about summary refs log tree commit diff stats
path: root/modules/system/services/serverphone/default.nix
blob: 20125a757e2512afb9f717e9c0a835249ef9c667 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
{
  config,
  serverphone,
  system,
  lib,
  ...
}: {
  config = lib.mkIf config.soispha.secrets.enable {
    services.serverphone = {
      package = "${serverphone.packages.${system}.default}";
      enable = true;
      domain = "localhost";
      configureDoas = true;
      acceptedSshKeys = [
        "AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME"
      ];
      authorized = {
        acceptedGpgKeys = [
          {
            source = ./keys/key_1;
            trust = "ultimate";
          }
          {
            source = ./keys/key_2;
            trust = "ultimate";
          }
        ];
      };
      caCertificate = "${./certificates/ca.crt}";
      certificate = "${./certificates/server.crt}";
      privateKey = config.age.secrets.serverphoneServer.path;
      certificateRequest = {
        acceptedUsers = [
          "soispha $argon2id$v=19$m=19456,t=2,p=1$EvhPENIBqL5b1RO5waNMWA$pJ8vDrCNJKDlqwB5bVDLjHVPEXm9McQhtt9OXSD8Zkc"
        ];
        caPrivateKey = config.age.secrets.serverphoneCa.path;
      };
    };

    users.users.serverphone = {
      group = "serverphone";
      isSystemUser = true;
      home = "/run/serverphone";
    };
    users.groups.serverphone = {
      members = ["serverphone"];
    };
  };
}