From 45db567972799e86bf7a3e7bb228c33cacb0a895 Mon Sep 17 00:00:00 2001
From: macronova <trivial@invariantspace.com>
Date: Sun, 1 Sep 2024 00:25:35 -0700
Subject: [PATCH] Fix secret permission

---
 linux/nebula/jellyfin.nix    |  6 +-----
 linux/singularity/caddy.nix  |  2 +-
 linux/singularity/coturn.nix | 13 +++++++------
 3 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/linux/nebula/jellyfin.nix b/linux/nebula/jellyfin.nix
index 4076f37..ec04780 100644
--- a/linux/nebula/jellyfin.nix
+++ b/linux/nebula/jellyfin.nix
@@ -1,8 +1,4 @@
-{
-  config,
-  pkgs,
-  ...
-}:
+{config, ...}:
 with config.constants; {
   hardware.graphics.enable = true;
 
diff --git a/linux/singularity/caddy.nix b/linux/singularity/caddy.nix
index 49d32d9..78a3f38 100644
--- a/linux/singularity/caddy.nix
+++ b/linux/singularity/caddy.nix
@@ -21,10 +21,10 @@ with config.constants; {
             };
           })
           fqdns);
-      portStr = builtins.mapAttrs (n: v: toString v) port;
       homeSrv = s: "nebula:${portStr.${s}}";
       localSrv = s: "${localhost}:${portStr.${s}}";
       mtfqdn = "matrix.${domain}";
+      portStr = builtins.mapAttrs (n: v: toString v) port;
       wn = s: "/.well-known/${s}";
     in
       {
diff --git a/linux/singularity/coturn.nix b/linux/singularity/coturn.nix
index 2bb711c..fedc836 100644
--- a/linux/singularity/coturn.nix
+++ b/linux/singularity/coturn.nix
@@ -1,8 +1,9 @@
-{config, ...}: {
-  services.coturn = with config.constants; let
-    acmeDir = config.security.acme.certs.${coturn-realm}.directory;
-    coturn-realm = "turn.${domain}";
-  in {
+{config, ...}:
+with config.constants; let
+  acmeDir = config.security.acme.certs.${coturn-realm}.directory;
+  coturn-realm = "turn.${domain}";
+in {
+  services.coturn = {
     enable = true;
     cert = "${acmeDir}/fullchain.pem";
     listening-port = port.coturn;
@@ -15,5 +16,5 @@
     use-auth-secret = true;
   };
 
-  sops.secrets.coturn = {};
+  sops.secrets.coturn.owner = "turnserver";
 }