feat(etna): add mkSecret(s)

i love nix
2024-04-13 14:26:07 +02:00 · 2024-04-13 14:26:07 +02:00 · da553350c6
commit da553350c6
parent 03bc6aff33
7 changed files with 46 additions and 45 deletions
--- a/systems/etna/attic.nix
+++ b/systems/etna/attic.nix
@ -1,4 +1,9 @@
-{config, ...}: {
+{
+  config,
+  mkSecret,
+  ...
+}: {
+  age.secrets = mkSecret "atticEnv" {};
  cfTunnels."attic.uku3lig.net" = "http://localhost:6000";

  services.atticd = {
--- a/systems/etna/default.nix
+++ b/systems/etna/default.nix
@ -1,44 +1,36 @@
 {
  lib,
  config,
+  pkgs, # required for fudgeMyShitIn
  ...
-}: let
+} @ args: let
  tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5";
+
+  secretsPath = ../../secrets/etna;
+  mkSecrets = builtins.mapAttrs (name: value: value // {file = "${secretsPath}/${name}.age";});
+  mkSecret = name: other: mkSecrets {${name} = other;};
+
+  fudgeMyShitIn = builtins.map (file: import file (args // {inherit mkSecret;}));
 in {
-  imports = [
-    (lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"])
+  imports =
+    [
+      (lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"])
+    ]
+    ++ fudgeMyShitIn [
+      ./minecraft.nix
+      ./attic.nix
+      ./dendrite.nix
+      ./nextcloud.nix
+    ];

-    ./minecraft.nix
-    ./attic.nix
-    ./matrix.nix
-    ./nextcloud.nix
-  ];
+  age.secrets = mkSecrets {
+    apiRsEnv = {};
+    ukubotRsEnv = {};

-  age.secrets = let
-    path = ../../secrets/etna;
-  in {
    tunnelCreds = {
-      file = "${path}/tunnelCreds.age";
      owner = "cloudflared";
      group = "cloudflared";
    };
-
-    dendriteKey = {
-      file = "${path}/dendriteKey.age";
-      mode = "444";
-    };
-
-    nextcloudAdminPass = {
-      file = "${path}/nextcloudAdminPass.age";
-      owner = config.users.users.nextcloud.name;
-      group = config.users.users.nextcloud.name;
-    };
-
-    apiRsEnv.file = "${path}/apiRsEnv.age";
-    ukubotRsEnv.file = "${path}/ukubotRsEnv.age";
-    ngrokEnv.file = "${path}/ngrokEnv.age";
-    minecraftEnv.file = "${path}/minecraftEnv.age";
-    atticEnv.file = "${path}/atticEnv.age";
  };

  boot.loader.systemd-boot.enable = true;
--- a/systems/etna/dendrite.nix
+++ b/systems/etna/dendrite.nix
@ -1,4 +1,9 @@
-{config, ...}: {
+{
+  config,
+  mkSecret,
+  ...
+}: {
+  age.secrets = mkSecret "dendriteKey" {mode = "444";};
  cfTunnels."m.uku.moe" = "http://localhost:80";

  services = {
--- a/systems/etna/minecraft.nix
+++ b/systems/etna/minecraft.nix
@ -1,4 +1,10 @@
-{config, ...}: {
+{
+  config,
+  mkSecret,
+  ...
+}: {
+  age.secrets = mkSecret "minecraftEnv" {};
+
  services.frp = {
    enable = true;
    role = "client";
--- a/systems/etna/nextcloud.nix
+++ b/systems/etna/nextcloud.nix
@ -1,8 +1,14 @@
 {
  config,
  pkgs,
+  mkSecret,
  ...
 }: {
+  age.secrets = mkSecret "nextcloudAdminPass" {
+    owner = config.users.users.nextcloud.name;
+    group = config.users.users.nextcloud.name;
+  };
+
  cfTunnels."cloud.uku3lig.net" = "http://localhost:80";

  services.nextcloud = {