feat(etna): add mkSecret(s)
i love nix
This commit is contained in:
parent
03bc6aff33
commit
da553350c6
7 changed files with 46 additions and 45 deletions
|
@ -1,12 +0,0 @@
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2czErd0owQzc2d3ljMHRT
|
|
||||||
MzdXSGdwWmFhZy9iZDgzVldobXRFWENhMlY4Cmd1MHZPbUNleFc2WHlWZFZ5SVJG
|
|
||||||
QXpKS2h5VzN2bmJSYW0vVjZha2pCcmsKLT4gWDI1NTE5IFdOL2M3NjBISFM1dy9J
|
|
||||||
dnd1UTcxazF3VFRqSmIrVXludG1tVmRjQ0lCRUEKOHdhWWxpZU1MdmQyYWR2Zndn
|
|
||||||
M2cxWVBXQkR6aVd2NGRZLzUzT0FLcWlnTQotPiBYMjU1MTkgMUxjcUc5Z2F3RFQv
|
|
||||||
dzBoS1J4dDlOVGpjcWV2dmtZRDdZbEh4U3V3T3dDNAo2SlBXd05tNlQxbmNpaHg4
|
|
||||||
bnZsQi9KOUZycTNybXdYR3NxbUlWVTZkYjNnCi0tLSBLalRSQ1JyOERTRlVBMTRu
|
|
||||||
S1FtV2dkbndkMGYyLzJmRTYzMVYxOXRJQ0p3CmqbWsHvEqvOL0H2fkLfAtdKBQq5
|
|
||||||
feZt8GvTBbIfbqtW+2jYNYo3jAYIEEbWF0WTfMCRlBP2dbDE3olJXqsxBqR92Np2
|
|
||||||
91kaiiLux/9jtmol1ey7fb7qkbXraFLt
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
|
@ -17,7 +17,6 @@ in {
|
||||||
"etna/tunnelCreds.age".publicKeys = main ++ [etna];
|
"etna/tunnelCreds.age".publicKeys = main ++ [etna];
|
||||||
"etna/apiRsEnv.age".publicKeys = main ++ [etna];
|
"etna/apiRsEnv.age".publicKeys = main ++ [etna];
|
||||||
"etna/ukubotRsEnv.age".publicKeys = main ++ [etna];
|
"etna/ukubotRsEnv.age".publicKeys = main ++ [etna];
|
||||||
"etna/ngrokEnv.age".publicKeys = main ++ [etna];
|
|
||||||
"etna/minecraftEnv.age".publicKeys = main ++ [etna];
|
"etna/minecraftEnv.age".publicKeys = main ++ [etna];
|
||||||
"etna/atticEnv.age".publicKeys = main ++ [etna];
|
"etna/atticEnv.age".publicKeys = main ++ [etna];
|
||||||
"etna/dendriteKey.age".publicKeys = main ++ [etna];
|
"etna/dendriteKey.age".publicKeys = main ++ [etna];
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{config, ...}: {
|
{
|
||||||
|
config,
|
||||||
|
mkSecret,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
age.secrets = mkSecret "atticEnv" {};
|
||||||
cfTunnels."attic.uku3lig.net" = "http://localhost:6000";
|
cfTunnels."attic.uku3lig.net" = "http://localhost:6000";
|
||||||
|
|
||||||
services.atticd = {
|
services.atticd = {
|
||||||
|
|
|
@ -1,44 +1,36 @@
|
||||||
{
|
{
|
||||||
lib,
|
lib,
|
||||||
config,
|
config,
|
||||||
|
pkgs, # required for fudgeMyShitIn
|
||||||
...
|
...
|
||||||
}: let
|
} @ args: let
|
||||||
tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5";
|
tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5";
|
||||||
|
|
||||||
|
secretsPath = ../../secrets/etna;
|
||||||
|
mkSecrets = builtins.mapAttrs (name: value: value // {file = "${secretsPath}/${name}.age";});
|
||||||
|
mkSecret = name: other: mkSecrets {${name} = other;};
|
||||||
|
|
||||||
|
fudgeMyShitIn = builtins.map (file: import file (args // {inherit mkSecret;}));
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports =
|
||||||
(lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"])
|
[
|
||||||
|
(lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"])
|
||||||
|
]
|
||||||
|
++ fudgeMyShitIn [
|
||||||
|
./minecraft.nix
|
||||||
|
./attic.nix
|
||||||
|
./dendrite.nix
|
||||||
|
./nextcloud.nix
|
||||||
|
];
|
||||||
|
|
||||||
./minecraft.nix
|
age.secrets = mkSecrets {
|
||||||
./attic.nix
|
apiRsEnv = {};
|
||||||
./matrix.nix
|
ukubotRsEnv = {};
|
||||||
./nextcloud.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
age.secrets = let
|
|
||||||
path = ../../secrets/etna;
|
|
||||||
in {
|
|
||||||
tunnelCreds = {
|
tunnelCreds = {
|
||||||
file = "${path}/tunnelCreds.age";
|
|
||||||
owner = "cloudflared";
|
owner = "cloudflared";
|
||||||
group = "cloudflared";
|
group = "cloudflared";
|
||||||
};
|
};
|
||||||
|
|
||||||
dendriteKey = {
|
|
||||||
file = "${path}/dendriteKey.age";
|
|
||||||
mode = "444";
|
|
||||||
};
|
|
||||||
|
|
||||||
nextcloudAdminPass = {
|
|
||||||
file = "${path}/nextcloudAdminPass.age";
|
|
||||||
owner = config.users.users.nextcloud.name;
|
|
||||||
group = config.users.users.nextcloud.name;
|
|
||||||
};
|
|
||||||
|
|
||||||
apiRsEnv.file = "${path}/apiRsEnv.age";
|
|
||||||
ukubotRsEnv.file = "${path}/ukubotRsEnv.age";
|
|
||||||
ngrokEnv.file = "${path}/ngrokEnv.age";
|
|
||||||
minecraftEnv.file = "${path}/minecraftEnv.age";
|
|
||||||
atticEnv.file = "${path}/atticEnv.age";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{config, ...}: {
|
{
|
||||||
|
config,
|
||||||
|
mkSecret,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
age.secrets = mkSecret "dendriteKey" {mode = "444";};
|
||||||
cfTunnels."m.uku.moe" = "http://localhost:80";
|
cfTunnels."m.uku.moe" = "http://localhost:80";
|
||||||
|
|
||||||
services = {
|
services = {
|
|
@ -1,4 +1,10 @@
|
||||||
{config, ...}: {
|
{
|
||||||
|
config,
|
||||||
|
mkSecret,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
age.secrets = mkSecret "minecraftEnv" {};
|
||||||
|
|
||||||
services.frp = {
|
services.frp = {
|
||||||
enable = true;
|
enable = true;
|
||||||
role = "client";
|
role = "client";
|
||||||
|
|
|
@ -1,8 +1,14 @@
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
|
mkSecret,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
|
age.secrets = mkSecret "nextcloudAdminPass" {
|
||||||
|
owner = config.users.users.nextcloud.name;
|
||||||
|
group = config.users.users.nextcloud.name;
|
||||||
|
};
|
||||||
|
|
||||||
cfTunnels."cloud.uku3lig.net" = "http://localhost:80";
|
cfTunnels."cloud.uku3lig.net" = "http://localhost:80";
|
||||||
|
|
||||||
services.nextcloud = {
|
services.nextcloud = {
|
||||||
|
|
Loading…
Reference in a new issue