From 567630adeb82eadfa5bcf0b19afd16173a470a97 Mon Sep 17 00:00:00 2001 From: Silas Schöffel Date: Sat, 25 Jan 2025 21:51:33 +0100 Subject: feat(peertube): make secrets configurable --- hosts/by-name/server3/configuration.nix | 6 +++++- hosts/by-name/server3/secrets/peertube/general.age | 16 ++++++++++++++++ hosts/by-name/server3/secrets/peertube/smtp.age | 15 +++++++++++++++ modules/by-name/pe/peertube/module.nix | 13 ++++++++++--- modules/by-name/pe/peertube/secrets/general.age | 16 ---------------- modules/by-name/pe/peertube/secrets/smtp.age | 15 --------------- secrets.nix | 4 ++-- 7 files changed, 48 insertions(+), 37 deletions(-) create mode 100644 hosts/by-name/server3/secrets/peertube/general.age create mode 100644 hosts/by-name/server3/secrets/peertube/smtp.age delete mode 100644 modules/by-name/pe/peertube/secrets/general.age delete mode 100644 modules/by-name/pe/peertube/secrets/smtp.age diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix index de4c1dd..33dfd48 100644 --- a/hosts/by-name/server3/configuration.nix +++ b/hosts/by-name/server3/configuration.nix @@ -40,7 +40,11 @@ }; nixconfig.enable = true; openssh.enable = true; - peertube.enable = true; + peertube = { + enable = true; + peertubeGeneral = ./secrets/peertube/general.age; + smtpPasswordFile = ./secrets/peertube/smtp.age; + }; persist = { enable = true; directories = [ diff --git a/hosts/by-name/server3/secrets/peertube/general.age b/hosts/by-name/server3/secrets/peertube/general.age new file mode 100644 index 0000000..f3cba8b --- /dev/null +++ b/hosts/by-name/server3/secrets/peertube/general.age @@ -0,0 +1,16 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYkJyN1JhNnZQRlNDK3hy +aHFwSnVBSWFLK0lhU0hUSE4wLysrcmxlTkhJClpHa2hzSTZobmh5eHNuR0FST2pv +eGJtVmZSSjBGTUVCZ05PdStZRGZjTU0KLT4gWDI1NTE5IGg3ZmZXMTdlTEFBVmt2 +OVExVld0Qkc2bFMyV1NZZTd4bUtkOWdNY0N1M1EKU1UxR2V1emtyeDdkQ0RwUGVv +cVJLcWllK2x4K3JNOExGSktIOW5SbldCbwotPiBzc2gtZWQyNTUxOSBweXU5Ymcg +MGZMUHNCWUFESVVERzN3Q0krUGZ3Z1QwTUdUc0NCRkg4UFdKa2l1ZGJSRQo5YXlB +aENyTW1idUxvVW5vRHp3L2dPVUtZS0dRa0JpaWo5RjdTcEsrK2VRCi0+ICN2bC1n +cmVhc2UgPF0qV3N2IEZ0XTEnRSBxMDc7SWBCCnNJMGNWQkxZOFU0SzJSUUtoK3FI +Ulp0T3FGeDdOUVZVRXRXRWRzSEdkWmFGeEF3RStWU1RMS3BLTlpxU0N1UmkKV3lJ +a05yWm1GMC90VTFFcWpPTlliOUZoUGtMVlJsbTRSbGRyVi9kZDhxM0x4Qk82RUM4 +enZVT1RLNmd5SkEKLS0tIGRucFFNTFNSWnNtamlZTE9hM0k4QzRhZ21FZ2t5Ynpo +Rno5UjVzRUFhcmMKWa8uscZL8FWMZ5zPstM7LraYV4PyuVhOHq3f3BBRr5rkptmK +DHAye+FmVX7+Fqqk0ynyK92v2ti86i/iuWiNzImLWI6xkBruFEo3lpnnc8rAdslR +c+8e2ntLGIRHbTVMwg== +-----END AGE ENCRYPTED FILE----- diff --git a/hosts/by-name/server3/secrets/peertube/smtp.age b/hosts/by-name/server3/secrets/peertube/smtp.age new file mode 100644 index 0000000..e0af2d1 --- /dev/null +++ b/hosts/by-name/server3/secrets/peertube/smtp.age @@ -0,0 +1,15 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBncFdORy9uSXJabkJFVVc5 +QXJnS3FZQzJmTXdsckNxNjU3SGRTUEdnZ3hRCm5DNDVJbEw5VVlTS2k2Y2p6aEhX +QzdKbXVTV3dzSHBYN0RkN1NnL0RTR0kKLT4gWDI1NTE5IEdudmllbmRud1ZVTzI3 +TWQ0cWhKSTkrbkJyelZUUThwNkdoVFhRZW12MFEKUXczc0w3ZjRUTE83UGY5d2gx +YmpHUlJacXAyY2hXSy9aWkxOZmJwaHRqOAotPiBzc2gtZWQyNTUxOSBweXU5Ymcg +Z3ZNSUY2NFA1L0lad3FJWDlvLzVJZDlrdS9Nc3RxZGZHWEk1SlBIeGhRMAo2WnVL +WXcxYWd1aGN0ZVAxb3ZEOXFKMTRFNjcwVFhmRVN0TXJrYXFsV0VzCi0+ID90SSE+ +LWdyZWFzZSA5XjlPCjlENzA2TmkreUZpYllXZ290RHMKLS0tIE0zMHAvWDVWYWdG +S1pGVFdMVWp1R0QzSzVpczhrSGJUNVdKTlpHT0JZRGcKlqZQsbkUV/cp+xQvzQKA +AtBpJl9Fho5Szb+GOL2xEKH6KV6LTI8xaOE2KWRyhNSwH682InD5ilCaCYbHz5aW +u7SfKWTBGj6gjwUlIJEvBzJWIXgXPcoMqgIZNe1HH52IQWJfZN5H01dHjic7mYrm +nW5S5EEczDR6nHTKf7dsZLmbTctb90lM80rlDS5Q16QrR4VPElTJGySu/hLtl1ep +r0w= +-----END AGE ENCRYPTED FILE----- diff --git a/modules/by-name/pe/peertube/module.nix b/modules/by-name/pe/peertube/module.nix index a37ff03..e65e0b5 100644 --- a/modules/by-name/pe/peertube/module.nix +++ b/modules/by-name/pe/peertube/module.nix @@ -1,7 +1,6 @@ { config, lib, - pkgs, ... }: let cfg = config.vhack.peertube; @@ -10,6 +9,14 @@ in { enable = lib.mkEnableOption '' the peertube video platform. ''; + peertubeGeneral = lib.mkOption { + type = lib.types.path; + description = "The age encrypted general secret file passed to agenix"; + }; + smtpPasswordFile = lib.mkOption { + type = lib.types.path; + description = "The age encrypted smtp password file passed to agenix"; + }; }; config = lib.mkIf cfg.enable { @@ -86,13 +93,13 @@ in { age.secrets = { peertubeGeneral = { - file = ./secrets/general.age; + file = cfg.peertubeGeneral; mode = "700"; owner = "peertube"; group = "peertube"; }; peertubeSmtp = { - file = ./secrets/smtp.age; + file = cfg.smtpPasswordFile; mode = "700"; owner = "peertube"; group = "peertube"; diff --git a/modules/by-name/pe/peertube/secrets/general.age b/modules/by-name/pe/peertube/secrets/general.age deleted file mode 100644 index f3cba8b..0000000 --- a/modules/by-name/pe/peertube/secrets/general.age +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYkJyN1JhNnZQRlNDK3hy -aHFwSnVBSWFLK0lhU0hUSE4wLysrcmxlTkhJClpHa2hzSTZobmh5eHNuR0FST2pv -eGJtVmZSSjBGTUVCZ05PdStZRGZjTU0KLT4gWDI1NTE5IGg3ZmZXMTdlTEFBVmt2 -OVExVld0Qkc2bFMyV1NZZTd4bUtkOWdNY0N1M1EKU1UxR2V1emtyeDdkQ0RwUGVv -cVJLcWllK2x4K3JNOExGSktIOW5SbldCbwotPiBzc2gtZWQyNTUxOSBweXU5Ymcg -MGZMUHNCWUFESVVERzN3Q0krUGZ3Z1QwTUdUc0NCRkg4UFdKa2l1ZGJSRQo5YXlB -aENyTW1idUxvVW5vRHp3L2dPVUtZS0dRa0JpaWo5RjdTcEsrK2VRCi0+ICN2bC1n -cmVhc2UgPF0qV3N2IEZ0XTEnRSBxMDc7SWBCCnNJMGNWQkxZOFU0SzJSUUtoK3FI -Ulp0T3FGeDdOUVZVRXRXRWRzSEdkWmFGeEF3RStWU1RMS3BLTlpxU0N1UmkKV3lJ -a05yWm1GMC90VTFFcWpPTlliOUZoUGtMVlJsbTRSbGRyVi9kZDhxM0x4Qk82RUM4 -enZVT1RLNmd5SkEKLS0tIGRucFFNTFNSWnNtamlZTE9hM0k4QzRhZ21FZ2t5Ynpo -Rno5UjVzRUFhcmMKWa8uscZL8FWMZ5zPstM7LraYV4PyuVhOHq3f3BBRr5rkptmK -DHAye+FmVX7+Fqqk0ynyK92v2ti86i/iuWiNzImLWI6xkBruFEo3lpnnc8rAdslR -c+8e2ntLGIRHbTVMwg== ------END AGE ENCRYPTED FILE----- diff --git a/modules/by-name/pe/peertube/secrets/smtp.age b/modules/by-name/pe/peertube/secrets/smtp.age deleted file mode 100644 index e0af2d1..0000000 --- a/modules/by-name/pe/peertube/secrets/smtp.age +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBncFdORy9uSXJabkJFVVc5 -QXJnS3FZQzJmTXdsckNxNjU3SGRTUEdnZ3hRCm5DNDVJbEw5VVlTS2k2Y2p6aEhX -QzdKbXVTV3dzSHBYN0RkN1NnL0RTR0kKLT4gWDI1NTE5IEdudmllbmRud1ZVTzI3 -TWQ0cWhKSTkrbkJyelZUUThwNkdoVFhRZW12MFEKUXczc0w3ZjRUTE83UGY5d2gx -YmpHUlJacXAyY2hXSy9aWkxOZmJwaHRqOAotPiBzc2gtZWQyNTUxOSBweXU5Ymcg -Z3ZNSUY2NFA1L0lad3FJWDlvLzVJZDlrdS9Nc3RxZGZHWEk1SlBIeGhRMAo2WnVL -WXcxYWd1aGN0ZVAxb3ZEOXFKMTRFNjcwVFhmRVN0TXJrYXFsV0VzCi0+ID90SSE+ -LWdyZWFzZSA5XjlPCjlENzA2TmkreUZpYllXZ290RHMKLS0tIE0zMHAvWDVWYWdG -S1pGVFdMVWp1R0QzSzVpczhrSGJUNVdKTlpHT0JZRGcKlqZQsbkUV/cp+xQvzQKA -AtBpJl9Fho5Szb+GOL2xEKH6KV6LTI8xaOE2KWRyhNSwH682InD5ilCaCYbHz5aW -u7SfKWTBGj6gjwUlIJEvBzJWIXgXPcoMqgIZNe1HH52IQWJfZN5H01dHjic7mYrm -nW5S5EEczDR6nHTKf7dsZLmbTctb90lM80rlDS5Q16QrR4VPElTJGySu/hLtl1ep -r0w= ------END AGE ENCRYPTED FILE----- diff --git a/secrets.nix b/secrets.nix index 9a018f4..d2b2b51 100644 --- a/secrets.nix +++ b/secrets.nix @@ -17,8 +17,6 @@ let server3HostKey ]; in { - "./modules/by-name/pe/peertube/secrets/general.age".publicKeys = server3; - "./modules/by-name/pe/peertube/secrets/smtp.age".publicKeys = server3; "./modules/by-name/mi/miniflux/secrets/admin.age".publicKeys = server3; "./modules/by-name/ma/mastodon/mail.age".publicKeys = server3; "./modules/by-name/ma/matrix/passwd.age".publicKeys = server3; @@ -29,4 +27,6 @@ in { "./hosts/by-name/server3/secrets/backuppass.age".publicKeys = server3; "./hosts/by-name/server3/secrets/backupssh.age".publicKeys = server3; + "./hosts/by-name/server3/secrets/peertube/general.age".publicKeys = server3; + "./hosts/by-name/server3/secrets/peertube/smtp.age".publicKeys = server3; } -- cgit 1.4.1