diff options
Diffstat (limited to '')
| -rw-r--r-- | hosts/by-name/server1/configuration.nix | 1 | ||||
| -rw-r--r-- | hosts/by-name/server2/configuration.nix | 4 | ||||
| -rw-r--r-- | hosts/by-name/server2/secrets/etesync/secret_file.age | 17 | ||||
| -rw-r--r-- | modules/by-name/co/constants/module.nix | 2 | ||||
| -rw-r--r-- | modules/by-name/et/etesync/module.nix | 10 | ||||
| -rw-r--r-- | modules/by-name/et/etesync/secret_file.age | 19 | ||||
| -rw-r--r-- | secrets.nix | 2 |
7 files changed, 33 insertions, 22 deletions
diff --git a/hosts/by-name/server1/configuration.nix b/hosts/by-name/server1/configuration.nix index 20b375b..7a6e5b2 100644 --- a/hosts/by-name/server1/configuration.nix +++ b/hosts/by-name/server1/configuration.nix @@ -13,7 +13,6 @@ privatePassword = ./secrets/backuppass.age; user = "u384702-sub2"; }; - etesync.enable = true; nginx.enable = true; openssh.enable = true; postgresql.enable = true; diff --git a/hosts/by-name/server2/configuration.nix b/hosts/by-name/server2/configuration.nix index 7bdb4d0..de9fc4d 100644 --- a/hosts/by-name/server2/configuration.nix +++ b/hosts/by-name/server2/configuration.nix @@ -27,6 +27,10 @@ privatePassword = ./secrets/backuppass.age; user = "u384702-sub3"; }; + etesync = { + enable = true; + secretFile = ./secrets/etesync/secret_file.age; + }; fail2ban.enable = true; git-server = { enable = true; diff --git a/hosts/by-name/server2/secrets/etesync/secret_file.age b/hosts/by-name/server2/secrets/etesync/secret_file.age new file mode 100644 index 0000000..ac578a4 --- /dev/null +++ b/hosts/by-name/server2/secrets/etesync/secret_file.age @@ -0,0 +1,17 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBheEs5eGhURk1DY2RpczNV +RUNzREpUdFZpdXBzMlhMbW8zT3BGUzJMT0ZBClBqRUhEdU9VY1FzYkxnN3NpY3Ew +Wk1tRmVxaDJoL1dySDBKWndmOGNtaGsKLT4gWDI1NTE5IHJXWk5mYjFBczVyWnNN +S1B5WWVnaGdhVXRXMGxuY3NrL3VyQXJteUkvUncKSENKVkQramxwU2E1S3dvN0du +cUFzQktMdFVGdjRuaFNaUHBxV3ZaWThvawotPiBzc2gtZWQyNTUxOSBYUG94RFEg +Z2t3TVN6R1p5UDNHNS9LbklKKyszcUI3bHNTZjBOeGQ3ektNeGt6ekpWZwpoZ1Vo +Z0laeStlMDFQRlE1T25Td1pGRFhlWVg5L1JxTG8wU3dwZXpQQlFRCi0+IFRWeScp +KC1ncmVhc2UKbk14RXlNNW5lZXNFNXJoM1ptMHFWTTZmTk5LVnZOcGhRNVIvZjd2 +aTFhRHViWU0KLS0tICt2TnhuME1yUUxqckRacSthQThYOWxkbnl4R2tMc3B4TjRv +WnJMZUhXWmsKwIbI3Wixb/DAac1pHDpRIf+kznq7RKoO/FrSeR6J3gjntMtS8lwW +c+D2NWYqlURR68o5+kJ5dzCpa+oOHy3fnU9yV18fzhOaqz8bWjYpjl1pAxjEIDMO +p5hNsry2WGegLe3dAFwj+c0f52qHCZhcqBvaizUssIN0wkugK6Uq+JtgHMOWMLxg +2qJPc11soq/CfWJvKMzQWMN2ndnjD4s0ZOVLFHuL6/kSFnPlN/1SP3/3Z8cEerm0 +C4GEjDwRei7iHdBuILStgjneJoaxXLZth4ZdsgH/Jd0wmaERg+DytIDqE5ryRG6f +Jo2VR/wUvq+UGgJuCAo6L6vGtBHuwTo7X5azQQwlRCdg +-----END AGE ENCRYPTED FILE----- diff --git a/modules/by-name/co/constants/module.nix b/modules/by-name/co/constants/module.nix index 4f241b6..b344fcd 100644 --- a/modules/by-name/co/constants/module.nix +++ b/modules/by-name/co/constants/module.nix @@ -36,6 +36,7 @@ rspamd = 225; opendkim = 221; virtualMail = 5000; + etebase-server = 998; # As per the NixOS file, the uids should not be greater or equal to 400; }; @@ -57,6 +58,7 @@ rspamd = 225; opendkim = 221; virtualMail = 5000; + etebase-server = 998; # The gid should match the uid. Thus should not be >= 400; }; diff --git a/modules/by-name/et/etesync/module.nix b/modules/by-name/et/etesync/module.nix index b82baa2..bcabc8a 100644 --- a/modules/by-name/et/etesync/module.nix +++ b/modules/by-name/et/etesync/module.nix @@ -9,6 +9,10 @@ in { enable = lib.mkEnableOption '' a secure, end-to-end encrypted, and privacy respecting sync for your contacts, calendars, tasks and notes. ''; + secretFile = lib.mkOption { + type = lib.types.path; + description = "The age encrypted globale etebase secretfile passed to agenix"; + }; }; config = lib.mkIf cfg.enable { @@ -25,7 +29,7 @@ in { }; age.secrets.etebase-server = { - file = ./secret_file.age; + file = cfg.secretFile; mode = "700"; owner = "etebase-server"; group = "etebase-server"; @@ -68,5 +72,9 @@ in { }; }; }; + users = { + users.etebase-server.uid = config.vhack.constants.ids.uids.etebase-server; + groups.etebase-server.gid = config.vhack.constants.ids.gids.etebase-server; + }; }; } diff --git a/modules/by-name/et/etesync/secret_file.age b/modules/by-name/et/etesync/secret_file.age deleted file mode 100644 index 14ec98f..0000000 --- a/modules/by-name/et/etesync/secret_file.age +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBcVlGLytoT1VHYUROc0xT -cURYOXlEYlBXcFpVb044L2FibUdTTjBGMTJ3Cm5PVEpWUUg0NTFocWFIL2RCOWxh -SjY4Qk94WFJWcHdRSVgvVnZOd2k5NTAKLT4gWDI1NTE5IHQvNlJ1Ti9FeCszVEtl -cUV4eHBKc0NUSDhzemYrMitPTlBpNGNqcm03UVEKaFNwWW5QdzNiL3V0TnQ2NTF4 -ZjQ0RHVsV25pTG8yWS9ZMnpxM01xN05IZwotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -ZlJMd09iQXdQVjUxeEhXZjBqQ0lGYWhESEltaXhhNWpuQjFpR0k5Ni96WQpHcHR1 -cDBnQzBsRGNpOXlOWHJ6M1NxVXQ5R1ZObFpKK1lSQ0dQcVV3ZkEwCi0+IDtBREh8 -LWdyZWFzZSBLZFtrS0ggUmg6IGBjL31oOAo0dWZGWmVaNzNWa2F1L0h3bkpFdWQ3 -RjRxTlV2OGp0bGcyaWYxMlpQcVFhVmNKWjNkTnY0cXBESU9adzNPdHRJCi9TOTlt -bVpQQ2dKNU1BZHo1dCtET2F6Rkw1QjBwd3pUa2h2NUFoZVAxN2VTUHZScUxBCi0t -LSBvWVJERVRmYU82VHB2Uy9seEdROG1qWmMxcXJHM0pxYm5nRGc2N21SNDRjCvxO -sER1H7+hqzci75/qZJqGyxtMmuR8IaiiexOQkmz0ZTfqTRGjdY2x6OwYtShvOWtH -4grLGtPCuRcMjKIUnixB2vSaJ1Kso/oHfaT0Zkxvd2TwcqpHk+K+eHgU6f8/MlS1 -e1Mx+fjfb2SIQ3FaMJTCG0XpTrK2mHESLYB/ZWk2LZnYthDt/V4EadfZ03nnrVYN -OGXaSbOhUeBGT0YrxVETRXrrlzAr92qUc/GH4pPCTIe0oe3kl7mHIcUXCgUVQ8DQ -w+/CMqToQyhYN8oQ+PRr4N1+1SLLAHDbD6SM2KQvn4OxWVjQ8+RHaYDV3rP71qCF -RNPk+gQ5axDQSYe/Ew7P6qVhFSoPCw== ------END AGE ENCRYPTED FILE----- diff --git a/secrets.nix b/secrets.nix index d3b6e51..aef461e 100644 --- a/secrets.nix +++ b/secrets.nix @@ -24,7 +24,6 @@ let server3HostKey ]; in { - "./modules/by-name/et/etesync/secret_file.age".publicKeys = server1; "./modules/by-name/pe/peertube/secrets/general.age".publicKeys = server3; "./modules/by-name/pe/peertube/secrets/smtp.age".publicKeys = server3; "./modules/by-name/mi/miniflux/secrets/admin.age".publicKeys = server3; @@ -36,6 +35,7 @@ in { "./hosts/by-name/server2/secrets/backuppass.age".publicKeys = server2; "./hosts/by-name/server2/secrets/backupssh.age".publicKeys = server2; + "./hosts/by-name/server2/secrets/etesync/secret_file.age".publicKeys = server2; "./hosts/by-name/server3/secrets/backuppass.age".publicKeys = server3; "./hosts/by-name/server3/secrets/backupssh.age".publicKeys = server3; |