From 3f7852df408ac5bb5148e6d8cf7d837d730c101d Mon Sep 17 00:00:00 2001 From: Soispha Date: Tue, 6 Jun 2023 15:13:32 +0200 Subject: Fix(system/services/serverphone): Fully add --- system/services/default.nix | 1 + system/services/serverphone/certificates/ca.crt | 10 ++++++ .../services/serverphone/certificates/server.crt | 10 ++++++ system/services/serverphone/default.nix | 36 +++++++++++++++++++++- .../services/serverphone/keys/soispha_at_vhack.eu | 1 + 5 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 system/services/serverphone/certificates/ca.crt create mode 100644 system/services/serverphone/certificates/server.crt create mode 120000 system/services/serverphone/keys/soispha_at_vhack.eu (limited to 'system/services') diff --git a/system/services/default.nix b/system/services/default.nix index d7505293..d90afaa7 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -6,6 +6,7 @@ ./openssh ./printing ./scanning + ./serverphone ./snapper ./steam ./swaylock diff --git a/system/services/serverphone/certificates/ca.crt b/system/services/serverphone/certificates/ca.crt new file mode 100644 index 00000000..7a4ae6f9 --- /dev/null +++ b/system/services/serverphone/certificates/ca.crt @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBXDCCAQOgAwIBAgIIRQ2wXiaD5pMwCgYIKoZIzj0EAwIwGTEXMBUGA1UEAwwO +U2VydmVycGhvbmUgQ0EwHhcNMjMwNjA2MTIzNzM3WhcNMzMwNjAzMTIzNzM3WjAZ +MRcwFQYDVQQDDA5TZXJ2ZXJwaG9uZSBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABDZMtz3liWniBedisStXDO2sxFCKBH239ezH7uADu8g5peGssmNu1rXEDrg1 +sFwVUjQeJAocYYNoUeHiVpODf1ejNTAzMB0GA1UdDgQWBBST5oMmXrANRbCLIQpN +W7e5uSCL3DASBgNVHRMBAf8ECDAGAQH/AgEBMAoGCCqGSM49BAMCA0cAMEQCIFig +xA3MvRNP4uXaUEWwdP1pYL/R8N46G4NZrPEfiNV4AiA+NJSTFRCOUqEsvSb7PTFx +YuMuJF4XxWnmStz3ym7xXA== +-----END CERTIFICATE----- diff --git a/system/services/serverphone/certificates/server.crt b/system/services/serverphone/certificates/server.crt new file mode 100644 index 00000000..f994cdc8 --- /dev/null +++ b/system/services/serverphone/certificates/server.crt @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBTjCB9KADAgECAgkAhKrdjsoiOrkwCgYIKoZIzj0EAwIwGTEXMBUGA1UEAwwO +U2VydmVycGhvbmUgQ0EwHhcNMjMwNjA2MTIzOTIwWhcNMjQwNjA1MTIzOTIwWjAm +MSQwIgYDVQQDDBtDbGllbnQgcnVubmluZyBvbiBsb2NhbGhvc3QwWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAAS1ILQo8ae8ydqFlt5RncUT7joQiozk6Omunb0vxVz5 +toJRDmVqc1s6KhpCTipUV5coTcaK1TBz0+fft+9VH7cwoxgwFjAUBgNVHREEDTAL +gglsb2NhbGhvc3QwCgYIKoZIzj0EAwIDSQAwRgIhAN7ohtsBLrjlgmSe9ngovxZM +z61n0+/7w2mtX/OrLMWIAiEAu+D2S2o0s7E9pp2Rkug8cT5T4GCWgFgEHk5x2L/E +RVI= +-----END CERTIFICATE----- diff --git a/system/services/serverphone/default.nix b/system/services/serverphone/default.nix index 6ad0fbdf..5b43f5ee 100644 --- a/system/services/serverphone/default.nix +++ b/system/services/serverphone/default.nix @@ -1,7 +1,41 @@ -{...}: { +{ + config, + serverphone, + system, + ... +}: { services.serverphone = { + package = "${serverphone.packages.${system}.default}"; enable = true; + domain = "localhost"; + acceptedSshKeys = [ + "AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME" + ]; + authorized = { + acceptedGpgKeys = [ + { + source = ./keys/soispha_at_vhack.eu; + trust = "ultimate"; + } + ]; + }; + caCertificate = "certificates/ca.crt"; + certificate = "certificates/server.crt"; + privateKey = config.age.secrets.serverphoneServer.path; + certificateRequest = { + acceptedUsers = [ + "soispha $argon2id$v=19$m=19456,t=2,p=1$EvhPENIBqL5b1RO5waNMWA$pJ +8vDrCNJKDlqwB5bVDLjHVPEXm9McQhtt9OXSD8Zkc" + ]; + caPrivateKey = config.age.secrets.serverphoneCa.path; + }; }; + + users.users.serverphone = { + group = "serverphone"; + isSystemUser = true; + }; + users.groups.serverphone = {}; } # vim: ts=2 diff --git a/system/services/serverphone/keys/soispha_at_vhack.eu b/system/services/serverphone/keys/soispha_at_vhack.eu new file mode 120000 index 00000000..0d7e61d5 --- /dev/null +++ b/system/services/serverphone/keys/soispha_at_vhack.eu @@ -0,0 +1 @@ +/home/soispha/repos/nix/nixos-config/home-manager/config/gpg/keys/soispha_at_vhack.eu \ No newline at end of file -- cgit 1.4.1