feat(etna): add mkSecret(s)
i love nix
This commit is contained in:
parent
03bc6aff33
commit
da553350c6
7 changed files with 46 additions and 45 deletions
|
@ -1,12 +0,0 @@
|
|||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2czErd0owQzc2d3ljMHRT
|
||||
MzdXSGdwWmFhZy9iZDgzVldobXRFWENhMlY4Cmd1MHZPbUNleFc2WHlWZFZ5SVJG
|
||||
QXpKS2h5VzN2bmJSYW0vVjZha2pCcmsKLT4gWDI1NTE5IFdOL2M3NjBISFM1dy9J
|
||||
dnd1UTcxazF3VFRqSmIrVXludG1tVmRjQ0lCRUEKOHdhWWxpZU1MdmQyYWR2Zndn
|
||||
M2cxWVBXQkR6aVd2NGRZLzUzT0FLcWlnTQotPiBYMjU1MTkgMUxjcUc5Z2F3RFQv
|
||||
dzBoS1J4dDlOVGpjcWV2dmtZRDdZbEh4U3V3T3dDNAo2SlBXd05tNlQxbmNpaHg4
|
||||
bnZsQi9KOUZycTNybXdYR3NxbUlWVTZkYjNnCi0tLSBLalRSQ1JyOERTRlVBMTRu
|
||||
S1FtV2dkbndkMGYyLzJmRTYzMVYxOXRJQ0p3CmqbWsHvEqvOL0H2fkLfAtdKBQq5
|
||||
feZt8GvTBbIfbqtW+2jYNYo3jAYIEEbWF0WTfMCRlBP2dbDE3olJXqsxBqR92Np2
|
||||
91kaiiLux/9jtmol1ey7fb7qkbXraFLt
|
||||
-----END AGE ENCRYPTED FILE-----
|
|
@ -17,7 +17,6 @@ in {
|
|||
"etna/tunnelCreds.age".publicKeys = main ++ [etna];
|
||||
"etna/apiRsEnv.age".publicKeys = main ++ [etna];
|
||||
"etna/ukubotRsEnv.age".publicKeys = main ++ [etna];
|
||||
"etna/ngrokEnv.age".publicKeys = main ++ [etna];
|
||||
"etna/minecraftEnv.age".publicKeys = main ++ [etna];
|
||||
"etna/atticEnv.age".publicKeys = main ++ [etna];
|
||||
"etna/dendriteKey.age".publicKeys = main ++ [etna];
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{config, ...}: {
|
||||
{
|
||||
config,
|
||||
mkSecret,
|
||||
...
|
||||
}: {
|
||||
age.secrets = mkSecret "atticEnv" {};
|
||||
cfTunnels."attic.uku3lig.net" = "http://localhost:6000";
|
||||
|
||||
services.atticd = {
|
||||
|
|
|
@ -1,44 +1,36 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs, # required for fudgeMyShitIn
|
||||
...
|
||||
}: let
|
||||
} @ args: let
|
||||
tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5";
|
||||
in {
|
||||
imports = [
|
||||
(lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"])
|
||||
|
||||
secretsPath = ../../secrets/etna;
|
||||
mkSecrets = builtins.mapAttrs (name: value: value // {file = "${secretsPath}/${name}.age";});
|
||||
mkSecret = name: other: mkSecrets {${name} = other;};
|
||||
|
||||
fudgeMyShitIn = builtins.map (file: import file (args // {inherit mkSecret;}));
|
||||
in {
|
||||
imports =
|
||||
[
|
||||
(lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"])
|
||||
]
|
||||
++ fudgeMyShitIn [
|
||||
./minecraft.nix
|
||||
./attic.nix
|
||||
./matrix.nix
|
||||
./dendrite.nix
|
||||
./nextcloud.nix
|
||||
];
|
||||
|
||||
age.secrets = let
|
||||
path = ../../secrets/etna;
|
||||
in {
|
||||
age.secrets = mkSecrets {
|
||||
apiRsEnv = {};
|
||||
ukubotRsEnv = {};
|
||||
|
||||
tunnelCreds = {
|
||||
file = "${path}/tunnelCreds.age";
|
||||
owner = "cloudflared";
|
||||
group = "cloudflared";
|
||||
};
|
||||
|
||||
dendriteKey = {
|
||||
file = "${path}/dendriteKey.age";
|
||||
mode = "444";
|
||||
};
|
||||
|
||||
nextcloudAdminPass = {
|
||||
file = "${path}/nextcloudAdminPass.age";
|
||||
owner = config.users.users.nextcloud.name;
|
||||
group = config.users.users.nextcloud.name;
|
||||
};
|
||||
|
||||
apiRsEnv.file = "${path}/apiRsEnv.age";
|
||||
ukubotRsEnv.file = "${path}/ukubotRsEnv.age";
|
||||
ngrokEnv.file = "${path}/ngrokEnv.age";
|
||||
minecraftEnv.file = "${path}/minecraftEnv.age";
|
||||
atticEnv.file = "${path}/atticEnv.age";
|
||||
};
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{config, ...}: {
|
||||
{
|
||||
config,
|
||||
mkSecret,
|
||||
...
|
||||
}: {
|
||||
age.secrets = mkSecret "dendriteKey" {mode = "444";};
|
||||
cfTunnels."m.uku.moe" = "http://localhost:80";
|
||||
|
||||
services = {
|
|
@ -1,4 +1,10 @@
|
|||
{config, ...}: {
|
||||
{
|
||||
config,
|
||||
mkSecret,
|
||||
...
|
||||
}: {
|
||||
age.secrets = mkSecret "minecraftEnv" {};
|
||||
|
||||
services.frp = {
|
||||
enable = true;
|
||||
role = "client";
|
||||
|
|
|
@ -1,8 +1,14 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
mkSecret,
|
||||
...
|
||||
}: {
|
||||
age.secrets = mkSecret "nextcloudAdminPass" {
|
||||
owner = config.users.users.nextcloud.name;
|
||||
group = config.users.users.nextcloud.name;
|
||||
};
|
||||
|
||||
cfTunnels."cloud.uku3lig.net" = "http://localhost:80";
|
||||
|
||||
services.nextcloud = {
|
||||
|
|
Loading…
Reference in a new issue