diff options
author | Soispha <soispha@vhack.eu> | 2023-07-29 21:58:49 +0200 |
---|---|---|
committer | Soispha <soispha@vhack.eu> | 2023-07-30 00:19:30 +0200 |
commit | 3f5e7b952916a9198afa6bcb85f9ad15187b0a80 (patch) | |
tree | 8029c515b900eb8453a629cc9424778f0cd03859 /system/services | |
parent | Style(treewide): Remove some unused imports (diff) | |
download | nixos-config-3f5e7b952916a9198afa6bcb85f9ad15187b0a80.tar.gz nixos-config-3f5e7b952916a9198afa6bcb85f9ad15187b0a80.zip |
Feat(treewide): Add enable options for secrets and impermanence
Diffstat (limited to 'system/services')
-rw-r--r-- | system/services/serverphone/default.nix | 65 |
1 files changed, 34 insertions, 31 deletions
diff --git a/system/services/serverphone/default.nix b/system/services/serverphone/default.nix index d07d3809..1684f92d 100644 --- a/system/services/serverphone/default.nix +++ b/system/services/serverphone/default.nix @@ -2,41 +2,44 @@ config, serverphone, system, + lib, ... }: { - services.serverphone = { - package = "${serverphone.packages.${system}.default}"; - enable = true; - domain = "localhost"; - configureDoas = true; - acceptedSshKeys = [ - "AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME" - ]; - authorized = { - acceptedGpgKeys = [ - { - source = ./keys/soispha_at_vhack.eu; - trust = "ultimate"; - } + config = lib.mkIf config.soispha.secrets.enable { + services.serverphone = { + package = "${serverphone.packages.${system}.default}"; + enable = true; + domain = "localhost"; + configureDoas = true; + acceptedSshKeys = [ + "AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME" ]; + authorized = { + acceptedGpgKeys = [ + { + source = ./keys/soispha_at_vhack.eu; + trust = "ultimate"; + } + ]; + }; + caCertificate = "${./certificates/ca.crt}"; + certificate = "${./certificates/server.crt}"; + privateKey = config.age.secrets.serverphoneServer.path; + certificateRequest = { + acceptedUsers = [ + "soispha $argon2id$v=19$m=19456,t=2,p=1$EvhPENIBqL5b1RO5waNMWA$pJ8vDrCNJKDlqwB5bVDLjHVPEXm9McQhtt9OXSD8Zkc" + ]; + caPrivateKey = config.age.secrets.serverphoneCa.path; + }; }; - caCertificate = "${./certificates/ca.crt}"; - certificate = "${./certificates/server.crt}"; - privateKey = config.age.secrets.serverphoneServer.path; - certificateRequest = { - acceptedUsers = [ - "soispha $argon2id$v=19$m=19456,t=2,p=1$EvhPENIBqL5b1RO5waNMWA$pJ8vDrCNJKDlqwB5bVDLjHVPEXm9McQhtt9OXSD8Zkc" - ]; - caPrivateKey = config.age.secrets.serverphoneCa.path; - }; - }; - users.users.serverphone = { - group = "serverphone"; - isSystemUser = true; - home = "/run/serverphone"; - }; - users.groups.serverphone = { - members = ["serverphone"]; + users.users.serverphone = { + group = "serverphone"; + isSystemUser = true; + home = "/run/serverphone"; + }; + users.groups.serverphone = { + members = ["serverphone"]; + }; }; } |