fix: remove dependence on secrets.json in most modules (#170)

VaultWarden reads admin token from secrets.json too, but it will not error out if it's not set and it is not set by infect. Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/170 Reviewed-by: Inex Code <inex.code@selfprivacy.org> Co-authored-by: nhnn <nhnn@nhnn.dev> Co-committed-by: nhnn <nhnn@nhnn.dev>
2025-09-02 15:13:17 +03:00
parent 59806327d1
commit 522dfa8dde
5 changed files with 6 additions and 38 deletions
--- a/sp-modules/pleroma/cleanup-module.nix
+++ b/sp-modules/pleroma/cleanup-module.nix
@@ -1,12 +0,0 @@
-{ config, lib, ... }:
-let
-  inherit (import ./common.nix config) secrets-exs sp;
-in
-# FIXME do we really want to delete passwords on module deactivation!?
-{
-  config = lib.mkIf (!sp.modules.pleroma.enable) {
-    system.activationScripts.pleroma = lib.trivial.warn ("pleroma service is disabled, ${secrets-exs} will be removed!") ''
-      rm -f -v ${secrets-exs}
-    '';
-  };
-}
--- a/sp-modules/pleroma/common.nix
+++ b/sp-modules/pleroma/common.nix
@@ -1,4 +0,0 @@
-config: {
-  sp = config.selfprivacy;
-  secrets-exs = "/var/lib/pleroma/secrets.exs";
-}
--- a/sp-modules/pleroma/module.nix
+++ b/sp-modules/pleroma/module.nix
@@ -5,9 +5,8 @@
  ...
 }:
 let
-  secrets-filepath = "/etc/selfprivacy/secrets.json";
  cfg = config.selfprivacy.modules.pleroma;
-  inherit (import ./common.nix config) secrets-exs sp;
+  sp = config.selfprivacy;
 in
 {
  options.selfprivacy.modules.pleroma = {
@@ -106,16 +105,12 @@ in
          serviceConfig.Type = "oneshot";
          path = with pkgs; [
            coreutils
-            jq
          ];
          script = ''
            set -o nounset

-            password="$(jq -re '.databasePassword' ${secrets-filepath})"
            filecontents=$(cat <<- EOF
            import Config
-            config :pleroma, Pleroma.Repo,
-              password: "$password"
            EOF
            )