blob: 20125a757e2512afb9f717e9c0a835249ef9c667 (
plain) (
tree)
|
|
{
config,
serverphone,
system,
lib,
...
}: {
config = lib.mkIf config.soispha.secrets.enable {
services.serverphone = {
package = "${serverphone.packages.${system}.default}";
enable = true;
domain = "localhost";
configureDoas = true;
acceptedSshKeys = [
"AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME"
];
authorized = {
acceptedGpgKeys = [
{
source = ./keys/key_1;
trust = "ultimate";
}
{
source = ./keys/key_2;
trust = "ultimate";
}
];
};
caCertificate = "${./certificates/ca.crt}";
certificate = "${./certificates/server.crt}";
privateKey = config.age.secrets.serverphoneServer.path;
certificateRequest = {
acceptedUsers = [
"soispha $argon2id$v=19$m=19456,t=2,p=1$EvhPENIBqL5b1RO5waNMWA$pJ8vDrCNJKDlqwB5bVDLjHVPEXm9McQhtt9OXSD8Zkc"
];
caPrivateKey = config.age.secrets.serverphoneCa.path;
};
};
users.users.serverphone = {
group = "serverphone";
isSystemUser = true;
home = "/run/serverphone";
};
users.groups.serverphone = {
members = ["serverphone"];
};
};
}
|