diff --git a/flake.lock b/flake.lock index 77f772b..df673ba 100644 --- a/flake.lock +++ b/flake.lock @@ -418,11 +418,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1708379923, - "narHash": "sha256-3V7lwL+GQIi3os9jDetzl5Y1+Rgs2ES5kwjHzG9HteU=", + "lastModified": 1708383844, + "narHash": "sha256-cl5HngHhGW6qkvjv9ZSaiQuZKXfxlDfM4IDVPyMRBcY=", "ref": "refs/heads/main", - "rev": "90dd2143e21ba1442b054c47a09d5a15229cf5f7", - "revCount": 6, + "rev": "31ef63532cf9907e8580741f1c9428b4176874cf", + "revCount": 8, "type": "git", "url": "http://git.everest.sable-pancake.ts.net/Toast/nix-secrets" }, diff --git a/roles/server/ddclient.nix b/roles/server/ddclient.nix index e4520d9..5a88f7f 100755 --- a/roles/server/ddclient.nix +++ b/roles/server/ddclient.nix @@ -1,8 +1,12 @@ -{ config, ... }: +{ config, flakeSelf, ... }: + +let + hostSecrets = "${flakeSelf.inputs.secrets}/" + config.networking.hostName; +in { # Set up secrets - age.secrets = { ddclient-passwd.file = ../../secrets/ddclient-passwd; }; + age.secrets = { ddclient-passwd.file = hostSecrets + "/ddclient-password.age"; }; services.ddclient = { enable = true; @@ -13,4 +17,4 @@ passwordFile = config.age.secrets.ddclient-passwd.path; domains = [ "@" ]; }; -} \ No newline at end of file +} diff --git a/secrets/ddclient-passwd b/secrets/ddclient-passwd deleted file mode 100644 index 90f0728..0000000 Binary files a/secrets/ddclient-passwd and /dev/null differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix deleted file mode 100755 index fbb968e..0000000 --- a/secrets/secrets.nix +++ /dev/null @@ -1,10 +0,0 @@ -let - everest = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBYENWORu3M32NIIip8gZO5VbCUBwsT2RgOU8ATsASpc root@Everest"; - bootsrtrap = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKloSXSeF4dNXebd93uMuiFuXRHfxo/he4+O9SFTz1s bootstrap key"; -in -{ - "ddclient-passwd".publicKeys = [ everest ]; - "cock".publicKeys = [ everest ]; - "syncthing/key".publicKeys = [ everest ]; - "syncthing/cert".publicKeys = [ everest ]; -}