harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nixcfg/systems/x86_64-linux/sgx
History
Harald Hoyer 01f42c0851 feat(sops): trigger service restarts on secret rotation 
Wire up restartUnits on secrets whose consumers cache them in memory
(daemons read at startup), so sops-nix restarts the affected unit on
activation when the decrypted content changes:

- firefly: app_key → phpfpm-firefly-iii;
  auto_import_secret + access_token → phpfpm-firefly-iii-data-importer
- searx: secret_key → uwsgi
- opencode: web password → opencode-serve
- mail: sasl_passwd → postfix
- forgejo: gitea_dbpass → forgejo; runner-token → gitea-runner-default

Secrets read on demand by oneshots/timers (firefly sparda_pin, ntfy
token, restic backup creds, acme dns creds, wg conf) are left as-is.
2026-05-03 15:23:40 +02:00
..
acme.nix feat(sgx): add opencode web server 2026-05-03 14:57:49 +02:00
backup.nix fix(sgx): treat rsync exit code 24 as success in backup 2026-04-01 15:39:08 +02:00
default.nix feat(sgx): add opencode web server 2026-05-03 14:57:49 +02:00
fileserver.nix chore: nix fmt 2026-05-03 14:57:49 +02:00
firefly.nix feat(sops): trigger service restarts on secret rotation 2026-05-03 15:23:40 +02:00
hardware-configuration.nix feat(nix): update SGX hardware configuration for x1 11th gen 2025-12-04 11:07:44 +01:00
mail.nix feat(sops): trigger service restarts on secret rotation 2026-05-03 15:23:40 +02:00
network.nix sgx/network: open TCP 8000-8999 in firewall 2026-05-03 13:47:39 +02:00
nginx.nix feat(sgx): add opencode web server 2026-05-03 14:57:49 +02:00
opencode.nix feat(sops): trigger service restarts on secret rotation 2026-05-03 15:23:40 +02:00
openwebui.nix chore: nix fmt 2026-05-03 14:57:49 +02:00
searx.nix feat(sops): trigger service restarts on secret rotation 2026-05-03 15:23:40 +02:00
uptime-kuma.nix chore: nix fmt 2026-05-03 14:57:49 +02:00
wyoming.nix chore: nix fmt 2026-05-03 14:57:49 +02:00