aboutsummaryrefslogtreecommitdiffstats
path: root/modules/system/secrets
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/system/secrets/default.nix82
-rw-r--r--modules/system/secrets/lf/cd_paths (renamed from sys/secrets/lf/cd_paths)0
-rw-r--r--modules/system/secrets/nheko/conf.apzu (renamed from sys/secrets/nheko/conf.apzu)0
-rw-r--r--modules/system/secrets/nheko/conf.isimud (renamed from sys/secrets/nheko/conf.isimud)0
-rw-r--r--modules/system/secrets/nheko/conf.tiamat (renamed from sys/secrets/nheko/conf.tiamat)0
-rw-r--r--modules/system/secrets/secrets.nix (renamed from sys/secrets/secrets.nix)0
-rw-r--r--modules/system/secrets/serverphone/ca.key (renamed from sys/secrets/serverphone/ca.key)0
-rw-r--r--modules/system/secrets/serverphone/server.key (renamed from sys/secrets/serverphone/server.key)0
-rw-r--r--modules/system/secrets/taskserver/ca.cert (renamed from sys/secrets/taskserver/ca.cert)0
-rw-r--r--modules/system/secrets/taskserver/credentials (renamed from sys/secrets/taskserver/credentials)0
-rw-r--r--modules/system/secrets/taskserver/private.key (renamed from sys/secrets/taskserver/private.key)0
-rw-r--r--modules/system/secrets/taskserver/public.cert (renamed from sys/secrets/taskserver/public.cert)0
-rwxr-xr-xmodules/system/secrets/update.sh (renamed from sys/secrets/update.sh)0
13 files changed, 82 insertions, 0 deletions
diff --git a/modules/system/secrets/default.nix b/modules/system/secrets/default.nix
new file mode 100644
index 00000000..bbfaf9c1
--- /dev/null
+++ b/modules/system/secrets/default.nix
@@ -0,0 +1,82 @@
+{
+ config,
+ lib,
+ ...
+}: let
+ inherit (config.networking) hostName;
+ # mkFakeSecret = secretName: {
+ # name = secretName;
+ # value = {
+ # path = "/dev/null";
+ # };
+ # };
+ # fakeSecrets =
+ # builtins.listToAttrs (lib.debug.traceValSeqN 2 (builtins.map mkFakeSecret
+ # (lib.debug.traceValSeqN 2 (builtins.attrNames secrets))));
+ cfg = config.soispha.secrets;
+in {
+ options.soispha.secrets = {
+ enable = lib.mkEnableOption "secrets through agenix";
+ };
+
+ config = lib.mkIf cfg.enable {
+ age = {
+ secrets = {
+ # TODO: Remove this, as I'm no longer using nheko <2024-05-16>
+ nheko = {
+ file = ./nheko/conf. + hostName;
+ mode = "700";
+ owner = "soispha";
+ group = "users";
+ };
+
+ lf_cd_paths = {
+ file = ./lf/cd_paths;
+ mode = "700";
+ owner = "soispha";
+ group = "users";
+ };
+
+ # FIXME: Reactive when serverphone is merged in tree again <2024-05-11>
+ #
+ # serverphoneCa = {
+ # file = ./serverphone/ca.key;
+ # mode = "700";
+ # owner = "serverphone";
+ # group = "serverphone";
+ # };
+ # serverphoneServer = {
+ # file = ./serverphone/server.key;
+ # mode = "700";
+ # owner = "serverphone";
+ # group = "serverphone";
+ # };
+
+ taskserverPrivate = {
+ file = ./taskserver/private.key;
+ mode = "700";
+ owner = "soispha";
+ group = "users";
+ };
+ taskserverPublic = {
+ file = ./taskserver/public.cert;
+ mode = "700";
+ owner = "soispha";
+ group = "users";
+ };
+ taskserverCA = {
+ file = ./taskserver/ca.cert;
+ mode = "700";
+ owner = "soispha";
+ group = "users";
+ };
+ taskserverCredentials = {
+ file = ./taskserver/credentials;
+ mode = "700";
+ owner = "soispha";
+ group = "users";
+ };
+ };
+ };
+ };
+}
diff --git a/sys/secrets/lf/cd_paths b/modules/system/secrets/lf/cd_paths
index fff32c61..fff32c61 100644
--- a/sys/secrets/lf/cd_paths
+++ b/modules/system/secrets/lf/cd_paths
diff --git a/sys/secrets/nheko/conf.apzu b/modules/system/secrets/nheko/conf.apzu
index a4f704ea..a4f704ea 100644
--- a/sys/secrets/nheko/conf.apzu
+++ b/modules/system/secrets/nheko/conf.apzu
diff --git a/sys/secrets/nheko/conf.isimud b/modules/system/secrets/nheko/conf.isimud
index ef6c52b6..ef6c52b6 100644
--- a/sys/secrets/nheko/conf.isimud
+++ b/modules/system/secrets/nheko/conf.isimud
diff --git a/sys/secrets/nheko/conf.tiamat b/modules/system/secrets/nheko/conf.tiamat
index 51cab7df..51cab7df 100644
--- a/sys/secrets/nheko/conf.tiamat
+++ b/modules/system/secrets/nheko/conf.tiamat
diff --git a/sys/secrets/secrets.nix b/modules/system/secrets/secrets.nix
index cd6447b7..cd6447b7 100644
--- a/sys/secrets/secrets.nix
+++ b/modules/system/secrets/secrets.nix
diff --git a/sys/secrets/serverphone/ca.key b/modules/system/secrets/serverphone/ca.key
index d49c5395..d49c5395 100644
--- a/sys/secrets/serverphone/ca.key
+++ b/modules/system/secrets/serverphone/ca.key
diff --git a/sys/secrets/serverphone/server.key b/modules/system/secrets/serverphone/server.key
index a2720406..a2720406 100644
--- a/sys/secrets/serverphone/server.key
+++ b/modules/system/secrets/serverphone/server.key
diff --git a/sys/secrets/taskserver/ca.cert b/modules/system/secrets/taskserver/ca.cert
index 203d62a8..203d62a8 100644
--- a/sys/secrets/taskserver/ca.cert
+++ b/modules/system/secrets/taskserver/ca.cert
diff --git a/sys/secrets/taskserver/credentials b/modules/system/secrets/taskserver/credentials
index f3aaf502..f3aaf502 100644
--- a/sys/secrets/taskserver/credentials
+++ b/modules/system/secrets/taskserver/credentials
diff --git a/sys/secrets/taskserver/private.key b/modules/system/secrets/taskserver/private.key
index 5afecdaf..5afecdaf 100644
--- a/sys/secrets/taskserver/private.key
+++ b/modules/system/secrets/taskserver/private.key
diff --git a/sys/secrets/taskserver/public.cert b/modules/system/secrets/taskserver/public.cert
index 1cf9b5f0..1cf9b5f0 100644
--- a/sys/secrets/taskserver/public.cert
+++ b/modules/system/secrets/taskserver/public.cert
diff --git a/sys/secrets/update.sh b/modules/system/secrets/update.sh
index edc4ae8a..edc4ae8a 100755
--- a/sys/secrets/update.sh
+++ b/modules/system/secrets/update.sh
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-12 21:33:59 +0000