sops: root d, hosts d, modules/servers til multiscrobbler

2024-06-22 15:35:35 -06:00
parent 50f716df1f
commit 81e74871a1
20 changed files with 193 additions and 73 deletions
--- a/hosts/miniserver/configuration.nix
+++ b/hosts/miniserver/configuration.nix
@@ -95,9 +95,8 @@
      createHome = true;
      group = "nixremote";
      home = "/var/nixremote/";
-      openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICiyTwryzw8CblPldplDpVUkXD9C1fXVgO8LeXdE5cuR root@workstation"
-      ];
+      openssh.authorizedKeys.keys =
+        [ (builtins.readFile ../../secrets/ssh/ed25519_nixworkstation.pub) ];
    };
  };
  services = {
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -46,9 +46,8 @@
      createHome = true;
      group = "nixremote";
      home = "/var/nixremote/";
-      openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICiyTwryzw8CblPldplDpVUkXD9C1fXVgO8LeXdE5cuR root@workstation"
-      ];
+      openssh.authorizedKeys.keys =
+        [ (builtins.readFile ../../secrets/ssh/ed25519_nixworkstation.pub) ];
    };
  };
  services.btrfs = {
--- a/hosts/server/hardware-configuration.nix
+++ b/hosts/server/hardware-configuration.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, modulesPath, ... }: {
+{ lib, modulesPath, ... }: {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  hardware = {
    nvidia = {
--- a/hosts/workstation/configuration.nix
+++ b/hosts/workstation/configuration.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{ pkgs, config, ... }: {
  imports = [
    ./hardware-configuration.nix
    ../../base.nix
@@ -45,6 +45,11 @@
      ffmpeg4discord.enable = true;
    };
  };
+  sops.secrets = {
+    "resilio/user" = { };
+    "resilio/host" = { };
+    "resilio/password" = { };
+  };
  networking = {
    hostName = "workstation";
    firewall = let
@@ -81,8 +86,8 @@
        group = "nixremote";
        home = "/var/nixremote/";
        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN6HsajaTL+nTJtSIu00M5WJwgt/7fyU59gBr2R7tbnv root@server"
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrC7sVvDT0is2oq/H1Do99LPaQKvyGMAsrF6/fuf1aP root@miniserver"
+          (builtins.readFile ../../secrets/ssh/ed25519_nixserver.pub)
+          (builtins.readFile ../../secrets/ssh/ed25519_nixminiserver.pub)
        ];
      };
    };
@@ -113,22 +118,20 @@
      fileSystems = [ "/" ];
    };
    resilio = {
-      deviceName = "chichis";
      enable = true;
      useUpnp = true;
      enableWebUI = true;
-      httpPass = "528491";
-      httpLogin = "chichis";
+      httpPass = "cat ${config.sops.secrets."resilio/password".path}";
+      httpLogin = "cat ${config.sops.secrets."resilio/user".path}";
+      deviceName = "cat ${config.sops.secrets."resilio/host".path}";
      httpListenPort = 9876;
      httpListenAddr = "0.0.0.0";
      directoryRoot = "/resilio";
    };
  };
-  virtualisation = {
-    podman = {
-      enable = true;
-      dockerCompat = true;
-      defaultNetwork.settings.dns_enabled = true;
-    };
+  virtualisation.podman = {
+    enable = true;
+    dockerCompat = true;
+    defaultNetwork.settings.dns_enabled = true;
  };
 }