fix sops file

targets/nixos-wiki2.thalheim.io/terraform.tf

@@ -15,6 +15,7 @@ module "wiki" {
   domain           = "nixos-wiki2.thalheim.io"
   nixos_flake_attr = "nixos-wiki2-thalheim-io"
   nixos_vars_file  = "${path.module}/nixos-vars.json"
+  sops_file        = abspath("${path.module}/secrets.yaml")
   tags = {
     Terraform = "true"
     Target    = "nixos-wiki2.thalheim.io"

terraform/nixos-wiki/decrypt-age-keys.sh

@@ -1,8 +1,10 @@
 #!/usr/bin/env bash
 
+set -euo pipefail -x
+
 mkdir -p var/lib/secrets
 
 umask 0177
-sops --extract '["age-key"]' -d "secrets.yaml" > ./var/lib/secrets/age
+sops --extract '["age-key"]' -d "$SOPS_FILE" > ./var/lib/secrets/age
 # restore umask
 umask 0022

terraform/nixos-wiki/main.tf

@@ -29,7 +29,10 @@ module "deploy" {
   target_host            = hcloud_server.nixos_wiki.ipv4_address
   instance_id            = hcloud_server.nixos_wiki.id
   extra_files_script     = "${path.module}/decrypt-age-keys.sh"
-  debug_logging          = true
+  extra_environment = {
+    SOPS_FILE = var.sops_file
+  }
+  debug_logging = true
 }
 
 locals {

terraform/nixos-wiki/variables.tf

@@ -20,6 +20,11 @@ variable "nixos_vars_file" {
   description = "File to write NixOS configuration variables to"
 }
 
+variable "sops_file" {
+  type        = string
+  description = "File to SOPS secrets file"
+}
+
 variable "nixos_flake_attr" {
   type        = string
   description = "NixOS configuration flake attribute"