diff --git a/.locksverify b/.locksverify deleted file mode 100644 index e69de29..0000000 diff --git a/secrets/default.nix b/secrets/default.nix index 2e96df6..99356d8 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -1,37 +1,40 @@ -{ - config, - lib, - ... -}: let - inherit (lib) mkIf; - inherit (config.niksos) server; - +{config, ...}: let serviceUser = x: config.systemd.services.${x}.serviceConfig.User; - abstrServiceUser = x: config.services.${x}.user; in { age.secrets = { - password.file = ./password.age; - - # NOTE: server things - dcbot = mkIf server { + transferSh = { + file = ./transfer-sh.age; + owner = "jsw"; + }; + dcbot = { file = ./dcbot.age; - owner = serviceUser "dcbot"; # + owner = + if config.niksos.server + then serviceUser "dcbot" # "dcbot" doesn't exist on e.g laptop. + else "root"; }; - bread-dcbot = mkIf server { + bread-dcbot = { file = ./bread-dcbot.age; - owner = "bread-dcbot"; + owner = + if config.niksos.server + then serviceUser "bread-dcbot" # "dcbot" doesn't exist on e.g laptop. + else "root"; }; - matrix-registration = mkIf server { + password.file = ./password.age; + matrix-registration = { file = ./matrix-registration.age; - owner = abstrServiceUser "matrix-continuwuity"; + owner = + if config.niksos.server + then config.services.matrix-continuwuity.user + else "root"; }; - mail-admin = mkIf server { - # owner = serviceUser "stalwart-mail"; #FIXME: revert when stopped using docker for stalwart. + cloudflare-acme.file = ./cloudflare-acme.age; + mail-admin = { + # owner = #FIXME: revert when stopped using docker for stalwart. + # if config.niksos.server + # then serviceUser "stalwart-mail" + # else "root"; file = ./mail-admin.age; }; - zitadel-key = mkIf server { - file = ./zitadel-key.age; - owner = abstrServiceUser "zitadel"; - }; }; } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 5f4df5c..2db3699 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -18,6 +18,6 @@ in { "dcbot.age".publicKeys = keys; "bread-dcbot.age".publicKeys = keys; "matrix-registration.age".publicKeys = keys; + "cloudflare-acme.age".publicKeys = keys; "mail-admin.age".publicKeys = keys; - "zitadel-key.age".publicKeys = keys; } diff --git a/secrets/zitadel-key.age b/secrets/zitadel-key.age deleted file mode 100644 index f5751e4..0000000 --- a/secrets/zitadel-key.age +++ /dev/null @@ -1,15 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 GQzYWA YUoGdx518q+GhqnOVeuHxWE4//2KgVTXJCu4ULUkly8 -XIxa/FaGC5XBcrsvhZq5rOgX5vNDfFvcDCsamN7vHJ8 --> ssh-ed25519 MfR7VA 9btD5WmqZdQ54uJYVNwU3Z5DBIlACbYfqGe1wPZwd30 -QecwT2R+BkQrGmorYcMuXHyy/TG7JjBdH2fp3W9zCBU --> ssh-ed25519 +cvRTg UZnkgS+9oRLgEI/vdLFIAPbUG4V5iAuB4Z74D/quXzE -vxWJZI/SZKH1j8bnI4xC8+TIIANqMOkIDej+BWzDJwE --> ssh-ed25519 WCPLrA OVnublQtCOFFo7+vcKGmCY3B3FkvLvQ6GaU7xMx8uQY -PuMamZqF3vCqgmpcTGQinIdbjOOpHtrmKfOXlL924Rk --> ssh-ed25519 7/ziYw nYxpO5kaGDOyGUEFxryEhT0XqWf0Oc1RgprYaPjC33c -UseYaBeWvetviCf1FHncVNko86ji+GX9AdyDic2A1Og --> ssh-ed25519 VQy60Q ok1oP3f7nWBd/6DyJFDnsv/Lb2/bwHY0cvmHI386IFM -t5rIZBUz5jav6tUo01ASMzYtHoW4+cKBZ2lzmxSI7IA ---- NZ9UXYlEIcw3VPFqDswXhSecW1zqcCeKivJoHC1zKA8 -JqU0]D_Տz =1׶S!-.t="緿e