From 3f7852df408ac5bb5148e6d8cf7d837d730c101d Mon Sep 17 00:00:00 2001
From: Soispha <soispha@vhack.eu>
Date: Tue, 6 Jun 2023 15:13:32 +0200
Subject: Fix(system/services/serverphone): Fully add
---
system/services/default.nix | 1 +
system/services/serverphone/certificates/ca.crt | 10 ++++++
.../services/serverphone/certificates/server.crt | 10 ++++++
system/services/serverphone/default.nix | 36 +++++++++++++++++++++-
.../services/serverphone/keys/soispha_at_vhack.eu | 1 +
5 files changed, 57 insertions(+), 1 deletion(-)
create mode 100644 system/services/serverphone/certificates/ca.crt
create mode 100644 system/services/serverphone/certificates/server.crt
create mode 120000 system/services/serverphone/keys/soispha_at_vhack.eu
(limited to 'system/services')
diff --git a/system/services/default.nix b/system/services/default.nix
index d7505293..d90afaa7 100644
--- a/system/services/default.nix
+++ b/system/services/default.nix
@@ -6,6 +6,7 @@
./openssh
./printing
./scanning
+ ./serverphone
./snapper
./steam
./swaylock
diff --git a/system/services/serverphone/certificates/ca.crt b/system/services/serverphone/certificates/ca.crt
new file mode 100644
index 00000000..7a4ae6f9
--- /dev/null
+++ b/system/services/serverphone/certificates/ca.crt
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBXDCCAQOgAwIBAgIIRQ2wXiaD5pMwCgYIKoZIzj0EAwIwGTEXMBUGA1UEAwwO
+U2VydmVycGhvbmUgQ0EwHhcNMjMwNjA2MTIzNzM3WhcNMzMwNjAzMTIzNzM3WjAZ
+MRcwFQYDVQQDDA5TZXJ2ZXJwaG9uZSBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABDZMtz3liWniBedisStXDO2sxFCKBH239ezH7uADu8g5peGssmNu1rXEDrg1
+sFwVUjQeJAocYYNoUeHiVpODf1ejNTAzMB0GA1UdDgQWBBST5oMmXrANRbCLIQpN
+W7e5uSCL3DASBgNVHRMBAf8ECDAGAQH/AgEBMAoGCCqGSM49BAMCA0cAMEQCIFig
+xA3MvRNP4uXaUEWwdP1pYL/R8N46G4NZrPEfiNV4AiA+NJSTFRCOUqEsvSb7PTFx
+YuMuJF4XxWnmStz3ym7xXA==
+-----END CERTIFICATE-----
diff --git a/system/services/serverphone/certificates/server.crt b/system/services/serverphone/certificates/server.crt
new file mode 100644
index 00000000..f994cdc8
--- /dev/null
+++ b/system/services/serverphone/certificates/server.crt
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBTjCB9KADAgECAgkAhKrdjsoiOrkwCgYIKoZIzj0EAwIwGTEXMBUGA1UEAwwO
+U2VydmVycGhvbmUgQ0EwHhcNMjMwNjA2MTIzOTIwWhcNMjQwNjA1MTIzOTIwWjAm
+MSQwIgYDVQQDDBtDbGllbnQgcnVubmluZyBvbiBsb2NhbGhvc3QwWTATBgcqhkjO
+PQIBBggqhkjOPQMBBwNCAAS1ILQo8ae8ydqFlt5RncUT7joQiozk6Omunb0vxVz5
+toJRDmVqc1s6KhpCTipUV5coTcaK1TBz0+fft+9VH7cwoxgwFjAUBgNVHREEDTAL
+gglsb2NhbGhvc3QwCgYIKoZIzj0EAwIDSQAwRgIhAN7ohtsBLrjlgmSe9ngovxZM
+z61n0+/7w2mtX/OrLMWIAiEAu+D2S2o0s7E9pp2Rkug8cT5T4GCWgFgEHk5x2L/E
+RVI=
+-----END CERTIFICATE-----
diff --git a/system/services/serverphone/default.nix b/system/services/serverphone/default.nix
index 6ad0fbdf..5b43f5ee 100644
--- a/system/services/serverphone/default.nix
+++ b/system/services/serverphone/default.nix
@@ -1,7 +1,41 @@
-{...}: {
+{
+ config,
+ serverphone,
+ system,
+ ...
+}: {
services.serverphone = {
+ package = "${serverphone.packages.${system}.default}";
enable = true;
+ domain = "localhost";
+ acceptedSshKeys = [
+ "AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME"
+ ];
+ authorized = {
+ acceptedGpgKeys = [
+ {
+ source = ./keys/soispha_at_vhack.eu;
+ trust = "ultimate";
+ }
+ ];
+ };
+ caCertificate = "certificates/ca.crt";
+ certificate = "certificates/server.crt";
+ privateKey = config.age.secrets.serverphoneServer.path;
+ certificateRequest = {
+ acceptedUsers = [
+ "soispha $argon2id$v=19$m=19456,t=2,p=1$EvhPENIBqL5b1RO5waNMWA$pJ
+8vDrCNJKDlqwB5bVDLjHVPEXm9McQhtt9OXSD8Zkc"
+ ];
+ caPrivateKey = config.age.secrets.serverphoneCa.path;
+ };
};
+
+ users.users.serverphone = {
+ group = "serverphone";
+ isSystemUser = true;
+ };
+ users.groups.serverphone = {};
}
# vim: ts=2
diff --git a/system/services/serverphone/keys/soispha_at_vhack.eu b/system/services/serverphone/keys/soispha_at_vhack.eu
new file mode 120000
index 00000000..0d7e61d5
--- /dev/null
+++ b/system/services/serverphone/keys/soispha_at_vhack.eu
@@ -0,0 +1 @@
+/home/soispha/repos/nix/nixos-config/home-manager/config/gpg/keys/soispha_at_vhack.eu
\ No newline at end of file
--
cgit 1.4.1