diff --git a/secrets/etna/ngrokEnv.age b/secrets/etna/ngrokEnv.age deleted file mode 100644 index 1bb2018..0000000 --- a/secrets/etna/ngrokEnv.age +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2czErd0owQzc2d3ljMHRT -MzdXSGdwWmFhZy9iZDgzVldobXRFWENhMlY4Cmd1MHZPbUNleFc2WHlWZFZ5SVJG -QXpKS2h5VzN2bmJSYW0vVjZha2pCcmsKLT4gWDI1NTE5IFdOL2M3NjBISFM1dy9J -dnd1UTcxazF3VFRqSmIrVXludG1tVmRjQ0lCRUEKOHdhWWxpZU1MdmQyYWR2Zndn -M2cxWVBXQkR6aVd2NGRZLzUzT0FLcWlnTQotPiBYMjU1MTkgMUxjcUc5Z2F3RFQv -dzBoS1J4dDlOVGpjcWV2dmtZRDdZbEh4U3V3T3dDNAo2SlBXd05tNlQxbmNpaHg4 -bnZsQi9KOUZycTNybXdYR3NxbUlWVTZkYjNnCi0tLSBLalRSQ1JyOERTRlVBMTRu -S1FtV2dkbndkMGYyLzJmRTYzMVYxOXRJQ0p3CmqbWsHvEqvOL0H2fkLfAtdKBQq5 -feZt8GvTBbIfbqtW+2jYNYo3jAYIEEbWF0WTfMCRlBP2dbDE3olJXqsxBqR92Np2 -91kaiiLux/9jtmol1ey7fb7qkbXraFLt ------END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index f959950..b75c6b0 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -17,7 +17,6 @@ in { "etna/tunnelCreds.age".publicKeys = main ++ [etna]; "etna/apiRsEnv.age".publicKeys = main ++ [etna]; "etna/ukubotRsEnv.age".publicKeys = main ++ [etna]; - "etna/ngrokEnv.age".publicKeys = main ++ [etna]; "etna/minecraftEnv.age".publicKeys = main ++ [etna]; "etna/atticEnv.age".publicKeys = main ++ [etna]; "etna/dendriteKey.age".publicKeys = main ++ [etna]; diff --git a/systems/etna/attic.nix b/systems/etna/attic.nix index 27d84de..b9fe2d7 100644 --- a/systems/etna/attic.nix +++ b/systems/etna/attic.nix @@ -1,4 +1,9 @@ -{config, ...}: { +{ + config, + mkSecret, + ... +}: { + age.secrets = mkSecret "atticEnv" {}; cfTunnels."attic.uku3lig.net" = "http://localhost:6000"; services.atticd = { diff --git a/systems/etna/default.nix b/systems/etna/default.nix index a93f395..27252fb 100644 --- a/systems/etna/default.nix +++ b/systems/etna/default.nix @@ -1,44 +1,36 @@ { lib, config, + pkgs, # required for fudgeMyShitIn ... -}: let +} @ args: let tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5"; + + secretsPath = ../../secrets/etna; + mkSecrets = builtins.mapAttrs (name: value: value // {file = "${secretsPath}/${name}.age";}); + mkSecret = name: other: mkSecrets {${name} = other;}; + + fudgeMyShitIn = builtins.map (file: import file (args // {inherit mkSecret;})); in { - imports = [ - (lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"]) + imports = + [ + (lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"]) + ] + ++ fudgeMyShitIn [ + ./minecraft.nix + ./attic.nix + ./dendrite.nix + ./nextcloud.nix + ]; - ./minecraft.nix - ./attic.nix - ./matrix.nix - ./nextcloud.nix - ]; + age.secrets = mkSecrets { + apiRsEnv = {}; + ukubotRsEnv = {}; - age.secrets = let - path = ../../secrets/etna; - in { tunnelCreds = { - file = "${path}/tunnelCreds.age"; owner = "cloudflared"; group = "cloudflared"; }; - - dendriteKey = { - file = "${path}/dendriteKey.age"; - mode = "444"; - }; - - nextcloudAdminPass = { - file = "${path}/nextcloudAdminPass.age"; - owner = config.users.users.nextcloud.name; - group = config.users.users.nextcloud.name; - }; - - apiRsEnv.file = "${path}/apiRsEnv.age"; - ukubotRsEnv.file = "${path}/ukubotRsEnv.age"; - ngrokEnv.file = "${path}/ngrokEnv.age"; - minecraftEnv.file = "${path}/minecraftEnv.age"; - atticEnv.file = "${path}/atticEnv.age"; }; boot.loader.systemd-boot.enable = true; diff --git a/systems/etna/matrix.nix b/systems/etna/dendrite.nix similarity index 95% rename from systems/etna/matrix.nix rename to systems/etna/dendrite.nix index b5ccb9b..e6c5c32 100644 --- a/systems/etna/matrix.nix +++ b/systems/etna/dendrite.nix @@ -1,4 +1,9 @@ -{config, ...}: { +{ + config, + mkSecret, + ... +}: { + age.secrets = mkSecret "dendriteKey" {mode = "444";}; cfTunnels."m.uku.moe" = "http://localhost:80"; services = { diff --git a/systems/etna/minecraft.nix b/systems/etna/minecraft.nix index 0e81d6b..a722dae 100644 --- a/systems/etna/minecraft.nix +++ b/systems/etna/minecraft.nix @@ -1,4 +1,10 @@ -{config, ...}: { +{ + config, + mkSecret, + ... +}: { + age.secrets = mkSecret "minecraftEnv" {}; + services.frp = { enable = true; role = "client"; diff --git a/systems/etna/nextcloud.nix b/systems/etna/nextcloud.nix index 89c960b..83dba95 100644 --- a/systems/etna/nextcloud.nix +++ b/systems/etna/nextcloud.nix @@ -1,8 +1,14 @@ { config, pkgs, + mkSecret, ... }: { + age.secrets = mkSecret "nextcloudAdminPass" { + owner = config.users.users.nextcloud.name; + group = config.users.users.nextcloud.name; + }; + cfTunnels."cloud.uku3lig.net" = "http://localhost:80"; services.nextcloud = {