feat(tazjin/koptevo): deploy tgsa

The main instance is still running on polyanka, but things are moving in this direction. Change-Id: Idfa9e508023c05148003ac4621ae01dceb284c66 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8827 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-06-18 15:25:45 +03:00 · 2023-06-18 15:25:45 +03:00 · 507cd85264
commit 507cd85264
parent 332a821100
2 changed files with 16 additions and 2 deletions
--- a/users/tazjin/nixos/modules/tgsa.nix
+++ b/users/tazjin/nixos/modules/tgsa.nix
@ -6,11 +6,15 @@
    wantedBy = [ "multi-user.target" ];

    serviceConfig = {
-      EnvironmentFile = "/root/tgsa-env"; # TODO(tazjin): automate this
      DynamicUser = true;
      Restart = "always";
-      ExecStart = "${depot.users.tazjin.tgsa}/bin/tgsa";
+      LoadCredential = "tgsa-yandex.json:/run/agenix/tgsa-yandex";
    };
+
+    script = ''
+      export YANDEX_KEY_FILE="''${CREDENTIALS_DIRECTORY}/tgsa-yandex.json"
+      ${depot.users.tazjin.tgsa}/bin/tgsa
+    '';
  };

  services.nginx.virtualHosts."tgsa" = {