refactor(sys): Modularize and move to `modules/system` or `pkgs`

author: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2024-05-20 16:10:21 +0200
committer: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2024-05-20 16:14:26 +0200
commit: 368cb6b0d25db2ae23be42ad51584de059997e51 (patch)
tree: 3282e45d3ebced63c8498a47e83a255c35de620b /modules/system/secrets
parent: refactor(hm): Rename to `modules/home` (diff)
download: nixos-config-368cb6b0d25db2ae23be42ad51584de059997e51.tar.gz
nixos-config-368cb6b0d25db2ae23be42ad51584de059997e51.zip
13 files changed, 82 insertions, 0 deletions
diff --git a/modules/system/secrets/default.nix b/modules/system/secrets/default.nix
new file mode 100644
index 00000000..bbfaf9c1
--- /dev/null
+++ b/modules/system/secrets/default.nix
@@ -0,0 +1,82 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (config.networking) hostName;
+  # mkFakeSecret = secretName: {
+  #   name = secretName;
+  #   value = {
+  #     path = "/dev/null";
+  #   };
+  # };
+  # fakeSecrets =
+  #   builtins.listToAttrs (lib.debug.traceValSeqN 2 (builtins.map mkFakeSecret
+  #       (lib.debug.traceValSeqN 2 (builtins.attrNames secrets))));
+  cfg = config.soispha.secrets;
+in {
+  options.soispha.secrets = {
+    enable = lib.mkEnableOption "secrets through agenix";
+  };
+
+  config = lib.mkIf cfg.enable {
+    age = {
+      secrets = {
+        # TODO: Remove this, as I'm no longer using nheko <2024-05-16>
+        nheko = {
+          file = ./nheko/conf. + hostName;
+          mode = "700";
+          owner = "soispha";
+          group = "users";
+        };
+
+        lf_cd_paths = {
+          file = ./lf/cd_paths;
+          mode = "700";
+          owner = "soispha";
+          group = "users";
+        };
+
+        # FIXME: Reactive when serverphone is merged in tree again <2024-05-11>
+        #
+        # serverphoneCa = {
+        #   file = ./serverphone/ca.key;
+        #   mode = "700";
+        #   owner = "serverphone";
+        #   group = "serverphone";
+        # };
+        # serverphoneServer = {
+        #   file = ./serverphone/server.key;
+        #   mode = "700";
+        #   owner = "serverphone";
+        #   group = "serverphone";
+        # };
+
+        taskserverPrivate = {
+          file = ./taskserver/private.key;
+          mode = "700";
+          owner = "soispha";
+          group = "users";
+        };
+        taskserverPublic = {
+          file = ./taskserver/public.cert;
+          mode = "700";
+          owner = "soispha";
+          group = "users";
+        };
+        taskserverCA = {
+          file = ./taskserver/ca.cert;
+          mode = "700";
+          owner = "soispha";
+          group = "users";
+        };
+        taskserverCredentials = {
+          file = ./taskserver/credentials;
+          mode = "700";
+          owner = "soispha";
+          group = "users";
+        };
+      };
+    };
+  };
+}
diff --git a/sys/secrets/lf/cd_paths b/modules/system/secrets/lf/cd_paths
index fff32c61..fff32c61 100644
--- a/sys/secrets/lf/cd_paths
+++ b/modules/system/secrets/lf/cd_paths
diff --git a/sys/secrets/nheko/conf.apzu b/modules/system/secrets/nheko/conf.apzu
index a4f704ea..a4f704ea 100644
--- a/sys/secrets/nheko/conf.apzu
+++ b/modules/system/secrets/nheko/conf.apzu
diff --git a/sys/secrets/nheko/conf.isimud b/modules/system/secrets/nheko/conf.isimud
index ef6c52b6..ef6c52b6 100644
--- a/sys/secrets/nheko/conf.isimud
+++ b/modules/system/secrets/nheko/conf.isimud
diff --git a/sys/secrets/nheko/conf.tiamat b/modules/system/secrets/nheko/conf.tiamat
index 51cab7df..51cab7df 100644
--- a/sys/secrets/nheko/conf.tiamat
+++ b/modules/system/secrets/nheko/conf.tiamat
diff --git a/sys/secrets/secrets.nix b/modules/system/secrets/secrets.nix
index cd6447b7..cd6447b7 100644
--- a/sys/secrets/secrets.nix
+++ b/modules/system/secrets/secrets.nix
diff --git a/sys/secrets/serverphone/ca.key b/modules/system/secrets/serverphone/ca.key
index d49c5395..d49c5395 100644
--- a/sys/secrets/serverphone/ca.key
+++ b/modules/system/secrets/serverphone/ca.key
diff --git a/sys/secrets/serverphone/server.key b/modules/system/secrets/serverphone/server.key
index a2720406..a2720406 100644
--- a/sys/secrets/serverphone/server.key
+++ b/modules/system/secrets/serverphone/server.key
diff --git a/sys/secrets/taskserver/ca.cert b/modules/system/secrets/taskserver/ca.cert
index 203d62a8..203d62a8 100644
--- a/sys/secrets/taskserver/ca.cert
+++ b/modules/system/secrets/taskserver/ca.cert
diff --git a/sys/secrets/taskserver/credentials b/modules/system/secrets/taskserver/credentials
index f3aaf502..f3aaf502 100644
--- a/sys/secrets/taskserver/credentials
+++ b/modules/system/secrets/taskserver/credentials
diff --git a/sys/secrets/taskserver/private.key b/modules/system/secrets/taskserver/private.key
index 5afecdaf..5afecdaf 100644
--- a/sys/secrets/taskserver/private.key
+++ b/modules/system/secrets/taskserver/private.key
diff --git a/sys/secrets/taskserver/public.cert b/modules/system/secrets/taskserver/public.cert
index 1cf9b5f0..1cf9b5f0 100644
--- a/sys/secrets/taskserver/public.cert
+++ b/modules/system/secrets/taskserver/public.cert
diff --git a/sys/secrets/update.sh b/modules/system/secrets/update.sh
index edc4ae8a..edc4ae8a 100755
--- a/sys/secrets/update.sh
+++ b/modules/system/secrets/update.sh
author	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2024-05-20 16:10:21 +0200
committer	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2024-05-20 16:14:26 +0200
commit	368cb6b0d25db2ae23be42ad51584de059997e51 (patch)
tree	3282e45d3ebced63c8498a47e83a255c35de620b /modules/system/secrets
parent	refactor(hm): Rename to `modules/home` (diff)
download	nixos-config-368cb6b0d25db2ae23be42ad51584de059997e51.tar.gz nixos-config-368cb6b0d25db2ae23be42ad51584de059997e51.zip