sops -> pass : cherry works (wip)

2024-05-31 21:02:22 +02:00 · 2024-05-31 21:02:22 +02:00 · 529fa4ad6a
commit 529fa4ad6a
parent 903674fd7c
13 changed files with 60 additions and 151 deletions
--- a/nixos/components/gui/default.nix
+++ b/nixos/components/gui/default.nix
@ -13,7 +13,7 @@ with lib;
    ./fonts.nix
    ./home-manager
    ./kmonad.nix
-    ./noti.nix
+    #./noti.nix
    ./pass.nix
    ./steam.nix
    ./suspend.nix
--- a/nixos/components/gui/noti.nix
+++ b/nixos/components/gui/noti.nix
@ -1,4 +1,5 @@
 # notify me when a command is finished
+# todo : secret managment is shit
 { config, pkgs, lib, ... }:
 with lib;
 {
--- a/nixos/components/network/tinc/private.nix
+++ b/nixos/components/network/tinc/private.nix
@ -58,12 +58,15 @@ in
 {
  networking.firewall.trustedInterfaces = [ "tinc.${network}" ];

-  sops.secrets.tinc_ed25519_key = { };
+  clanCore.facts.services.tinc_private = {
+    secret."tinc_private.ed25519_key" = { };
+    generator.script = "";
+  };

  #  nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
  services.tinc.networks = {
    ${network} = {
-      ed25519PrivateKeyFile = config.sops.secrets.tinc_ed25519_key.path;
+      ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_private.secret."tinc_private.ed25519_key".path;
      interfaceType = "tap";
      extraConfig = ''
        LocalDiscovery = yes
@ -127,55 +130,4 @@ in

  networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains));

-  services.openssh.knownHosts = {
-    "orbi" = {
-      hostNames = [
-        "orbi.${network}"
-        hosts.orbi
-        "orbi"
-        "95.216.66.212"
-        "git.ingolf-wagner.de"
-      ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTqV5ch4BokqDniDgCquRwfTz6aXXMTdZovIvqShfLV";
-    };
-    "robi" = {
-      hostNames = [
-        "robi.${network}"
-        hosts.robi
-        "robi"
-        "144.76.13.147"
-        "taskd.ingolf-wagner.de"
-      ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
-    };
-    "sterni.${network}" = {
-      hostNames = [ "sterni.${network}" hosts.sterni ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
-    };
-    "cream.${network}" = {
-      hostNames = [ "cream.${network}" hosts.cream ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
-    };
-    "cherry.${network}" = {
-      hostNames = [ "cherry.${network}" hosts.cream ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUXkewyZ94A7CeCyVvN0KCqPn+8x1BZaGWMAojlfCXO";
-    };
-    "pepe.${network}" = {
-      hostNames = [ "pepe.${network}" hosts.pepe ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz";
-    };
-    "chungus.${network}" = {
-      hostNames = [ "chungus.${network}" hosts.chungus ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP9jrbOJbgapreRjttyOKWv5vxGMThn7kAwlk8WnSyL9";
-    };
-    "bobi.${network}" = {
-      hostNames = [ "bobi.${network}" hosts.bobi ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0haepNVEaocfWh6kwVc4QsSg2iqO5k+hjarphBqMVk";
-    };
-    "mobi.${network}" = {
-      hostNames = [ "mobi.${network}" hosts.mobi ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE3G7TwCoxcVfwhGL0913RtacEeokqKtufhzzkCxpPxk";
-    };
-  };
-
 }