From ed51e818c1995f57b710327957c1d179980e4deb Mon Sep 17 00:00:00 2001 From: Benedikt Peetz Date: Fri, 18 Oct 2024 22:13:18 +0200 Subject: refactor(modules/secrets): Split into the modules, that need the secrets Storing the secrets in the module that actually needs them, is a cleaner solution. --- .../se/serverphone/module.currently_ignored.nix | 18 ++++++++++++++++++ modules/by-name/se/serverphone/private_keys/ca.key | 19 +++++++++++++++++++ .../by-name/se/serverphone/private_keys/server.key | 19 +++++++++++++++++++ 3 files changed, 56 insertions(+) create mode 100644 modules/by-name/se/serverphone/private_keys/ca.key create mode 100644 modules/by-name/se/serverphone/private_keys/server.key (limited to 'modules/by-name/se/serverphone') diff --git a/modules/by-name/se/serverphone/module.currently_ignored.nix b/modules/by-name/se/serverphone/module.currently_ignored.nix index 20125a75..2ffb062b 100644 --- a/modules/by-name/se/serverphone/module.currently_ignored.nix +++ b/modules/by-name/se/serverphone/module.currently_ignored.nix @@ -5,7 +5,25 @@ lib, ... }: { +# FIXME: Reactive this module, when serverphone is working again <2024-05-11> + config = lib.mkIf config.soispha.secrets.enable { + age.secrets = { + serverphoneCa = { + file = ./private_keys/ca.key; + mode = "700"; + owner = "serverphone"; + group = "serverphone"; + }; + serverphoneServer = { + file = ./private_keys/server.key; + mode = "700"; + owner = "serverphone"; + group = "serverphone"; + }; + }; + }; + services.serverphone = { package = "${serverphone.packages.${system}.default}"; enable = true; diff --git a/modules/by-name/se/serverphone/private_keys/ca.key b/modules/by-name/se/serverphone/private_keys/ca.key new file mode 100644 index 00000000..d49c5395 --- /dev/null +++ b/modules/by-name/se/serverphone/private_keys/ca.key @@ -0,0 +1,19 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyaGJNQkRRVy9MRXZ3b2tJ +Q2R1NUcrYUNGRE5uQkNyUDdkSm5rUWYxaXpjCjduMG1FSG1VamozdnJoVFFZUDYz +T2pyK1k3ekZ4RnFMaDFKdUZPWVNuR3MKLT4gc3NoLWVkMjU1MTkgelpFb25nIEpP +d0xwS3Nia3AwNmppRjZhODdzNXhEcnRsZW5rUzBQcTN6NWhWeTNiQ0EKTkpUZ1Jk +NHE3WVRzVEhpMnJGaVFpdkFBVW5QNThCSUdFSHVQR1RrQUJsZwotPiBzc2gtZWQy +NTUxOSA3SGZGVXcgdjJKUUtlRjE5UFEyR2tBOWhEbHNMVlNSOUMyZ1dkYkhYZWRW +by9QZ2UxTQpVSnhJcFFYay9LSStrSFFJcXJPWUxydXNGbUNXRVpLcHJibjM2TDlw +RnlVCi0+IGNHPjMiSyQtZ3JlYXNlIGcgdWZkbApmY0YzMmhDdzBWT0RKaWlUUmZP +bmRPOExuRVJ3Yk5mMFhYSnhlRENqWXJxK1VWdnBibUxzNWV1NHMyNVNXN054CmR0 +VFAzYUR0RHVaZUpOTlB3USt2TXVDcXdLOGtpZwotLS0gaTliQzBjbjdUYkVidURX +em9wcU04cDhNMHB6KzNBSVMyMmtSRERKS240SQryB70ZEgDQ4eJ/pjIWh6MBEUQr +iAx2i+J+XJu+74bC9DfB5rWpR4/HAdp8EF6wmi05TuEPUpG9brwm/mHi+FB/Drpu +00viGfM3dlCyALz1jB2W/MbruouK85o2L3RWDCgc+eT1gA+u2C7ZxO6iYA3aP4lu +ShDcSHlsKkh9lx4cRsNTua/8N+GQZLciSC7iMDroruxWj1HET9IxeeVN+VSuqcjW +ocX3LU2uU8vP9WT9zT1lbQB5Z0EM7W+ez61SjGpzrpXB2mpmi+SHOIWF3VdG1H8R +18BIyRjKIj5Op+8XD7qAe6nl9SSCnMURH+arc7yjNMgEbzFykfldfug2ibI2G/kW +OxeiEBoSFlC+V8ivS6I= +-----END AGE ENCRYPTED FILE----- diff --git a/modules/by-name/se/serverphone/private_keys/server.key b/modules/by-name/se/serverphone/private_keys/server.key new file mode 100644 index 00000000..a2720406 --- /dev/null +++ b/modules/by-name/se/serverphone/private_keys/server.key @@ -0,0 +1,19 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJZnBXSzF4K0ljR3B1Rkk1 +M0lSSkVmVlA2Tjcrd0JCRmhHWDY4bzNoYnhjCmsvQjJmYU5vNVh1Umw0dzhCQjNF +WVRhVHpUTUIzRVBxaXhFWHpuenZHN0kKLT4gc3NoLWVkMjU1MTkgelpFb25nIHAz +aG02dkxiNVRreVNadXJjbnc0bXBtSFRSNDhrYjljanUrNldwVFlabXcKU2c2L25r +VlNjeDFENUdQeWllenRGWlRqRW53UU5VNEdCaUZsbHpaL1ZFTQotPiBzc2gtZWQy +NTUxOSA3SGZGVXcgZytvUUhZSXhwQ01mQmtkZmhzdHJUd2tlQS9yYkxCdTBYZ2pJ +UEd4WEF4SQp4WVh2UEJReDVES2tCWlpqQS9aanQzRGRsSTA4S0VXSWZxZ2hoKzZq +YllzCi0+IEc4eC1ncmVhc2UgaGQhIGFydERoaS4gLERUcQprczdDdHhaOXpmN1VU +MDlHNlYzVmMxY09Oa2xzTVN6M0ZyYnpRSzJEMS9nMmlqRVo4Wk1qN1lKZnp0N0RT +UStuCm51L01Rb3ZxNUhEa0c5Z3orYlp0YmlXMkhpeHVJMjNkRFZYWmR3QmV2Zwot +LS0gdWJDeHZvc0xOMU9uUjUyMlRGUnlGSW9PZzVKWWNoa3pWbVM1OE9LdFk2NAo+ +WS82jL1us5iVw+xWVI80luHMs31hxZfQgJDBuFbtpY0nKkM97U7rusl6t8P+s93c +R0IYBEUuz6n33GTeVOLipDqkZftlOOvSZkFneZ766+GpEO01dCjeSW9KViDC1jI/ +721IXq9TQNZw0Ou3Vf5E0nDypsfG0UhEoLCy6QZL9YCIyl5s//kyFFnpQjyaGT/P +pRHGhD0BxZa2ib07WDWzBpsTFtVemwcn9lqAx7DlYV2X3UwCT3qVOVjDuA/j6qUt +8bCDoXs4/dWleHNHzpwRhe+j2W4OWDKp7o0zYqxkUuPpEWXL7+A+B/+/08nAtZQk +ZvJyaZSL5wicIPAjLxrD00z2QcE/ZPyUrXsi0gOovuk= +-----END AGE ENCRYPTED FILE----- -- cgit 1.4.1