = { + hostPath = config.age.secrets.navidrome_env.path; + mountPoint = "/binds/navidrome_env"; + isReadOnly = true; + }; # flake = "path:" + ./.; }; }; diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 5174cc7..58a0b80 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -5,6 +5,7 @@ age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; + navidrome_env.file = ../../secrets/navidrome_env.age; wg_dandelion.file = ../../secrets/wg_dandelion.age; }; diff --git a/secrets.nix b/secrets.nix index bab8c08..b2d0d0e 100644 --- a/secrets.nix +++ b/secrets.nix @@ -10,6 +10,7 @@ in { "secrets/wpa_conf.age".publicKeys = [ blossom rin ]; "secrets/acme_dns.age".publicKeys = [ dandelion hazel rin ]; + "secrets/navidrome_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/warden_admin.age".publicKeys = [ rin ]; "secrets/wg_anemone.age".publicKeys = [ anemone rin ]; diff --git a/secrets/navidrome_env.age b/secrets/navidrome_env.age new file mode 100644 index 0000000..6cb705c Binary files /dev/null and b/secrets/navidrome_env.age differ