Jafner.net/homelab/stacks/traefik/stack.nix

{ sys, inputs, ... }: let stack = "traefik"; in {
  home-manager.users."${sys.username}".home.file = {
    "${stack}" = {
      enable = true;
      recursive = true;
      source = ./.;
      target = "stacks/${stack}/";
    };
    "${stack}/.env" = {
      enable = true;
      text = ''DOCKER_DATA=${sys.dockerData}'';
      target = "stacks/${stack}/.env";
    };
  };

  imports = [ inputs.sops-nix.nixosModules.sops ]; 
  sops.secrets."${stack}" = { 
    sopsFile = ./secrets.env;
    key = "";
    mode = "0440";
    owner = sys.username;
    # Access this secrets file in Nix expressions via: 
    #   config.sops.secrets.traefik.path
    # Or in sops-nix templates via:
    #   config.sops.placeholder.traefik.path
    # Or in the shell via:
    #   cat /run/secrets/traefik
  };
  #home-manager.users."${sys.username}".systemd.user.services."${stack}" = {};
}
Feature: Implement sops-nix for Traefik, send stacks: - Init stack.nix files. - Delete .env files, move into stack.nix. - Rotate traefik's secrets.env. 2025-01-30 15:02:34 -08:00			`{ sys, inputs, ... }: let stack = "traefik"; in {`
			`home-manager.users."${sys.username}".home.file = {`
			`"${stack}" = {`
			`enable = true;`
			`recursive = true;`
			`source = ./.;`
			`target = "stacks/${stack}/";`
			`};`
			`"${stack}/.env" = {`
			`enable = true;`
			`text = ''DOCKER_DATA=${sys.dockerData}'';`
			`target = "stacks/${stack}/.env";`
			`};`
			`};`

			`imports = [ inputs.sops-nix.nixosModules.sops ];`
			`sops.secrets."${stack}" = {`
			`sopsFile = ./secrets.env;`
			`key = "";`
			`mode = "0440";`
			`owner = sys.username;`
			`# Access this secrets file in Nix expressions via:`
			`# config.sops.secrets.traefik.path`
			`# Or in sops-nix templates via:`
			`# config.sops.placeholder.traefik.path`
			`# Or in the shell via:`
			`# cat /run/secrets/traefik`
			`};`
			`#home-manager.users."${sys.username}".systemd.user.services."${stack}" = {};`
			`}`