uku/flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(etna): add mkSecret(s)

Browse source 
i love nix
This commit is contained in:
uku 2024-04-13 14:26:07 +02:00
parent 03bc6aff33
commit da553350c6
Signed by: uku
SSH key fingerprint: SHA256:4P0aN6M8ajKukNi6aPOaX0LacanGYtlfjmN+m/sHY/o
7 changed files with 46 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
secrets/etna/ngrokEnv.age
View file

@ -1,12 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2czErd0owQzc2d3ljMHRT
MzdXSGdwWmFhZy9iZDgzVldobXRFWENhMlY4Cmd1MHZPbUNleFc2WHlWZFZ5SVJG
QXpKS2h5VzN2bmJSYW0vVjZha2pCcmsKLT4gWDI1NTE5IFdOL2M3NjBISFM1dy9J
dnd1UTcxazF3VFRqSmIrVXludG1tVmRjQ0lCRUEKOHdhWWxpZU1MdmQyYWR2Zndn
M2cxWVBXQkR6aVd2NGRZLzUzT0FLcWlnTQotPiBYMjU1MTkgMUxjcUc5Z2F3RFQv
dzBoS1J4dDlOVGpjcWV2dmtZRDdZbEh4U3V3T3dDNAo2SlBXd05tNlQxbmNpaHg4
bnZsQi9KOUZycTNybXdYR3NxbUlWVTZkYjNnCi0tLSBLalRSQ1JyOERTRlVBMTRu
S1FtV2dkbndkMGYyLzJmRTYzMVYxOXRJQ0p3CmqbWsHvEqvOL0H2fkLfAtdKBQq5
feZt8GvTBbIfbqtW+2jYNYo3jAYIEEbWF0WTfMCRlBP2dbDE3olJXqsxBqR92Np2
91kaiiLux/9jtmol1ey7fb7qkbXraFLt
-----END AGE ENCRYPTED FILE-----

1
secrets/secrets.nix
View file

@ -17,7 +17,6 @@ in {
"etna/tunnelCreds.age".publicKeys = main ++ [etna]; "etna/tunnelCreds.age".publicKeys = main ++ [etna];
"etna/apiRsEnv.age".publicKeys = main ++ [etna]; "etna/apiRsEnv.age".publicKeys = main ++ [etna];
"etna/ukubotRsEnv.age".publicKeys = main ++ [etna]; "etna/ukubotRsEnv.age".publicKeys = main ++ [etna];
"etna/ngrokEnv.age".publicKeys = main ++ [etna];
"etna/minecraftEnv.age".publicKeys = main ++ [etna]; "etna/minecraftEnv.age".publicKeys = main ++ [etna];
"etna/atticEnv.age".publicKeys = main ++ [etna]; "etna/atticEnv.age".publicKeys = main ++ [etna];
"etna/dendriteKey.age".publicKeys = main ++ [etna]; "etna/dendriteKey.age".publicKeys = main ++ [etna];

7
systems/etna/attic.nix
View file

@ -1,4 +1,9 @@
{config, ...}: { {
config,
mkSecret,
...
}: {
age.secrets = mkSecret "atticEnv" {};
cfTunnels."attic.uku3lig.net" = "http://localhost:6000"; cfTunnels."attic.uku3lig.net" = "http://localhost:6000";
services.atticd = { services.atticd = {

50
systems/etna/default.nix
View file

@ -1,44 +1,36 @@
{ {
lib, lib,
config, config,
pkgs, # required for fudgeMyShitIn
... ...
}: let } @ args: let
tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5"; tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5";
secretsPath = ../../secrets/etna;
mkSecrets = builtins.mapAttrs (name: value: value // {file = "${secretsPath}/${name}.age";});
mkSecret = name: other: mkSecrets {${name} = other;};
fudgeMyShitIn = builtins.map (file: import file (args // {inherit mkSecret;}));
in { in {
imports = [ imports =
(lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"]) [
(lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"])
]
++ fudgeMyShitIn [
./minecraft.nix
./attic.nix
./dendrite.nix
./nextcloud.nix
];
./minecraft.nix age.secrets = mkSecrets {
./attic.nix apiRsEnv = {};
./matrix.nix ukubotRsEnv = {};
./nextcloud.nix
];
age.secrets = let
path = ../../secrets/etna;
in {
tunnelCreds = { tunnelCreds = {
file = "${path}/tunnelCreds.age";
owner = "cloudflared"; owner = "cloudflared";
group = "cloudflared"; group = "cloudflared";
}; };
dendriteKey = {
file = "${path}/dendriteKey.age";
mode = "444";
};
nextcloudAdminPass = {
file = "${path}/nextcloudAdminPass.age";
owner = config.users.users.nextcloud.name;
group = config.users.users.nextcloud.name;
};
apiRsEnv.file = "${path}/apiRsEnv.age";
ukubotRsEnv.file = "${path}/ukubotRsEnv.age";
ngrokEnv.file = "${path}/ngrokEnv.age";
minecraftEnv.file = "${path}/minecraftEnv.age";
atticEnv.file = "${path}/atticEnv.age";
}; };
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;

7
systems/etna/matrix.nix → systems/etna/dendrite.nix
View file

@ -1,4 +1,9 @@
{config, ...}: { {
config,
mkSecret,
...
}: {
age.secrets = mkSecret "dendriteKey" {mode = "444";};
cfTunnels."m.uku.moe" = "http://localhost:80"; cfTunnels."m.uku.moe" = "http://localhost:80";
services = { services = {

8
systems/etna/minecraft.nix
View file

@ -1,4 +1,10 @@
{config, ...}: { {
config,
mkSecret,
...
}: {
age.secrets = mkSecret "minecraftEnv" {};
services.frp = { services.frp = {
enable = true; enable = true;
role = "client"; role = "client";

6
systems/etna/nextcloud.nix
View file

@ -1,8 +1,14 @@
{ {
config, config,
pkgs, pkgs,
mkSecret,
... ...
}: { }: {
age.secrets = mkSecret "nextcloudAdminPass" {
owner = config.users.users.nextcloud.name;
group = config.users.users.nextcloud.name;
};
cfTunnels."cloud.uku3lig.net" = "http://localhost:80"; cfTunnels."cloud.uku3lig.net" = "http://localhost:80";
services.nextcloud = { services.nextcloud = {