diff --git a/flake.lock b/flake.lock index df673ba..77f772b 100644 --- a/flake.lock +++ b/flake.lock @@ -418,11 +418,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1708383844, - "narHash": "sha256-cl5HngHhGW6qkvjv9ZSaiQuZKXfxlDfM4IDVPyMRBcY=", + "lastModified": 1708379923, + "narHash": "sha256-3V7lwL+GQIi3os9jDetzl5Y1+Rgs2ES5kwjHzG9HteU=", "ref": "refs/heads/main", - "rev": "31ef63532cf9907e8580741f1c9428b4176874cf", - "revCount": 8, + "rev": "90dd2143e21ba1442b054c47a09d5a15229cf5f7", + "revCount": 6, "type": "git", "url": "http://git.everest.sable-pancake.ts.net/Toast/nix-secrets" }, diff --git a/roles/server/ddclient.nix b/roles/server/ddclient.nix index 5a88f7f..e4520d9 100755 --- a/roles/server/ddclient.nix +++ b/roles/server/ddclient.nix @@ -1,12 +1,8 @@ -{ config, flakeSelf, ... }: - -let - hostSecrets = "${flakeSelf.inputs.secrets}/" + config.networking.hostName; -in +{ config, ... }: { # Set up secrets - age.secrets = { ddclient-passwd.file = hostSecrets + "/ddclient-password.age"; }; + age.secrets = { ddclient-passwd.file = ../../secrets/ddclient-passwd; }; services.ddclient = { enable = true; @@ -17,4 +13,4 @@ in passwordFile = config.age.secrets.ddclient-passwd.path; domains = [ "@" ]; }; -} +} \ No newline at end of file diff --git a/secrets/ddclient-passwd b/secrets/ddclient-passwd new file mode 100644 index 0000000..90f0728 Binary files /dev/null and b/secrets/ddclient-passwd differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100755 index 0000000..fbb968e --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,10 @@ +let + everest = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBYENWORu3M32NIIip8gZO5VbCUBwsT2RgOU8ATsASpc root@Everest"; + bootsrtrap = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKloSXSeF4dNXebd93uMuiFuXRHfxo/he4+O9SFTz1s bootstrap key"; +in +{ + "ddclient-passwd".publicKeys = [ everest ]; + "cock".publicKeys = [ everest ]; + "syncthing/key".publicKeys = [ everest ]; + "syncthing/cert".publicKeys = [ everest ]; +}