blob: 145accf74b843318b02a746cd016ddaab93bdbd0 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
{
config,
serverphone,
system,
...
}: {
services.serverphone = {
package = "${serverphone.packages.${system}.default}";
enable = true;
domain = "localhost";
configureDoas = true;
acceptedSshKeys = [
"AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME"
];
authorized = {
acceptedGpgKeys = [
{
source = ./keys/soispha_at_vhack.eu;
trust = "ultimate";
}
];
};
caCertificate = "${./certificates/ca.crt}";
certificate = "${./certificates/server.crt}";
privateKey = config.age.secrets.serverphoneServer.path;
certificateRequest = {
acceptedUsers = [
"soispha $argon2id$v=19$m=19456,t=2,p=1$EvhPENIBqL5b1RO5waNMWA$pJ8vDrCNJKDlqwB5bVDLjHVPEXm9McQhtt9OXSD8Zkc"
];
caPrivateKey = config.age.secrets.serverphoneCa.path;
};
};
users.users.serverphone = {
group = "serverphone";
isSystemUser = true;
home = "/run/serverphone";
};
users.groups.serverphone = {
members = ["serverphone"];
};
}
# vim: ts=2
|