about summary refs log tree commit diff stats
path: root/modules/by-name/se/serverphone
diff options
context:
space:
mode:
authorBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-10-18 22:13:18 +0200
committerBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-10-18 22:13:18 +0200
commited51e818c1995f57b710327957c1d179980e4deb (patch)
tree51f002f947677a3cb0f74ab47d8fc0d6b0a52711 /modules/by-name/se/serverphone
parentrefactor(modules/legacy/conf/lf): Move to new `by-name` dir (diff)
downloadnixos-config-ed51e818c1995f57b710327957c1d179980e4deb.tar.gz
nixos-config-ed51e818c1995f57b710327957c1d179980e4deb.zip
refactor(modules/secrets): Split into the modules, that need the secrets
Storing the secrets in the module that actually needs them, is a cleaner
solution.
Diffstat (limited to 'modules/by-name/se/serverphone')
-rw-r--r--modules/by-name/se/serverphone/module.currently_ignored.nix18
-rw-r--r--modules/by-name/se/serverphone/private_keys/ca.key19
-rw-r--r--modules/by-name/se/serverphone/private_keys/server.key19
3 files changed, 56 insertions, 0 deletions
diff --git a/modules/by-name/se/serverphone/module.currently_ignored.nix b/modules/by-name/se/serverphone/module.currently_ignored.nix
index 20125a75..2ffb062b 100644
--- a/modules/by-name/se/serverphone/module.currently_ignored.nix
+++ b/modules/by-name/se/serverphone/module.currently_ignored.nix
@@ -5,7 +5,25 @@
   lib,
   ...
 }: {
+# FIXME: Reactive this module, when serverphone is working again <2024-05-11>
+
   config = lib.mkIf config.soispha.secrets.enable {
+    age.secrets = {
+        serverphoneCa = {
+          file = ./private_keys/ca.key;
+          mode = "700";
+          owner = "serverphone";
+          group = "serverphone";
+        };
+        serverphoneServer = {
+          file = ./private_keys/server.key;
+          mode = "700";
+          owner = "serverphone";
+          group = "serverphone";
+        };
+      };
+    };
+
     services.serverphone = {
       package = "${serverphone.packages.${system}.default}";
       enable = true;
diff --git a/modules/by-name/se/serverphone/private_keys/ca.key b/modules/by-name/se/serverphone/private_keys/ca.key
new file mode 100644
index 00000000..d49c5395
--- /dev/null
+++ b/modules/by-name/se/serverphone/private_keys/ca.key
@@ -0,0 +1,19 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyaGJNQkRRVy9MRXZ3b2tJ
+Q2R1NUcrYUNGRE5uQkNyUDdkSm5rUWYxaXpjCjduMG1FSG1VamozdnJoVFFZUDYz
+T2pyK1k3ekZ4RnFMaDFKdUZPWVNuR3MKLT4gc3NoLWVkMjU1MTkgelpFb25nIEpP
+d0xwS3Nia3AwNmppRjZhODdzNXhEcnRsZW5rUzBQcTN6NWhWeTNiQ0EKTkpUZ1Jk
+NHE3WVRzVEhpMnJGaVFpdkFBVW5QNThCSUdFSHVQR1RrQUJsZwotPiBzc2gtZWQy
+NTUxOSA3SGZGVXcgdjJKUUtlRjE5UFEyR2tBOWhEbHNMVlNSOUMyZ1dkYkhYZWRW
+by9QZ2UxTQpVSnhJcFFYay9LSStrSFFJcXJPWUxydXNGbUNXRVpLcHJibjM2TDlw
+RnlVCi0+IGNHPjMiSyQtZ3JlYXNlIGcgdWZkbApmY0YzMmhDdzBWT0RKaWlUUmZP
+bmRPOExuRVJ3Yk5mMFhYSnhlRENqWXJxK1VWdnBibUxzNWV1NHMyNVNXN054CmR0
+VFAzYUR0RHVaZUpOTlB3USt2TXVDcXdLOGtpZwotLS0gaTliQzBjbjdUYkVidURX
+em9wcU04cDhNMHB6KzNBSVMyMmtSRERKS240SQryB70ZEgDQ4eJ/pjIWh6MBEUQr
+iAx2i+J+XJu+74bC9DfB5rWpR4/HAdp8EF6wmi05TuEPUpG9brwm/mHi+FB/Drpu
+00viGfM3dlCyALz1jB2W/MbruouK85o2L3RWDCgc+eT1gA+u2C7ZxO6iYA3aP4lu
+ShDcSHlsKkh9lx4cRsNTua/8N+GQZLciSC7iMDroruxWj1HET9IxeeVN+VSuqcjW
+ocX3LU2uU8vP9WT9zT1lbQB5Z0EM7W+ez61SjGpzrpXB2mpmi+SHOIWF3VdG1H8R
+18BIyRjKIj5Op+8XD7qAe6nl9SSCnMURH+arc7yjNMgEbzFykfldfug2ibI2G/kW
+OxeiEBoSFlC+V8ivS6I=
+-----END AGE ENCRYPTED FILE-----
diff --git a/modules/by-name/se/serverphone/private_keys/server.key b/modules/by-name/se/serverphone/private_keys/server.key
new file mode 100644
index 00000000..a2720406
--- /dev/null
+++ b/modules/by-name/se/serverphone/private_keys/server.key
@@ -0,0 +1,19 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJZnBXSzF4K0ljR3B1Rkk1
+M0lSSkVmVlA2Tjcrd0JCRmhHWDY4bzNoYnhjCmsvQjJmYU5vNVh1Umw0dzhCQjNF
+WVRhVHpUTUIzRVBxaXhFWHpuenZHN0kKLT4gc3NoLWVkMjU1MTkgelpFb25nIHAz
+aG02dkxiNVRreVNadXJjbnc0bXBtSFRSNDhrYjljanUrNldwVFlabXcKU2c2L25r
+VlNjeDFENUdQeWllenRGWlRqRW53UU5VNEdCaUZsbHpaL1ZFTQotPiBzc2gtZWQy
+NTUxOSA3SGZGVXcgZytvUUhZSXhwQ01mQmtkZmhzdHJUd2tlQS9yYkxCdTBYZ2pJ
+UEd4WEF4SQp4WVh2UEJReDVES2tCWlpqQS9aanQzRGRsSTA4S0VXSWZxZ2hoKzZq
+YllzCi0+IEc4eC1ncmVhc2UgaGQhIGFydERoaS4gLERUcQprczdDdHhaOXpmN1VU
+MDlHNlYzVmMxY09Oa2xzTVN6M0ZyYnpRSzJEMS9nMmlqRVo4Wk1qN1lKZnp0N0RT
+UStuCm51L01Rb3ZxNUhEa0c5Z3orYlp0YmlXMkhpeHVJMjNkRFZYWmR3QmV2Zwot
+LS0gdWJDeHZvc0xOMU9uUjUyMlRGUnlGSW9PZzVKWWNoa3pWbVM1OE9LdFk2NAo+
+WS82jL1us5iVw+xWVI80luHMs31hxZfQgJDBuFbtpY0nKkM97U7rusl6t8P+s93c
+R0IYBEUuz6n33GTeVOLipDqkZftlOOvSZkFneZ766+GpEO01dCjeSW9KViDC1jI/
+721IXq9TQNZw0Ou3Vf5E0nDypsfG0UhEoLCy6QZL9YCIyl5s//kyFFnpQjyaGT/P
+pRHGhD0BxZa2ib07WDWzBpsTFtVemwcn9lqAx7DlYV2X3UwCT3qVOVjDuA/j6qUt
+8bCDoXs4/dWleHNHzpwRhe+j2W4OWDKp7o0zYqxkUuPpEWXL7+A+B/+/08nAtZQk
+ZvJyaZSL5wicIPAjLxrD00z2QcE/ZPyUrXsi0gOovuk=
+-----END AGE ENCRYPTED FILE-----