refactor(security): migrate hardcoded credentials and SSH keys to sops-nix

2026-03-17 21:45:56 +01:00 · 2026-03-17 21:45:56 +01:00 · ccfa328771
commit ccfa328771
parent cbb70ab8bb
10 changed files with 47 additions and 14 deletions
--- a/modules/apps/traefik/default.nix
+++ b/modules/apps/traefik/default.nix
@ -72,7 +72,7 @@ in {
        # Certificates
        "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
        "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
-        "--certificatesresolvers.letsencrypt.acme.email=tibo.depeuter@telenet.be"
+        "--certificatesresolvers.letsencrypt.acme.email=${config.sops.placeholder.acme_email or "acme-email@example.com"}"
        "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
      ];
      volumes = [