diff --git a/configurations/host/valkyrie/default.nix b/configurations/host/valkyrie/default.nix index d48368c..6492044 100644 --- a/configurations/host/valkyrie/default.nix +++ b/configurations/host/valkyrie/default.nix @@ -2,7 +2,7 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running `nixos-help`). -{ pkgs, materusArg, ... }: +{ pkgs, materusArg, config, ... }: { imports = @@ -74,6 +74,7 @@ ]; openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/materus.pub") ]; }; + users.users.acme.openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/materus.pub") ]; # List packages installed in system profile. To search, run: # $ nix search wget @@ -142,12 +143,12 @@ security.acme.acceptTerms = true; security.acme.defaults.email = "materus+acme@podkos.pl"; + security.acme.defaults.credentialsFile = config.sops.secrets.certs.path ; security.acme.certs."materus.pl" = { domain = "materus.pl"; group = "nginx"; extraDomainNames = [ "*.materus.pl" ]; dnsProvider = "ovh"; - credentialsFile = "/materus/config/private/valkyrie/certs.secret"; }; security.acme.certs."podkos.pl" = { @@ -155,7 +156,6 @@ group = "nginx"; extraDomainNames = [ "*.podkos.pl" ]; dnsProvider = "ovh"; - credentialsFile = "/materus/config/private/valkyrie/certs.secret"; }; security.acme.certs."podkos.xyz" = { @@ -163,7 +163,6 @@ group = "nginx"; extraDomainNames = [ "*.podkos.xyz" ]; dnsProvider = "ovh"; - credentialsFile = "/materus/config/private/valkyrie/certs.secret"; }; } diff --git a/configurations/host/valkyrie/secrets/default.nix b/configurations/host/valkyrie/secrets/default.nix index 925e770..df5e536 100644 --- a/configurations/host/valkyrie/secrets/default.nix +++ b/configurations/host/valkyrie/secrets/default.nix @@ -15,6 +15,7 @@ sops.secrets.spotify-client-id = {}; sops.secrets.spotify-client-secret = {}; sops.secrets.youtube-api = {}; + sops.secrets.certs = {}; services.openssh.hostKeys = [ { diff --git a/configurations/host/valkyrie/secrets/secrets.yaml b/configurations/host/valkyrie/secrets/secrets.yaml index bfe72c6..0fc58ec 100644 --- a/configurations/host/valkyrie/secrets/secrets.yaml +++ b/configurations/host/valkyrie/secrets/secrets.yaml @@ -3,6 +3,7 @@ discord-token: ENC[AES256_GCM,data:JQ/6MJvBlJpKzs/L0hFB1LPpQSfJvDdEB6YerVZyDqGo7 spotify-client-id: ENC[AES256_GCM,data:WK7CJGw6mtIG3Jfp59cWx3ool4z1P09TvHcpbOQ2JV0=,iv:EaJ5ecXdmx0Ky+43xZITM811IOo4EisvPSyogXrJXng=,tag:NYTI4vLsWGa695CJ+TIgbw==,type:str] spotify-client-secret: ENC[AES256_GCM,data:TnR+zLLklTfzMdR4woaZWuMVJQ9VIYsFM588GRO6WCY=,iv:cYiqw8ZdMgLeug4ptwPV3L+MeY6xIldfUBfiYg1mFD8=,tag:YDLh6BXFcBHnpdgM7e87wg==,type:str] youtube-api: ENC[AES256_GCM,data:qmpFlFvudS9rXQfN+Th/UrPWCW0mg5GkpMucS/01AmOnlChqtojC,iv:q3bKwI2I6BNa3L9ezKCE1fWT/vZLiJ8uzug1z2z+TWA=,tag:gKG3HTz8jp2LAFh8e8O6sg==,type:str] +certs: ENC[AES256_GCM,data:ttmSNTTx51a3L2HTC8RnSphDLHO2OSyIgXQ0YpZGySTdu69mgEyhaiSi+IAXg/1AHKRjpFJgE4fhsLAiW78pNYb+Zg7aDL47YtABO99sTZrZnBxZo6k6itpZ3oClDch2ZALzoXChLroc0tUbZKwsfOwGe3pw9lOJZJT34AhV+BVoXDDLQcpQoxz23Baa8oxklecT6wpJ1u1nW+aAHw33gm41Vw==,iv:b0aNZwaRKBg+ipe5+19BowyFbCjZt52S738om6emYGo=,tag:lUqtcc4vVWKx/fnc19vj7A==,type:str] sops: kms: [] gcp_kms: [] @@ -18,8 +19,8 @@ sops: d2dMUUh1RDB3UnpEdFJsNHpQRXFWemMKc41dlOapTsvH91QLNhdPbrzerPFakOiX J/uoZDMIhsmQxgQM7Fqxr05NywhI/ZjOtJS2bayp73O57xjjMYcyNQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-22T18:29:22Z" - mac: ENC[AES256_GCM,data:X4SJZ4A7YwQGGvdjf0/hKSn6HuiwKC0DaswzAgA+sqfXnwTAFt1FPhak//BxkRKBqw5A+FTyRf/a4FnY5XG+gu3RxO6+np4AJwvKiA0Hwa9QImwrh9A1k9URE9mtGegqtw3wnZBw4XXA+vhEUIq10sGaVuy6outfvlfNM/TMlgc=,iv:WENShl1jCAUQggvssZMS+6vEgc8l+wzZLHXRkoYAV8I=,tag:2y6ltpwxUIOlaUMoWDRcxg==,type:str] + lastmodified: "2024-03-23T14:02:11Z" + mac: ENC[AES256_GCM,data:wMQCs0h/FOEe9zzaTJxrBqQh1KgEgr5J7tdBTIr4frUAUtsD6SCXQ0keVUQ1J5DYEKDTqFbXvM1IetwSKipfKscTbSt1u3hpe30f4EWqTZKRrJtJaiVozJSZ667YWRQu1uWv5VDGXfC4tosejUyJsVUkUEYDqLKEv3z/y3eNa80=,iv:i2PX9y4J1EbASCnbG1XVo+RcxbFV9VOwyRg+DKcUyVc=,tag:6BQkD8ikUHfHI4KhiC5UJA==,type:str] pgp: - created_at: "2024-03-21T22:55:36Z" enc: |- diff --git a/decrypted b/decrypted new file mode 100644 index 0000000..e69de29