From 58cf4bf8fc667e52a25471237722e6f4538ebea0 Mon Sep 17 00:00:00 2001
From: punkfairie <marley@punkfairie.net>
Date: Sun, 9 Mar 2025 16:38:53 -0700
Subject: [PATCH] feat(nixos/ddclient): Proper secrets management

---
 modules/nixos/services/ddclient/default.nix |   4 +++-
 secrets/ddclient.conf.age                   | Bin 0 -> 1456 bytes
 secrets/secrets.nix                         |   5 ++++-
 3 files changed, 7 insertions(+), 2 deletions(-)
 create mode 100644 secrets/ddclient.conf.age

diff --git a/modules/nixos/services/ddclient/default.nix b/modules/nixos/services/ddclient/default.nix
index 61999d7..7946753 100644
--- a/modules/nixos/services/ddclient/default.nix
+++ b/modules/nixos/services/ddclient/default.nix
@@ -8,10 +8,12 @@ in {
   options.marleyos.services.ddclient.enable = lib.mkEnableOption "ddclient";
 
   config = lib.mkIf cfg.enable {
+    age.secrets.ddclient.file = ../../../../secrets/ddclient.conf.age;
+
     services.ddclient = {
       enable = true;
 
-      configFile = "/home/marley/ddclient.conf";
+      configFile = config.age.secrets.ddclient.path;
     };
   };
 }
diff --git a/secrets/ddclient.conf.age b/secrets/ddclient.conf.age
new file mode 100644
index 0000000000000000000000000000000000000000..fb05c71e7455206c18046e64488958713d003f7b
GIT binary patch
literal 1456
zcmZ9_`8$*e007{WShETpgngK@iJcu|nE7U=OLHHX`!GYtH|EC7F!RkJOUThFoeJA-
zo=A?e+p!g!P;J5}MeL?yJJ2CVMON+az5l=qs+CBkJ~7R1G;0m|FhiOeWkJJ`>)|Go
z2B}m;V6kWdTx3RT?L>H5qSa(ptJzEmC0dn85OK{BfL>{fi)0y<kQ5`6TWNR!Ru!Ej
zOoUkoG%6YqV@krSXi2y@Gu^@!SPXQ#nwmy5=m3dI0+58<aC-`a`Sm6s<9L7-4zjS2
zkt72!kevx>1fYTdLd<lFh{n;ULOi_Gh>>CVV!Dn^V#07F8xBvUrVv1h2_2(I;-F%U
z;j9#qj!%@Q2q1QxOl)JaH8F{{*snJeU1=4o;c7fvWTm4SLKcVsd5{4hszEJ9how_e
zW4NGF#R268Kul(kB6%>eK3OWX6O?#NtT~*{Hbe+5>3X(`sJDnkVv141NC%V}DvuOn
z#(%vfS-60a2p2&*F3S$lWjL~lOo+o-tafW6N<v1{G(@9_K~1wIC#zYJDJZ%DW|S!+
zq9KjRsx`;ZOeTnjK}eXUa0-*c)2TV~SPPgg;7A1|jMM}}B9U-N!4(23Aew0xaa2@5
zie}nCn+!yeI7$>bg-fzC^(vK~oGJqFuv}e2vnO0qP8R-gcaz_6F|CiLXSKf1Q$X3L
zk1f^o7CK+Ao2gA}dp_8IvM<l;+LcC$cQKL_3~+cZ*@#7w<Jj()d-g8hf3B1rX!dU>
zQW5ltzK0hZ{ibm8p~}|!MqSVjG<CIe{m*XNIi)?4MlE-3`A*(B(6l3|{A7gj5hpBi
zW7+SH!Y?ZsbhFEK*P`BP{)zr#r^;|kQ_kZPQ<o{<2uBZZox2Brva6=W<}I;Iv_vj0
z*k6LdgjSYj79hZk_aoLP&Yf?}j*0#agod~$>4i0yFV&6y=zU<c#Xo7+=Lt(6#SvM=
zz@s)_Z59P28_y-Y+H!w$6Sg;7=D*dge8Ugl3rF5u+Kb}VR!pZqC70c@1xKUh(I*Cb
zuXS{9ip~3_L48!Q*fh8^7@Kf#2aJ29;&~UMt;_weYY`b;{CL<&gUnnL^1#{Md6o|Z
z{C((S!hza9rD?xLId!q_O!YZt$;apIKI`r=As~1h_w|*0YB=KxI;uIIQm;(++S2yn
zBlB*IEi1_lZI7S%t7%L;KHWW8ajzXdew*(*AkK{y><-E;UGi{YXHDK59{GjJ<;;aF
zbP$0tu;_4c%QOdg-?_G^t~p`de(}?`w`G&Y?T@!T)au6<mo?ld7oK^2HrKIiV9oZf
z&G|>i9=BoB&Q_D&EErh+uIONB8~VG04QRJ>*W#1*<=ZTQFY5U>Cm~bqT`n9IA9c6`
zo5zQoc(3Iy>)6fn$HhLBVG1^CuWirFnp_TVmRF+<iuX$_{amP3lxzr*daOWP9j}zY
zgIix6U6qj%l3YJuUh-{aPLFRDKjY;C*kpOYrz&W<RaAI-te~W&W!NWSx+>rEH3<xr
zel)Gx<;@RV*AsH?=IU`5Of>rLl@A^#{HivdLMUFAv}8GpSW)(E*Kf`Jl11<d{>}E`
zVsD--(@Pv*Xf8oJ``1<Xw;KDR_UB2juki7jvi3xfmH?iYpN)jLRUHYNA40vlV4?R=
zR!7+#1MI@7S%a(IGdeM>towB2EW7zk#-n-IjyIw69<8e!JUBDKEY5#RA&%Usjr{lB
z%=ymcG^~2{#Bm#28~D?R17}d>{D)k{m}c&s&foqH+BD!$6Xq8^YHdZ}`mOhqoqPj*
zl4IN)*^5>z2y)#a*JN%vbR*W4TlCD;GM%sMS!r3=H0-r+=k4Or^V9%%b-^duL&Bgj
sHa!)$$)loMv~(mVeW)=Zz^}B`yt{~2e&f>mq1j{NQB{~g)lawn5B-sM;s5{u

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 7ca6dd1..a46de88 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -7,6 +7,9 @@ let
   marleycentre = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEA86DphSL36GsvatkXgFU1ONzt53UzXdUaQN1EBWeCD root@nixos";
   marleynet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIArAAwU4JX7wa5X3Un3q5b+ZD52j0nCnNsGEybWf/7SB root@nixos";
   systems = [nyx marleycentre marleynet];
+
+  defaultKeys = users ++ systems;
 in {
-  "babeshare-pass.age".publicKeys = users ++ systems;
+  "babeshare-pass.age".publicKeys = defaultKeys;
+  "ddclient.conf.age".publicKeys = defaultKeys;
 }