From 94b9ce350c1ee693a0823c0b1c49d2b796d677c2 Mon Sep 17 00:00:00 2001 From: Soispha Date: Thu, 28 Mar 2024 12:11:28 +0100 Subject: refactor(system/services/taskserver): Move away from git-crypt --- system/secrets/default.nix | 6 ++++++ system/secrets/secrets.nix | 1 + system/secrets/taskserver/systemd_tmpfiles.age | 17 +++++++++++++++++ system/services/taskserver/connected_users.nix | Bin 432 -> 0 bytes system/services/taskserver/default.nix | 8 ++++---- 5 files changed, 28 insertions(+), 4 deletions(-) create mode 100644 system/secrets/taskserver/systemd_tmpfiles.age delete mode 100644 system/services/taskserver/connected_users.nix (limited to 'system') diff --git a/system/secrets/default.nix b/system/secrets/default.nix index 1393849..b763570 100644 --- a/system/secrets/default.nix +++ b/system/secrets/default.nix @@ -49,6 +49,12 @@ owner = "root"; group = "root"; }; + taskserverSystemdTmpfiles = { + file = ./taskserver/systemd_tmpfiles.age; + mode = "700"; + owner = "root"; + group = "root"; + }; }; }; } diff --git a/system/secrets/secrets.nix b/system/secrets/secrets.nix index b450955..21558e3 100644 --- a/system/secrets/secrets.nix +++ b/system/secrets/secrets.nix @@ -19,4 +19,5 @@ in { "matrix-synapse/passwd.age".publicKeys = allSecrets; "miniflux/admin.age".publicKeys = allSecrets; "taskserver/ca.age".publicKeys = allSecrets; + "taskserver/systemd_tmpfiles.age".publicKeys = allSecrets; } diff --git a/system/secrets/taskserver/systemd_tmpfiles.age b/system/secrets/taskserver/systemd_tmpfiles.age new file mode 100644 index 0000000..9ddb060 --- /dev/null +++ b/system/secrets/taskserver/systemd_tmpfiles.age @@ -0,0 +1,17 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2dFg3YmpPeGVxTUoyREF3 +eWhObFJlTVh6K0pyZ3hBUWtNcXgvQ2NIZDJRCkI5K1JCM0VaazJjRmJ3Y0huZHY0 +eGhxOExlM2dqSGxPVlZKak9aQ2NrOG8KLT4gWDI1NTE5IGg5OW1FZ3pKeDBraDcx +MnN0UHBmdldVeDlmK1BoYVc2TUFNNytObmlSanMKUVcxcTRVMHFaenY3UEtkVkRN +VGZ1eVh2UDBqZXJtWkplcnpQQVV5dmFSRQotPiBzc2gtZWQyNTUxOSBPRDhUNGcg +RnRMVXB2aVpkL2VTZ21wb3h4SHFhbFJqV2pKcWVQRGJ3RDJBYWZ2RkkxZwpVcnNr +WVlXQ21Nc2NaUm5QbFhxWmticDE5ZmRmS0VRS0VScm9tUGs1N2lNCi0+IEdwPStW +TVd3LWdyZWFzZSBIciBIdnBbTjI1ClUyeTNTVWhFR2VuSjN5UVpBNDZzclVySUkx +L1NCUTZjMXU3YVlOVk05bFp6YjVFCi0tLSAyeGR3V29DNGszQ0IxU0wyOUxGYmM1 +U0xnTGI5a1pVWFR3THNNRHJOMXNrCh1RrcjPUulX7f1xrZUGoMobWnN6WovrgmeY +FoTo7+JkSedoCKkaDOyP25r4SJe7yUaLrVDUv+gf0KEi2+Bvfh4BIM2N/UsyMmOU +WiFh6UkhQLsePAtfIOd7yl7cDr3adVniulgRSryS1+WDY194BvEtEE/GIbhxAfUz +0Ef90Gp2uOHi3e3dVfy3/0d51Tci3KgWXcMCOe10i+sgnI59OVh6JAT4eykpfESJ +YgBnY45Us80JK1P2lTk8gkHTdvURe2PF4jm/a21XUvXdM7hBN4naSPK7v54at2MQ +xF5C1g== +-----END AGE ENCRYPTED FILE----- diff --git a/system/services/taskserver/connected_users.nix b/system/services/taskserver/connected_users.nix deleted file mode 100644 index 3955e48..0000000 Binary files a/system/services/taskserver/connected_users.nix and /dev/null differ diff --git a/system/services/taskserver/default.nix b/system/services/taskserver/default.nix index 79ba8ab..f51e52b 100644 --- a/system/services/taskserver/default.nix +++ b/system/services/taskserver/default.nix @@ -1,9 +1,9 @@ -{...}: let +{config, ...}: let taskStore = "/var/lib/taskserver"; in { - imports = [ - ./connected_users.nix - ]; + environment.etc = { + "tmpfiles.d/taskserver.conf".source = config.age.secrets.taskserverSystemdTmpfiles.path; + }; services.taskserver = { enable = true; pki.manual = { -- cgit 1.4.1