derek-site: now switched to dotenv secrets

secrets/derek-site.age

@@ -1,15 +1,16 @@
 age-encryption.org/v1
--> ssh-ed25519 GQzYWA 7c9rWUGBz9Afi/dHugjPZILiUroM16xcEdX3K4+nXgw
+-> ssh-ed25519 GQzYWA GkqfPf+tdDEQa8RWdEX+OhEB0/p0PpFudx4NGpR5Cik
-UnprRzl0SL9lhr+JNrX/lL7IeteLyS/KWLl/5PrPJc8
+CSxbatcY8s3JX0Wj2B7XKU9cO+kQAL2eg9eX0ukA21I
--> ssh-ed25519 MfR7VA CCBetKBme+NCER4WgM04FRl90FyWWQxyMnGHudjBPjk
+-> ssh-ed25519 MfR7VA SHjQ3YY3z5JdbZCmct4prjXBug9JnYC/daluw4q0dwQ
-Wlt/MmnXPEHhRLf/MFW5FdIyf7enS/590yR3U0sdb1I
+2AYJSI0jhRB/qDSBvzWQRpbyUNIrf1khjy83r1TARGI
--> ssh-ed25519 +cvRTg 5xu0W2NHT1o+1D4AvHZixoKnljKeRT/vQeozUEF7XxU
+-> ssh-ed25519 +cvRTg j2DV+BM4VXYhgC91GE9mqHnxJX/6DexDYLDdB3/dMF4
-pNEPbQtR7QuNQA7J4Uui+xdQoKf4NdNjRPeUxL1VTE0
+sfYe2TL8ksQ6zBKMwBJQSqZBHKPlUW3255qZf/FwS0A
--> ssh-ed25519 WCPLrA JMoNOwsrMz6HM9g4ri+BV7sCek71vsY/5sedGotZVxU
+-> ssh-ed25519 WCPLrA nJHlAidKTa8xFLOIYXvG8MP3bbj2e62MRwkMkgsztEA
-CARtjuoEef79z+HXAbiDPjDHHMCb42I3BPPRb70XahY
+jzPf28wYo5FgOB+uiI7r/xdhakXXBmRp0zjW0m5nPJ4
--> ssh-ed25519 7/ziYw Mc5votCCX19H5aZk3VROGbP7WBzxisgxknxXPsVDES0
+-> ssh-ed25519 7/ziYw luRZzFqdT+xOtuqPIILhfNQQ//IOb3CewrMIrkYuijQ
-kmnG3AzZdKPuBlDF13GCtCnFddZ8KpYYlP670qUAGGA
+QiuNNcYK7i0/mVDkcmEJiSiFy7ydT4asFnLlFGmzV/o
--> ssh-ed25519 VQy60Q i1IkE2METtILHoHA0GHFJUGcKYQI52m1elq4HlutTik
+-> ssh-ed25519 VQy60Q raBea0oINduk69QI1UzDs3z0Rld32sHMofFSkRQHdU0
-i+ww72WIMu2TXOPzdW6jISHtAefwk4PLfs7Vb2jbdPk
+cyifYZSbV/sEbeWHb6VrAWf1kRJP5FGKzez/LQt3ahs
---- ZJhIIlk909hofo9Q5/vcXXgb8hLjtjlHrsMRmnScM38
+--- OgztbV5bq/R2LAcjgGFdxYm55U8fle/EB/+L9v6vuRY
-=à"qÓ`¡y|BÖT‰õÊÿÔãÒÓ%ó€<C3B3>·+SæG—^_Þ>ÍȈSm<53>Ê’)\‡很×Bï	kXðËíßAJñ7¶+@ºx£Øav9mÇÿ/Êy»­¨fM”Ô¢	nw2¢á©:u¨$º¢™ÕûT®¹Ÿ¤Ó<C2A4>Úé4ÛŽ œáÁARzU0~§$å2«ópÛð–ø ”7Î!{4 7!<21>ª”Ty0»Š€42¥[„e<E2809E>w?Û=eJ[–¸ ýìDѶ˜*ÒÖ†y.À?_3úã<í­o×3ÒöUà¨g\,F݉Ž‰áb8ž¸'÷D}Ì´=bôC9Lí<14>}ÏE–oy4Pzæ¶Ï“Â}íÓJi¾HÆ›3
+ÈLÞ·ååÁ?ÞÔìÎ{•ˆÝvg‹åëëØ­]fp¶g&·‰h<E280B0>Ã~dÒp£rÕe~¢õ}|¿ž¢nMÕ$_óÑ
+yøwAâ8Dâö'R©jD<6A>&_é)±hD]‘âj‰õBW<42>[ËÛ
q¬ŒÆ”¡ð¿f/°¾§ÈusóQc³ª‘‹<>±ð-µ<>%µE뾦@‰ƒ¾ÎÜå)ßÞ`É2${{\åE8êìŸùo—ÈÍPBnEûG”_‘ZØ]ÖßHQ”<51>Å°žÅ¤&ÝEE·˜ærñÕwN—Aÿ“63ITѦ\g•yÍ´Þ‘â²ËFÚó¢;L_sT€ôÞ†‹ü
L½€AD°`2
<01>U/c

system/server/derek-site.nix

@@ -18,7 +18,16 @@
   programDir = "${mainDir}/program";
   denoDir = "${mainDir}/deno";
 
-  path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.deno pkgs.git pkgs.nodejs]);
+  path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.gnugrep pkgs.findutils pkgs.deno pkgs.git pkgs.nodejs]);
+  runScript = pkgs.writeShellScriptBin "geen-dolfijn" ''
+    export PATH='${path}'
+    set -a
+    . ${config.age.secrets.${userGroup}.path}
+    set +a
+
+    cd ${programDir}
+    deno run preview --host --port 9010
+  '';
 in {
   options.niksos.server.${name}.enable = mkEnableOption name;
 
@@ -39,6 +48,9 @@ in {
 
       preStart = ''
         export PATH=${path}
+        set -a
+        . ${config.age.secrets.${userGroup}.path}
+        set +a
 
         cd "${mainDir}"
         chown -R ${userGroup}:${userGroup} ${mainDir}/* || echo
@@ -53,15 +65,13 @@ in {
         git reset --hard origin/HEAD
         rm -rf build || echo no build here lol
 
-        cp "${config.age.secrets.${userGroup}.path}" "./src/lib/secrets.json"
-
         DENO_DIR=${denoDir} deno i --allow-scripts=npm:workerd,npm:sharp
         DENO_DIR=${denoDir} deno run build || echo oopsie woopsie error
       '';
 
       serviceConfig = {
         StateDirectory = userGroup;
-        ExecStart = "${bash} -c 'cd ${programDir} && deno run preview --host --port 9010'";
+        ExecStart = getExe runScript;
         User = userGroup;
         Group = userGroup;
         Restart = "always";