punkfairie/marleyos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(nixos/ddclient): Proper secrets management

Browse source
This commit is contained in:
punkfairie 2025-03-09 16:38:53 -07:00
parent ff54f4080f
commit 58cf4bf8fc
Signed by: punkfairie
GPG key ID: B3C5488E9A1A7CA6
3 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
modules/nixos/services/ddclient/default.nix
View file

@ -8,10 +8,12 @@ in {
options.marleyos.services.ddclient.enable = lib.mkEnableOption "ddclient"; options.marleyos.services.ddclient.enable = lib.mkEnableOption "ddclient";
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
age.secrets.ddclient.file = ../../../../secrets/ddclient.conf.age;
services.ddclient = { services.ddclient = {
enable = true; enable = true;
configFile = "/home/marley/ddclient.conf"; configFile = config.age.secrets.ddclient.path;
}; };
}; };
} }

BIN
secrets/ddclient.conf.age Normal file
View file

Binary file not shown.

5
secrets/secrets.nix
View file

@ -7,6 +7,9 @@ let
marleycentre = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEA86DphSL36GsvatkXgFU1ONzt53UzXdUaQN1EBWeCD root@nixos"; marleycentre = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEA86DphSL36GsvatkXgFU1ONzt53UzXdUaQN1EBWeCD root@nixos";
marleynet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIArAAwU4JX7wa5X3Un3q5b+ZD52j0nCnNsGEybWf/7SB root@nixos"; marleynet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIArAAwU4JX7wa5X3Un3q5b+ZD52j0nCnNsGEybWf/7SB root@nixos";
systems = [nyx marleycentre marleynet]; systems = [nyx marleycentre marleynet];
defaultKeys = users ++ systems;
in { in {
"babeshare-pass.age".publicKeys = users ++ systems; "babeshare-pass.age".publicKeys = defaultKeys;
"ddclient.conf.age".publicKeys = defaultKeys;
} }