Add support for handling machine-specific secrets in the deployment process

Expanded the DEPLOYMENT-GUIDE.md to include a comprehensive section on managing encrypted secrets using Passage and Pass. Detailed steps for setting up, creating, and deploying machine-specific secrets, along with security notes. Updated krops.nix and config/lnbits.nix to include configurations for deploying custom LNBits extensions, enhancing the flexibility and security of the NixOS deployment process.
2025-10-10 01:15:42 +02:00 · 2025-10-10 01:15:42 +02:00 · 30209458f7
commit 30209458f7
parent d27bdd3005
2 changed files with 88 additions and 0 deletions
--- a/config/lnbits.nix
+++ b/config/lnbits.nix
@ -81,4 +81,25 @@
      };
    };
  };
+
+  # Deploy custom extensions
+  # WARNING: L+ will REPLACE /var/lib/lnbits/extensions if it already exists!
+  # This will DELETE any extensions installed via the LNBits UI.
+  #
+  # Option 1: Replace extensions directory entirely (use with caution)
+  # systemd.tmpfiles.rules = [
+  #   "L+ /var/lib/lnbits/extensions - - - - /var/src/lnbits-extensions"
+  # ];
+  #
+  # Option 2: Manually merge deployed extensions with existing ones
+  # Copy deployed extensions into the extensions directory without replacing it:
+  # systemd.services.lnbits-copy-extensions = {
+  #   description = "Copy deployed LNBits extensions";
+  #   before = [ "lnbits.service" ];
+  #   wantedBy = [ "lnbits.service" ];
+  #   serviceConfig = {
+  #     Type = "oneshot";
+  #     ExecStart = "${pkgs.rsync}/bin/rsync -av /var/src/lnbits-extensions/ /var/lib/lnbits/extensions/";
+  #   };
+  # };
 }