Refactor(treewide): Abbreviate path names

1 files changed, 49 insertions, 0 deletions

diff --git a/sys/svcs/serverphone/default.nix b/sys/svcs/serverphone/default.nix
new file mode 100644
index 00000000..20125a75
--- /dev/null
+++ b/sys/svcs/serverphone/default.nix
@@ -0,0 +1,49 @@
+{
+  config,
+  serverphone,
+  system,
+  lib,
+  ...
+}: {
+  config = lib.mkIf config.soispha.secrets.enable {
+    services.serverphone = {
+      package = "${serverphone.packages.${system}.default}";
+      enable = true;
+      domain = "localhost";
+      configureDoas = true;
+      acceptedSshKeys = [
+        "AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME"
+      ];
+      authorized = {
+        acceptedGpgKeys = [
+          {
+            source = ./keys/key_1;
+            trust = "ultimate";
+          }
+          {
+            source = ./keys/key_2;
+            trust = "ultimate";
+          }
+        ];
+      };
+      caCertificate = "${./certificates/ca.crt}";
+      certificate = "${./certificates/server.crt}";
+      privateKey = config.age.secrets.serverphoneServer.path;
+      certificateRequest = {
+        acceptedUsers = [
+          "soispha $argon2id$v=19$m=19456,t=2,p=1$EvhPENIBqL5b1RO5waNMWA$pJ8vDrCNJKDlqwB5bVDLjHVPEXm9McQhtt9OXSD8Zkc"
+        ];
+        caPrivateKey = config.age.secrets.serverphoneCa.path;
+      };
+    };
+
+    users.users.serverphone = {
+      group = "serverphone";
+      isSystemUser = true;
+      home = "/run/serverphone";
+    };
+    users.groups.serverphone = {
+      members = ["serverphone"];
+    };
+  };
+}