fix sops file

terraform/nixos-wiki/decrypt-age-keys.sh

@@ -1,8 +1,10 @@
 #!/usr/bin/env bash
 
+set -euo pipefail -x
+
 mkdir -p var/lib/secrets
 
 umask 0177
-sops --extract '["age-key"]' -d "secrets.yaml" > ./var/lib/secrets/age
+sops --extract '["age-key"]' -d "$SOPS_FILE" > ./var/lib/secrets/age
 # restore umask
 umask 0022

terraform/nixos-wiki/main.tf

@@ -29,7 +29,10 @@ module "deploy" {
   target_host            = hcloud_server.nixos_wiki.ipv4_address
   instance_id            = hcloud_server.nixos_wiki.id
   extra_files_script     = "${path.module}/decrypt-age-keys.sh"
-  debug_logging          = true
+  extra_environment = {
+    SOPS_FILE = var.sops_file
+  }
+  debug_logging = true
 }
 
 locals {

terraform/nixos-wiki/variables.tf

@@ -20,6 +20,11 @@ variable "nixos_vars_file" {
   description = "File to write NixOS configuration variables to"
 }
 
+variable "sops_file" {
+  type        = string
+  description = "File to SOPS secrets file"
+}
+
 variable "nixos_flake_attr" {
   type        = string
   description = "NixOS configuration flake attribute"