about summary refs log tree commit diff stats
path: root/system/services
diff options
context:
space:
mode:
authorSoispha <soispha@vhack.eu>2023-07-29 21:58:49 +0200
committerSoispha <soispha@vhack.eu>2023-07-30 00:19:30 +0200
commit3f5e7b952916a9198afa6bcb85f9ad15187b0a80 (patch)
tree8029c515b900eb8453a629cc9424778f0cd03859 /system/services
parentStyle(treewide): Remove some unused imports (diff)
downloadnixos-config-3f5e7b952916a9198afa6bcb85f9ad15187b0a80.tar.gz
nixos-config-3f5e7b952916a9198afa6bcb85f9ad15187b0a80.zip
Feat(treewide): Add enable options for secrets and impermanence
Diffstat (limited to 'system/services')
-rw-r--r--system/services/serverphone/default.nix65
1 files changed, 34 insertions, 31 deletions
diff --git a/system/services/serverphone/default.nix b/system/services/serverphone/default.nix
index d07d3809..1684f92d 100644
--- a/system/services/serverphone/default.nix
+++ b/system/services/serverphone/default.nix
@@ -2,41 +2,44 @@
   config,
   serverphone,
   system,
+  lib,
   ...
 }: {
-  services.serverphone = {
-    package = "${serverphone.packages.${system}.default}";
-    enable = true;
-    domain = "localhost";
-    configureDoas = true;
-    acceptedSshKeys = [
-      "AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME"
-    ];
-    authorized = {
-      acceptedGpgKeys = [
-        {
-          source = ./keys/soispha_at_vhack.eu;
-          trust = "ultimate";
-        }
+  config = lib.mkIf config.soispha.secrets.enable {
+    services.serverphone = {
+      package = "${serverphone.packages.${system}.default}";
+      enable = true;
+      domain = "localhost";
+      configureDoas = true;
+      acceptedSshKeys = [
+        "AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME"
       ];
+      authorized = {
+        acceptedGpgKeys = [
+          {
+            source = ./keys/soispha_at_vhack.eu;
+            trust = "ultimate";
+          }
+        ];
+      };
+      caCertificate = "${./certificates/ca.crt}";
+      certificate = "${./certificates/server.crt}";
+      privateKey = config.age.secrets.serverphoneServer.path;
+      certificateRequest = {
+        acceptedUsers = [
+          "soispha $argon2id$v=19$m=19456,t=2,p=1$EvhPENIBqL5b1RO5waNMWA$pJ8vDrCNJKDlqwB5bVDLjHVPEXm9McQhtt9OXSD8Zkc"
+        ];
+        caPrivateKey = config.age.secrets.serverphoneCa.path;
+      };
     };
-    caCertificate = "${./certificates/ca.crt}";
-    certificate = "${./certificates/server.crt}";
-    privateKey = config.age.secrets.serverphoneServer.path;
-    certificateRequest = {
-      acceptedUsers = [
-        "soispha $argon2id$v=19$m=19456,t=2,p=1$EvhPENIBqL5b1RO5waNMWA$pJ8vDrCNJKDlqwB5bVDLjHVPEXm9McQhtt9OXSD8Zkc"
-      ];
-      caPrivateKey = config.age.secrets.serverphoneCa.path;
-    };
-  };
 
-  users.users.serverphone = {
-    group = "serverphone";
-    isSystemUser = true;
-    home = "/run/serverphone";
-  };
-  users.groups.serverphone = {
-    members = ["serverphone"];
+    users.users.serverphone = {
+      group = "serverphone";
+      isSystemUser = true;
+      home = "/run/serverphone";
+    };
+    users.groups.serverphone = {
+      members = ["serverphone"];
+    };
   };
 }