about summary refs log tree commit diff stats
path: root/system/services/serverphone/default.nix
blob: 145accf74b843318b02a746cd016ddaab93bdbd0 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
{
  config,
  serverphone,
  system,
  ...
}: {
  services.serverphone = {
    package = "${serverphone.packages.${system}.default}";
    enable = true;
    domain = "localhost";
    configureDoas = true;
    acceptedSshKeys = [
      "AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME"
    ];
    authorized = {
      acceptedGpgKeys = [
        {
          source = ./keys/soispha_at_vhack.eu;
          trust = "ultimate";
        }
      ];
    };
    caCertificate = "${./certificates/ca.crt}";
    certificate = "${./certificates/server.crt}";
    privateKey = config.age.secrets.serverphoneServer.path;
    certificateRequest = {
      acceptedUsers = [
        "soispha $argon2id$v=19$m=19456,t=2,p=1$EvhPENIBqL5b1RO5waNMWA$pJ8vDrCNJKDlqwB5bVDLjHVPEXm9McQhtt9OXSD8Zkc"
      ];
      caPrivateKey = config.age.secrets.serverphoneCa.path;
    };
  };

  users.users.serverphone = {
    group = "serverphone";
    isSystemUser = true;
    home = "/run/serverphone";
  };
  users.groups.serverphone = {
    members = ["serverphone"];
  };
}
# vim: ts=2