feat(etna): authenticate frp via token

2024-05-19 18:53:03 +02:00 · 2024-05-19 18:53:03 +02:00 · 0bfa1816d3
commit 0bfa1816d3
parent c1d8953fc0
3 changed files with 23 additions and 0 deletions
--- a/secrets/etna/frpToken.age
+++ b/secrets/etna/frpToken.age
@ -0,0 +1,14 @@
 -----BEGIN AGE ENCRYPTED FILE-----
 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1NXQ2WjRZVi80RDV4Sk9Y
 K3lBV01SZjA1dG1kMmZyT1VhbGZHYUE2cGw0CjkxQmUzV1hPWmJiTThFNVJ5b1ho
 anE4VnE4Q2NWTURQaVhkRXgxcUZOK3cKLT4gWDI1NTE5IEI1SFlEVndDejEycWlN
 RklLUHRzTHlVR1BuRVEvelZkc1BwV0V3YWJrRGsKMUVoYkR2Y05uWEZiQVJlSk83
 VE9FV3VkWjJwb0s4Q09MUFVMQnFWSGV5NAotPiBYMjU1MTkgbE5TMnVKL1dSNkQr
 TmV3S3pqdTdUTkx3RDY4S1BQS1NOKzZFTmwzVmhDdwp3VVNyRWhJcisrYzJpZWJY
 VEUwcFZtbFdHNHhjWjVrR1BoSmJ2RWYyOUJ3Ci0tLSBzSWU5V3RtanpIRnZGMm85
 VDBYVFN4amZ1TjZkQ0pPOUtJOTNhTTlhV25nChNeUHLoQWLy2V2iovF7AAi+0idD
 Uy9YLOA7w+mxdvNA+qqBvlmuMExu68Ij8Fi1CEofathH9mnxpHxITczWCfdQHnke
 bCcwnAWAKbXq1/aetBlTd4AQ8TRWTFScC+/TSuItSJdOsR/6lQAa6gzhqu/YutWy
 0pVd4XPAaMjlWpXSznkSN6feEl3m0sNwAU4MwrAY22qeTneFq0nGrUaDI7yuP/pC
 7IXea6PmIQ==
 -----END AGE ENCRYPTED FILE-----
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -20,4 +20,5 @@ in {
  "etna/minecraftEnv.age".publicKeys = main ++ [etna];
  "etna/dendriteKey.age".publicKeys = main ++ [etna];
  "etna/nextcloudAdminPass.age".publicKeys = main ++ [etna];
  "etna/frpToken.age".publicKeys = main ++ [etna];
 }
--- a/systems/etna/default.nix
+++ b/systems/etna/default.nix
@ -31,6 +31,8 @@ in {
      owner = "cloudflared";
      group = "cloudflared";
    };
    frpToken = {};
  };
  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_6_1;
@ -46,6 +48,10 @@ in {
      settings = {
        serverAddr = "49.13.148.129";
        serverPort = 7000;
        auth = {
          method = "token";
          token = "{{ .Envs.FRP_TOKEN }}";
        };
      };
    };
@ -57,4 +63,6 @@ in {
      };
    };
  };
  systemd.services.frp.serviceConfig.EnvironmentFile = config.age.secrets.frpToken.path;
 }