diff options
Diffstat (limited to '')
-rw-r--r-- | modules/system/secrets/default.nix | 82 | ||||
-rw-r--r-- | modules/system/secrets/lf/cd_paths (renamed from sys/secrets/lf/cd_paths) | 0 | ||||
-rw-r--r-- | modules/system/secrets/nheko/conf.apzu (renamed from sys/secrets/nheko/conf.apzu) | 0 | ||||
-rw-r--r-- | modules/system/secrets/nheko/conf.isimud (renamed from sys/secrets/nheko/conf.isimud) | 0 | ||||
-rw-r--r-- | modules/system/secrets/nheko/conf.tiamat (renamed from sys/secrets/nheko/conf.tiamat) | 0 | ||||
-rw-r--r-- | modules/system/secrets/secrets.nix (renamed from sys/secrets/secrets.nix) | 0 | ||||
-rw-r--r-- | modules/system/secrets/serverphone/ca.key (renamed from sys/secrets/serverphone/ca.key) | 0 | ||||
-rw-r--r-- | modules/system/secrets/serverphone/server.key (renamed from sys/secrets/serverphone/server.key) | 0 | ||||
-rw-r--r-- | modules/system/secrets/taskserver/ca.cert (renamed from sys/secrets/taskserver/ca.cert) | 0 | ||||
-rw-r--r-- | modules/system/secrets/taskserver/credentials (renamed from sys/secrets/taskserver/credentials) | 0 | ||||
-rw-r--r-- | modules/system/secrets/taskserver/private.key (renamed from sys/secrets/taskserver/private.key) | 0 | ||||
-rw-r--r-- | modules/system/secrets/taskserver/public.cert (renamed from sys/secrets/taskserver/public.cert) | 0 | ||||
-rwxr-xr-x | modules/system/secrets/update.sh (renamed from sys/secrets/update.sh) | 0 |
13 files changed, 82 insertions, 0 deletions
diff --git a/modules/system/secrets/default.nix b/modules/system/secrets/default.nix new file mode 100644 index 00000000..bbfaf9c1 --- /dev/null +++ b/modules/system/secrets/default.nix @@ -0,0 +1,82 @@ +{ + config, + lib, + ... +}: let + inherit (config.networking) hostName; + # mkFakeSecret = secretName: { + # name = secretName; + # value = { + # path = "/dev/null"; + # }; + # }; + # fakeSecrets = + # builtins.listToAttrs (lib.debug.traceValSeqN 2 (builtins.map mkFakeSecret + # (lib.debug.traceValSeqN 2 (builtins.attrNames secrets)))); + cfg = config.soispha.secrets; +in { + options.soispha.secrets = { + enable = lib.mkEnableOption "secrets through agenix"; + }; + + config = lib.mkIf cfg.enable { + age = { + secrets = { + # TODO: Remove this, as I'm no longer using nheko <2024-05-16> + nheko = { + file = ./nheko/conf. + hostName; + mode = "700"; + owner = "soispha"; + group = "users"; + }; + + lf_cd_paths = { + file = ./lf/cd_paths; + mode = "700"; + owner = "soispha"; + group = "users"; + }; + + # FIXME: Reactive when serverphone is merged in tree again <2024-05-11> + # + # serverphoneCa = { + # file = ./serverphone/ca.key; + # mode = "700"; + # owner = "serverphone"; + # group = "serverphone"; + # }; + # serverphoneServer = { + # file = ./serverphone/server.key; + # mode = "700"; + # owner = "serverphone"; + # group = "serverphone"; + # }; + + taskserverPrivate = { + file = ./taskserver/private.key; + mode = "700"; + owner = "soispha"; + group = "users"; + }; + taskserverPublic = { + file = ./taskserver/public.cert; + mode = "700"; + owner = "soispha"; + group = "users"; + }; + taskserverCA = { + file = ./taskserver/ca.cert; + mode = "700"; + owner = "soispha"; + group = "users"; + }; + taskserverCredentials = { + file = ./taskserver/credentials; + mode = "700"; + owner = "soispha"; + group = "users"; + }; + }; + }; + }; +} diff --git a/sys/secrets/lf/cd_paths b/modules/system/secrets/lf/cd_paths index fff32c61..fff32c61 100644 --- a/sys/secrets/lf/cd_paths +++ b/modules/system/secrets/lf/cd_paths diff --git a/sys/secrets/nheko/conf.apzu b/modules/system/secrets/nheko/conf.apzu index a4f704ea..a4f704ea 100644 --- a/sys/secrets/nheko/conf.apzu +++ b/modules/system/secrets/nheko/conf.apzu diff --git a/sys/secrets/nheko/conf.isimud b/modules/system/secrets/nheko/conf.isimud index ef6c52b6..ef6c52b6 100644 --- a/sys/secrets/nheko/conf.isimud +++ b/modules/system/secrets/nheko/conf.isimud diff --git a/sys/secrets/nheko/conf.tiamat b/modules/system/secrets/nheko/conf.tiamat index 51cab7df..51cab7df 100644 --- a/sys/secrets/nheko/conf.tiamat +++ b/modules/system/secrets/nheko/conf.tiamat diff --git a/sys/secrets/secrets.nix b/modules/system/secrets/secrets.nix index cd6447b7..cd6447b7 100644 --- a/sys/secrets/secrets.nix +++ b/modules/system/secrets/secrets.nix diff --git a/sys/secrets/serverphone/ca.key b/modules/system/secrets/serverphone/ca.key index d49c5395..d49c5395 100644 --- a/sys/secrets/serverphone/ca.key +++ b/modules/system/secrets/serverphone/ca.key diff --git a/sys/secrets/serverphone/server.key b/modules/system/secrets/serverphone/server.key index a2720406..a2720406 100644 --- a/sys/secrets/serverphone/server.key +++ b/modules/system/secrets/serverphone/server.key diff --git a/sys/secrets/taskserver/ca.cert b/modules/system/secrets/taskserver/ca.cert index 203d62a8..203d62a8 100644 --- a/sys/secrets/taskserver/ca.cert +++ b/modules/system/secrets/taskserver/ca.cert diff --git a/sys/secrets/taskserver/credentials b/modules/system/secrets/taskserver/credentials index f3aaf502..f3aaf502 100644 --- a/sys/secrets/taskserver/credentials +++ b/modules/system/secrets/taskserver/credentials diff --git a/sys/secrets/taskserver/private.key b/modules/system/secrets/taskserver/private.key index 5afecdaf..5afecdaf 100644 --- a/sys/secrets/taskserver/private.key +++ b/modules/system/secrets/taskserver/private.key diff --git a/sys/secrets/taskserver/public.cert b/modules/system/secrets/taskserver/public.cert index 1cf9b5f0..1cf9b5f0 100644 --- a/sys/secrets/taskserver/public.cert +++ b/modules/system/secrets/taskserver/public.cert diff --git a/sys/secrets/update.sh b/modules/system/secrets/update.sh index edc4ae8a..edc4ae8a 100755 --- a/sys/secrets/update.sh +++ b/modules/system/secrets/update.sh |