From 368cb6b0d25db2ae23be42ad51584de059997e51 Mon Sep 17 00:00:00 2001 From: Benedikt Peetz Date: Mon, 20 May 2024 16:10:21 +0200 Subject: refactor(sys): Modularize and move to `modules/system` or `pkgs` --- modules/system/services/serverphone/default.nix | 49 +++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 modules/system/services/serverphone/default.nix (limited to 'modules/system/services/serverphone/default.nix') diff --git a/modules/system/services/serverphone/default.nix b/modules/system/services/serverphone/default.nix new file mode 100644 index 00000000..20125a75 --- /dev/null +++ b/modules/system/services/serverphone/default.nix @@ -0,0 +1,49 @@ +{ + config, + serverphone, + system, + lib, + ... +}: { + config = lib.mkIf config.soispha.secrets.enable { + services.serverphone = { + package = "${serverphone.packages.${system}.default}"; + enable = true; + domain = "localhost"; + configureDoas = true; + acceptedSshKeys = [ + "AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME" + ]; + authorized = { + acceptedGpgKeys = [ + { + source = ./keys/key_1; + trust = "ultimate"; + } + { + source = ./keys/key_2; + trust = "ultimate"; + } + ]; + }; + caCertificate = "${./certificates/ca.crt}"; + certificate = "${./certificates/server.crt}"; + privateKey = config.age.secrets.serverphoneServer.path; + certificateRequest = { + acceptedUsers = [ + "soispha $argon2id$v=19$m=19456,t=2,p=1$EvhPENIBqL5b1RO5waNMWA$pJ8vDrCNJKDlqwB5bVDLjHVPEXm9McQhtt9OXSD8Zkc" + ]; + caPrivateKey = config.age.secrets.serverphoneCa.path; + }; + }; + + users.users.serverphone = { + group = "serverphone"; + isSystemUser = true; + home = "/run/serverphone"; + }; + users.groups.serverphone = { + members = ["serverphone"]; + }; + }; +} -- cgit 1.4.1