From 085f77e30e40290a75ef685c958b06ea691e3282 Mon Sep 17 00:00:00 2001 From: sitrius Date: Mon, 16 Feb 2026 22:53:21 +0000 Subject: [PATCH] fix: use configurable dataDir paths in arr stack and fix sops.secret references MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Replace hardcoded /var/lib/ paths with shb.arr..dataDir in arr.nix - Fix bazarr config path in test to use cfg.dataDir - Correct shb.sops.secrets → shb.sops.secret in documentation files --- README.md | 12 +++---- docs/preface.md | 12 +++---- docs/usage.md | 4 +-- modules/blocks/authelia/docs/default.md | 36 +++++++++---------- modules/blocks/borgbackup/docs/default.md | 8 ++--- modules/blocks/lldap/docs/default.md | 2 +- modules/blocks/restic/docs/default.md | 11 +++--- modules/blocks/sops/docs/default.md | 4 +-- modules/contracts/secret/docs/default.md | 8 ++--- modules/services/arr.nix | 12 +++---- modules/services/firefly-iii/docs/default.md | 2 +- modules/services/forgejo/docs/default.md | 12 +++---- modules/services/jellyfin/docs/default.md | 4 +-- .../services/nextcloud-server/docs/default.md | 12 +++---- modules/services/vaultwarden/docs/default.md | 2 +- test/services/arr.nix | 2 +- 16 files changed, 73 insertions(+), 70 deletions(-) diff --git a/README.md b/README.md index e29e33e..95f9ec8 100644 --- a/README.md +++ b/README.md @@ -250,14 +250,14 @@ shb.nextcloud = { host = "127.0.0.1"; port = config.shb.lldap.ldapPort; dcdomain = config.shb.lldap.dcdomain; - adminPassword.result = config.shb.sops.secrets."nextcloud/ldap/admin_password".result; + adminPassword.result = config.shb.sops.secret."nextcloud/ldap/admin_password".result; }; apps.sso = { enable = true; endpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}"; - secret.result = config.shb.sops.secrets."nextcloud/sso/secret".result; - secretForAuthelia.result = config.shb.sops.secrets."nextcloud/sso/secretForAuthelia".result; + secret.result = config.shb.sops.secret."nextcloud/sso/secret".result; + secretForAuthelia.result = config.shb.sops.secret."nextcloud/sso/secretForAuthelia".result; }; }; ``` @@ -275,15 +275,15 @@ shb.forgejo = { host = "127.0.0.1"; port = config.shb.lldap.ldapPort; dcdomain = config.shb.lldap.dcdomain; - adminPassword.result = config.shb.sops.secrets."nextcloud/ldap/admin_password".result; + adminPassword.result = config.shb.sops.secret."nextcloud/ldap/admin_password".result; }; sso = { enable = true; endpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}"; - secret.result = config.shb.sops.secrets."forgejo/sso/secret".result; - secretForAuthelia.result = config.shb.sops.secrets."forgejo/sso/secretForAuthelia".result; + secret.result = config.shb.sops.secret."forgejo/sso/secret".result; + secretForAuthelia.result = config.shb.sops.secret."forgejo/sso/secretForAuthelia".result; }; }; ``` diff --git a/docs/preface.md b/docs/preface.md index 24b14f2..6fcedff 100644 --- a/docs/preface.md +++ b/docs/preface.md @@ -221,14 +221,14 @@ shb.nextcloud = { host = "127.0.0.1"; port = config.shb.lldap.ldapPort; dcdomain = config.shb.lldap.dcdomain; - adminPassword.result = config.shb.sops.secrets."nextcloud/ldap/admin_password".result; + adminPassword.result = config.shb.sops.secret."nextcloud/ldap/admin_password".result; }; apps.sso = { enable = true; endpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}"; - secret.result = config.shb.sops.secrets."nextcloud/sso/secret".result; - secretForAuthelia.result = config.shb.sops.secrets."nextcloud/sso/secretForAuthelia".result; + secret.result = config.shb.sops.secret."nextcloud/sso/secret".result; + secretForAuthelia.result = config.shb.sops.secret."nextcloud/sso/secretForAuthelia".result; }; }; ``` @@ -246,15 +246,15 @@ shb.forgejo = { host = "127.0.0.1"; port = config.shb.lldap.ldapPort; dcdomain = config.shb.lldap.dcdomain; - adminPassword.result = config.shb.sops.secrets."nextcloud/ldap/admin_password".result; + adminPassword.result = config.shb.sops.secret."nextcloud/ldap/admin_password".result; }; sso = { enable = true; endpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}"; - secret.result = config.shb.sops.secrets."forgejo/sso/secret".result; - secretForAuthelia.result = config.shb.sops.secrets."forgejo/sso/secretForAuthelia".result; + secret.result = config.shb.sops.secret."forgejo/sso/secret".result; + secretForAuthelia.result = config.shb.sops.secret."forgejo/sso/secretForAuthelia".result; }; }; ``` diff --git a/docs/usage.md b/docs/usage.md index 98b882a..45c5021 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -634,8 +634,8 @@ One way to setup secrets management using `sops-nix`: Setting the default this way makes all sops instances use that same file. 7. Reference the secrets in nix: ```nix - shb.sops.secrets."nextcloud/adminpass".request = config.shb.nextcloud.adminPass.request; - shb.nextcloud.adminPass.result = config.shb.sops.secrets."nextcloud/adminpass".result; + shb.sops.secret."nextcloud/adminpass".request = config.shb.nextcloud.adminPass.request; + shb.nextcloud.adminPass.result = config.shb.sops.secret."nextcloud/adminpass".result; ``` The above snippet uses the [secrets contract](./contracts-secret.html) and [sops block](./blocks-sops.html) to ease the configuration. diff --git a/modules/blocks/authelia/docs/default.md b/modules/blocks/authelia/docs/default.md index ef41a50..6d26b4d 100644 --- a/modules/blocks/authelia/docs/default.md +++ b/modules/blocks/authelia/docs/default.md @@ -44,31 +44,31 @@ shb.authelia = { port = 587; username = "postmaster@mg.example.com"; from_address = "authelia@example.com"; - password.result = config.shb.sops.secrets."authelia/smtp_password".result; + password.result = config.shb.sops.secret."authelia/smtp_password".result; }; secrets = { - jwtSecret.result = config.shb.sops.secrets."authelia/jwt_secret".result; - ldapAdminPassword.result = config.shb.sops.secrets."authelia/ldap_admin_password".result; - sessionSecret.result = config.shb.sops.secrets."authelia/session_secret".result; - storageEncryptionKey.result = config.shb.sops.secrets."authelia/storage_encryption_key".result; - identityProvidersOIDCHMACSecret.result = config.shb.sops.secrets."authelia/hmac_secret".result; - identityProvidersOIDCIssuerPrivateKey.result = config.shb.sops.secrets."authelia/private_key".result; + jwtSecret.result = config.shb.sops.secret."authelia/jwt_secret".result; + ldapAdminPassword.result = config.shb.sops.secret."authelia/ldap_admin_password".result; + sessionSecret.result = config.shb.sops.secret."authelia/session_secret".result; + storageEncryptionKey.result = config.shb.sops.secret."authelia/storage_encryption_key".result; + identityProvidersOIDCHMACSecret.result = config.shb.sops.secret."authelia/hmac_secret".result; + identityProvidersOIDCIssuerPrivateKey.result = config.shb.sops.secret."authelia/private_key".result; }; }; shb.certs.certs.letsencrypt."example.com".extraDomains = [ "auth.example.com" ]; -shb.sops.secrets."authelia/jwt_secret".request = config.shb.authelia.secrets.jwtSecret.request; -shb.sops.secrets."authelia/ldap_admin_password" = { +shb.sops.secret."authelia/jwt_secret".request = config.shb.authelia.secrets.jwtSecret.request; +shb.sops.secret."authelia/ldap_admin_password" = { request = config.shb.authelia.secrets.ldapAdminPassword.request; settings.key = "lldap/user_password"; }; -shb.sops.secrets."authelia/session_secret".request = config.shb.authelia.secrets.sessionSecret.request; -shb.sops.secrets."authelia/storage_encryption_key".request = config.shb.authelia.secrets.storageEncryptionKey.request; -shb.sops.secrets."authelia/hmac_secret".request = config.shb.authelia.secrets.identityProvidersOIDCHMACSecret.request; -shb.sops.secrets."authelia/private_key".request = config.shb.authelia.secrets.identityProvidersOIDCIssuerPrivateKey.request; -shb.sops.secrets."authelia/smtp_password".request = config.shb.authelia.smtp.password.request; +shb.sops.secret."authelia/session_secret".request = config.shb.authelia.secrets.sessionSecret.request; +shb.sops.secret."authelia/storage_encryption_key".request = config.shb.authelia.secrets.storageEncryptionKey.request; +shb.sops.secret."authelia/hmac_secret".request = config.shb.authelia.secrets.identityProvidersOIDCHMACSecret.request; +shb.sops.secret."authelia/private_key".request = config.shb.authelia.secrets.identityProvidersOIDCIssuerPrivateKey.request; +shb.sops.secret."authelia/smtp_password".request = config.shb.authelia.smtp.password.request; ``` This assumes secrets are setup with SOPS @@ -95,8 +95,8 @@ shb..sso = { enable = true; endpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}"; - secret.result = config.shb.sops.secrets."/sso/secret".result; - secretForAuthelia.result = config.shb.sops.secrets."/sso/secretForAuthelia".result; + secret.result = config.shb.sops.secret."/sso/secret".result; + secretForAuthelia.result = config.shb.sops.secret."/sso/secretForAuthelia".result; }; shb.sops.secret."/sso/secret".request = config.shb..sso.secret.request; @@ -122,7 +122,7 @@ the necessary configuration is: shb.authelia.oidcClients = [ { client_id = ""; - client_secret.source = shb.sops.secret."/sso/secretForAuthelia".response.path; + client_secret.source = config.shb.sops.secret."/sso/secretForAuthelia".response.path; scopes = [ "openid" "email" "profile" ]; redirect_uris = [ "" @@ -167,7 +167,7 @@ services.open-webui.environment = { shb.authelia.oidcClients = [ { client_id = "open-webui"; - client_secret.source = shb.sops.secret."open-webui/sso/secretForAuthelia".response.path; + client_secret.source = config.shb.sops.secret."open-webui/sso/secretForAuthelia".response.path; scopes = [ "openid" "email" "profile" ]; redirect_uris = [ "" diff --git a/modules/blocks/borgbackup/docs/default.md b/modules/blocks/borgbackup/docs/default.md index 4ae8bf0..0ce2408 100644 --- a/modules/blocks/borgbackup/docs/default.md +++ b/modules/blocks/borgbackup/docs/default.md @@ -50,7 +50,7 @@ shb.borgbackup.instances."myservice" = { settings = { enable = true; - passphrase.result = shb.sops.secret."passphrase".result; + passphrase.result = config.shb.sops.secret."passphrase".result; repository = { path = "/srv/backups/myservice"; @@ -71,7 +71,7 @@ shb.borgbackup.instances."myservice" = { }; shb.sops.secret."passphrase".request = - shb.borgbackup.instances."myservice".settings.passphrase.request; + config.shb.borgbackup.instances."myservice".settings.passphrase.request; ``` ### One folder backed up with contract {#blocks-borgbackup-usage-provider-contract} @@ -87,7 +87,7 @@ shb.borgbackup.instances."myservice" = { settings = { enable = true; - passphrase.result = shb.sops.secret."passphrase".result; + passphrase.result = config.shb.sops.secret."passphrase".result; repository = { path = "/srv/backups/myservice"; @@ -108,7 +108,7 @@ shb.borgbackup.instances."myservice" = { }; shb.sops.secret."passphrase".request = - shb.borgbackup.instances."myservice".settings.passphrase.request; + config.shb.borgbackup.instances."myservice".settings.passphrase.request; ``` ### One folder backed up to S3 {#blocks-borgbackup-usage-provider-remote} diff --git a/modules/blocks/lldap/docs/default.md b/modules/blocks/lldap/docs/default.md index 1ea63c7..ec0c723 100644 --- a/modules/blocks/lldap/docs/default.md +++ b/modules/blocks/lldap/docs/default.md @@ -142,7 +142,7 @@ set [`shb.lldap.enforceUserMemberships`](#blocks-lldap-options-shb.lldap.enforce }; shb.sops.secret."dad".request = - shb.lldap.ensureUsers.dad.password.request; + config.shb.lldap.ensureUsers.dad.password.request; } ``` diff --git a/modules/blocks/restic/docs/default.md b/modules/blocks/restic/docs/default.md index 14f9810..342852c 100644 --- a/modules/blocks/restic/docs/default.md +++ b/modules/blocks/restic/docs/default.md @@ -8,6 +8,7 @@ This block sets up a backup job using [Restic][]. ## Provider Contracts {#blocks-restic-contract-provider} + This block provides the following contracts: - [backup contract](contracts-backup.html) under the [`shb.restic.instances`][instances] option. @@ -25,6 +26,7 @@ a backup Systemd service and a [restore script](#blocks-restic-maintenance) are ## Usage {#blocks-restic-usage} + The following examples assume usage of the [sops block][] to provide secrets although any blocks providing the [secrets contract][] works too. @@ -33,6 +35,7 @@ although any blocks providing the [secrets contract][] works too. ### One folder backed up manually {#blocks-restic-usage-provider-manual} + The following snippet shows how to configure the backup of 1 folder to 1 repository. We assume that the folder `/var/lib/myfolder` of the service `myservice` must be backed up. @@ -50,7 +53,7 @@ shb.restic.instances."myservice" = { settings = { enable = true; - passphrase.result = shb.sops.secret."passphrase".result; + passphrase.result = config.shb.sops.secret."passphrase".result; repository = { path = "/srv/backups/myservice"; @@ -71,7 +74,7 @@ shb.restic.instances."myservice" = { }; shb.sops.secret."passphrase".request = - shb.restic.instances."myservice".settings.passphrase.request; + config.shb.restic.instances."myservice".settings.passphrase.request; ``` ### One folder backed up with contract {#blocks-restic-usage-provider-contract} @@ -87,7 +90,7 @@ shb.restic.instances."myservice" = { settings = { enable = true; - passphrase.result = shb.sops.secret."passphrase".result; + passphrase.result = config.shb.sops.secret."passphrase".result; repository = { path = "/srv/backups/myservice"; @@ -108,7 +111,7 @@ shb.restic.instances."myservice" = { }; shb.sops.secret."passphrase".request = - shb.restic.instances."myservice".settings.passphrase.request; + config.shb.restic.instances."myservice".settings.passphrase.request; ``` ### One folder backed up to S3 {#blocks-restic-usage-provider-remote} diff --git a/modules/blocks/sops/docs/default.md b/modules/blocks/sops/docs/default.md index b1dcf47..2cc4164 100644 --- a/modules/blocks/sops/docs/default.md +++ b/modules/blocks/sops/docs/default.md @@ -13,7 +13,7 @@ to adapt it to the [secret contract](./contracts-secret.html). This block provides the following contracts: -- [secret contract][] under the [`shb.sops.secrets`][secret] option. +- [secret contract][] under the [`shb.sops.secret`][secret] option. It is not yet tested with [contract tests][secret contract tests] but it is used extensively on several machines. [secret]: #blocks-sops-options-shb.sops.secret @@ -21,7 +21,7 @@ This block provides the following contracts: [secret contract tests]: @REPO@/test/contracts/secret.nix As requested by the contract, when asking for a secret with the `shb.sops` module, -the path where the secret will be located can be found under the [`shb.sops.secrets..result`][result] option. +the path where the secret will be located can be found under the [`shb.sops.secret..result`][result] option. [result]: #blocks-sops-options-shb.sops.secret._name_.result diff --git a/modules/contracts/secret/docs/default.md b/modules/contracts/secret/docs/default.md index 5675ee3..802f6ee 100644 --- a/modules/contracts/secret/docs/default.md +++ b/modules/contracts/secret/docs/default.md @@ -42,12 +42,12 @@ Now, with this contract, a layer on top of `sops` is added which is found under The configuration then becomes: ```nix -shb.sops.secrets."ldap/user_password" = { +shb.sops.secret."ldap/user_password" = { request = config.shb.lldap.userPassword.request; settings.sopsFile = ./secrets.yaml; }; -shb.lldap.userPassword.result = config.shb.sops.secrets."ldap/user_password".result; +shb.lldap.userPassword.result = config.shb.sops.secret."ldap/user_password".result; ``` The issue is now gone as the responsibility falls @@ -63,9 +63,9 @@ sops.defaultSopsFile = ./secrets.yaml; Then the snippet above is even more simplified: ```nix -shb.sops.secrets."ldap/user_password".request = config.shb.lldap.userPassword.request; +shb.sops.secret."ldap/user_password".request = config.shb.lldap.userPassword.request; -shb.lldap.userPassword.result = config.shb.sops.secrets."ldap/user_password".result; +shb.lldap.userPassword.result = config.shb.sops.secret."ldap/user_password".result; ``` ## Contract Reference {#contract-secret-options} diff --git a/modules/services/arr.nix b/modules/services/arr.nix index 12a7175..e16bcec 100644 --- a/modules/services/arr.nix +++ b/modules/services/arr.nix @@ -395,7 +395,7 @@ in services.radarr = { enable = true; - dataDir = "/var/lib/radarr"; + dataDir = shb.arr.radarr.dataDir; }; systemd.services.radarr.preStart = shb.replaceSecrets { @@ -423,7 +423,7 @@ in services.sonarr = { enable = true; - dataDir = "/var/lib/sonarr"; + dataDir = shb.arr.sonarr.dataDir; }; users.users.sonarr = { extraGroups = [ "media" ]; @@ -464,7 +464,7 @@ in AuthenticationRequired = "DisabledForLocalAddresses"; AuthenticationMethod = "External"; }); - resultPath = "/var/lib/bazarr/config.xml"; + resultPath = "${config.services.bazarr.dataDir}/config.xml"; generator = apps.bazarr.settingsFormat.generate; }; @@ -479,7 +479,7 @@ in { services.readarr = { enable = true; - dataDir = "/var/lib/readarr"; + dataDir = shb.arr.readarr.dataDir; }; users.users.readarr = { extraGroups = [ "media" ]; @@ -502,7 +502,7 @@ in { services.lidarr = { enable = true; - dataDir = "/var/lib/lidarr"; + dataDir = shb.arr.lidarr.dataDir; }; users.users.lidarr = { extraGroups = [ "media" ]; @@ -529,7 +529,7 @@ in { services.jackett = { enable = true; - dataDir = "/var/lib/jackett"; + dataDir = shb.arr.jackett.dataDir; }; # TODO: avoid implicitly relying on the media group users.users.jackett = { diff --git a/modules/services/firefly-iii/docs/default.md b/modules/services/firefly-iii/docs/default.md index c5f244d..87ea3b6 100644 --- a/modules/services/firefly-iii/docs/default.md +++ b/modules/services/firefly-iii/docs/default.md @@ -39,7 +39,7 @@ shb.firefly-iii = { port = 587; username = "postmaster@mg.example.com"; from_address = "firefly-iii@example.com"; - password.result = config.shb.sops.secrets."firefly-iii/smtpPassword".result; + password.result = config.shb.sops.secret."firefly-iii/smtpPassword".result; }; sso = { diff --git a/modules/services/forgejo/docs/default.md b/modules/services/forgejo/docs/default.md index 86c16c3..9c39855 100644 --- a/modules/services/forgejo/docs/default.md +++ b/modules/services/forgejo/docs/default.md @@ -34,20 +34,20 @@ shb.forgejo = { "theadmin" = { isAdmin = true; email = "theadmin@example.com"; - password.result = config.shb.sops.secrets.forgejoAdminPassword.result; + password.result = config.shb.sops.secret.forgejoAdminPassword.result; }; "theuser" = { email = "theuser@example.com"; - password.result = config.shb.sops.secrets.forgejoUserPassword.result; + password.result = config.shb.sops.secret.forgejoUserPassword.result; }; }; }; -shb.sops.secrets."forgejo/admin/password" = { +shb.sops.secret."forgejo/admin/password" = { request = config.shb.forgejo.users."theadmin".password.request; }; -shb.sops.secrets."forgejo/user/password" = { +shb.sops.secret."forgejo/user/password" = { request = config.shb.forgejo.users."theuser".password.request; }; ``` @@ -110,10 +110,10 @@ shb.forgejo.ldap = { host = "127.0.0.1"; port = config.shb.lldap.ldapPort; dcdomain = config.shb.lldap.dcdomain; - adminPassword.result = config.shb.sops.secrets."forgejo/ldap/adminPassword".result + adminPassword.result = config.shb.sops.secret."forgejo/ldap/adminPassword".result }; -shb.sops.secrets."forgejo/ldap/adminPassword" = { +shb.sops.secret."forgejo/ldap/adminPassword" = { request = config.shb.forgejo.ldap.adminPassword.request; settings.key = "ldap/userPassword"; }; diff --git a/modules/services/jellyfin/docs/default.md b/modules/services/jellyfin/docs/default.md index ee964f6..b36b64b 100644 --- a/modules/services/jellyfin/docs/default.md +++ b/modules/services/jellyfin/docs/default.md @@ -46,7 +46,7 @@ shb.jellyfin = { host = "127.0.0.1"; port = config.shb.lldap.ldapPort; dcdomain = config.shb.lldap.dcdomain; - adminPassword.result = config.shb.sops.secrets."jellyfin/ldap/adminPassword".result + adminPassword.result = config.shb.sops.secret."jellyfin/ldap/adminPassword".result }; sso = { @@ -60,7 +60,7 @@ shb.jellyfin = { shb.sops.secret."jellyfin/adminPassword".request = config.shb.jellyfin.admin.password.request; -shb.sops.secrets."jellyfin/ldap/adminPassword".request = config.shb.jellyfin.ldap.adminPassword.request; +shb.sops.secret."jellyfin/ldap/adminPassword".request = config.shb.jellyfin.ldap.adminPassword.request; shb.sops.secret."jellyfin/sso_secret".request = config.shb.jellyfin.sso.sharedSecret.request; shb.sops.secret."jellyfin/authelia/sso_secret" = { diff --git a/modules/services/nextcloud-server/docs/default.md b/modules/services/nextcloud-server/docs/default.md index eae2c71..083a7c2 100644 --- a/modules/services/nextcloud-server/docs/default.md +++ b/modules/services/nextcloud-server/docs/default.md @@ -72,10 +72,10 @@ shb.nextcloud = { domain = "example.com"; subdomain = "n"; defaultPhoneRegion = "US"; - adminPass.result = config.shb.sops.secrets."nextcloud/adminpass".result; + adminPass.result = config.shb.sops.secret."nextcloud/adminpass".result; }; -shb.sops.secrets."nextcloud/adminpass".request = config.shb.nextcloud.adminPass.request; +shb.sops.secret."nextcloud/adminpass".request = config.shb.nextcloud.adminPass.request; ``` This assumes secrets are setup with SOPS as mentioned in [the secrets setup section](usage.html#usage-secrets) of the manual. @@ -165,11 +165,11 @@ shb.nextcloud.apps.ldap = { port = config.shb.lldap.ldapPort; dcdomain = config.shb.lldap.dcdomain; adminName = "admin"; - adminPassword.result = config.shb.sops.secrets."nextcloud/ldap/adminPassword".result + adminPassword.result = config.shb.sops.secret."nextcloud/ldap/adminPassword".result userGroup = "nextcloud_user"; }; -shb.sops.secrets."nextcloud/ldap/adminPassword" = { +shb.sops.secret."nextcloud/ldap/adminPassword" = { request = config.shb.nextcloud.apps.ldap.adminPassword.request; settings.key = "ldap/userPassword"; }; @@ -216,8 +216,8 @@ shb.nextcloud.apps.sso = { clientID = "nextcloud"; fallbackDefaultAuth = false; - secret.result = config.shb.sops.secrets."nextcloud/sso/secret".result; - secretForAuthelia.result = config.shb.sops.secrets."nextcloud/sso/secretForAuthelia".result; + secret.result = config.shb.sops.secret."nextcloud/sso/secret".result; + secretForAuthelia.result = config.shb.sops.secret."nextcloud/sso/secretForAuthelia".result; }; shb.sops.secret."nextcloud/sso/secret".request = config.shb.nextcloud.apps.sso.secret.request; diff --git a/modules/services/vaultwarden/docs/default.md b/modules/services/vaultwarden/docs/default.md index ed671cd..49c4454 100644 --- a/modules/services/vaultwarden/docs/default.md +++ b/modules/services/vaultwarden/docs/default.md @@ -28,7 +28,7 @@ shb.vaultwarden = { port = 8222; - databasePassword.result = config.shb.sops.secrets."vaultwarden/db".result; + databasePassword.result = config.shb.sops.secret."vaultwarden/db".result; smtp = { host = "smtp.eu.mailgun.org"; diff --git a/test/services/arr.nix b/test/services/arr.nix index 1701862..b4268cb 100644 --- a/test/services/arr.nix +++ b/test/services/arr.nix @@ -212,7 +212,7 @@ let radarrCfgFn = cfg: "${cfg.dataDir}/config.xml"; sonarrCfgFn = cfg: "${cfg.dataDir}/config.xml"; - bazarrCfgFn = cfg: "/var/lib/bazarr/config.xml"; + bazarrCfgFn = cfg: "${cfg.dataDir}/config.xml"; readarrCfgFn = cfg: "${cfg.dataDir}/config.xml"; lidarrCfgFn = cfg: "${cfg.dataDir}/config.xml"; jackettCfgFn = cfg: "${cfg.dataDir}/ServerConfig.json";