about summary refs log blame commit diff stats
path: root/sys/svcs/serverphone/default.nix
blob: 20125a757e2512afb9f717e9c0a835249ef9c667 (plain) (tree)
1
2
3
4
5
6
7


              
      
     






                                                                              
        

                           



                                  











                                                                                                                     
      
 






                                
    
 
{
  config,
  serverphone,
  system,
  lib,
  ...
}: {
  config = lib.mkIf config.soispha.secrets.enable {
    services.serverphone = {
      package = "${serverphone.packages.${system}.default}";
      enable = true;
      domain = "localhost";
      configureDoas = true;
      acceptedSshKeys = [
        "AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME"
      ];
      authorized = {
        acceptedGpgKeys = [
          {
            source = ./keys/key_1;
            trust = "ultimate";
          }
          {
            source = ./keys/key_2;
            trust = "ultimate";
          }
        ];
      };
      caCertificate = "${./certificates/ca.crt}";
      certificate = "${./certificates/server.crt}";
      privateKey = config.age.secrets.serverphoneServer.path;
      certificateRequest = {
        acceptedUsers = [
          "soispha $argon2id$v=19$m=19456,t=2,p=1$EvhPENIBqL5b1RO5waNMWA$pJ8vDrCNJKDlqwB5bVDLjHVPEXm9McQhtt9OXSD8Zkc"
        ];
        caPrivateKey = config.age.secrets.serverphoneCa.path;
      };
    };

    users.users.serverphone = {
      group = "serverphone";
      isSystemUser = true;
      home = "/run/serverphone";
    };
    users.groups.serverphone = {
      members = ["serverphone"];
    };
  };
}