zuckerberg/nix-config
zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

use agenix

Browse Source
This commit is contained in:
zuckerberg 2021-06-14 22:48:23 -04:00
parent 3a91b44d85
commit b0ae5e394f
5 changed files with 36 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
common/common.nix
View File

@ -40,12 +40,7 @@
users.users.googlebot = { users.users.googlebot = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = (import ./ssh.nix).users;
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVR/R3ZOsv7TZbICGBCHdjh1NDT8SnswUyINeJOC7QG"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0dcqL/FhHmv+a1iz3f9LJ48xubO7MZHy35rW9SZOYM"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO0VFnn3+Mh0nWeN92jov81qNE9fpzTAHYBphNoY7HUx" # reg
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHSkKiRUUmnErOKGx81nyge/9KqjkPh8BfDk0D3oP586" # nat
];
hashedPassword = "$6$TuDO46rILr$gkPUuLKZe3psexhs8WFZMpzgEBGksE.c3Tjh1f8sD0KMC4oV89K2pqAABfl.Lpxu2jVdr5bgvR5cWnZRnji/r/"; hashedPassword = "$6$TuDO46rILr$gkPUuLKZe3psexhs8WFZMpzgEBGksE.c3Tjh1f8sD0KMC4oV89K2pqAABfl.Lpxu2jVdr5bgvR5cWnZRnji/r/";
}; };
} }

5
flake.nix
View File

@ -2,6 +2,7 @@
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.05";
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.05"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.05";
agenix.url = "github:ryantm/agenix";
}; };
outputs = inputs: { outputs = inputs: {
@ -14,6 +15,10 @@
modules = [ modules = [
path path
inputs.simple-nixos-mailserver.nixosModule inputs.simple-nixos-mailserver.nixosModule
inputs.agenix.nixosModules.age
{
environment.systemPackages = [ inputs.agenix.defaultPackage.${system} ];
}
]; ];
specialArgs = { inherit inputs; }; specialArgs = { inherit inputs; };
}; };

3
machines/liza/configuration.nix
View File

@ -31,7 +31,9 @@
}; };
services.searx.enable = true; services.searx.enable = true;
services.searx.environmentFile = "/run/secrets/searx";
services.searx.settings.server.port = 8080; services.searx.settings.server.port = 8080;
services.searx.settings.server.secret_key = "@SEARX_SECRET_KEY@";
services.nginx.virtualHosts."search.neet.space" = { services.nginx.virtualHosts."search.neet.space" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
@ -39,6 +41,7 @@
proxyPass = "http://localhost:${toString config.services.searx.settings.server.port}"; proxyPass = "http://localhost:${toString config.services.searx.settings.server.port}";
}; };
}; };
age.secrets.searx.file = ../../secrets/searx.age;
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
security.acme.email = "zuckerberg@neet.dev"; security.acme.email = "zuckerberg@neet.dev";

18
secrets/searx.age Normal file
View File

@ -0,0 +1,18 @@
age-encryption.org/v1
-> ssh-ed25519 G2eSCQ Z0lX5ZlHIpggimOiFj1+ZVgOP37LFr/w94cCtqWFZT8
7rzvrJSdK+dUAsswTjVq0wkCiL2XQaryycun3ux0W9w
-> ssh-ed25519 2a2Yhw g5nEPzN5X0Vr+vauzUe5jg6H50ONh8NVjD93AG/2+i0
6qUsQzDKLtU5gp3ve1iF8tKuB4Rx+K0+HZQy9ks2iwI
-> ssh-ed25519 N240Tg JIzitiQPOTthl6QbborOGU3n9RqIjul39BFYOfB8diY
4NOqzWpUwF9j0JzYaJn7Uqa3Crl6QLr48hCaBnOsGPQ
-> ssh-ed25519 mbw8xA zjorFxrWa3TSj99VRfBrGkiLrcBzof+5jKrwhf5fDyU
tcRZMBobPQ5/PeDKTllFaJMEV26Gc88s9XkrLkWe7PQ
-> ssh-ed25519 xoAm7w 9sZy5pPgQ1ooFMcuiybut220iYgZFKV8HfVcSjo+2hU
6vKyFN5ujm25ihAGtwYwY6oQLzu4/ETHb+DStIJr55E
-> Hyy_H$H-grease 96O> WKPyA0k.
IKjwegCjx6684Vp2IY1rShLipM16jQspX9cUtWz/7JGMoOdlVaYmzfu5VfdDiO32
Oc/d3FWCEGLBEYu6m2oOLMuCGf8lljSigmbl8/3odwQQGo4F1ECYEkIxzf5xQW9m
6w
--- R3auwtnTaQRkfqoZBVitJInFrpdhIDMSKCcSoS2qNqo
<EFBFBD>}áê•zÀ<î(¥Q²uܤVëÉb&Ⴣ4w/£ªY§mßa¯EÍpã²l©-7¸/,TNªÿß2ÄD÷îûcìÿ“saTBi=àÆ3ÌÞsâv™q¥+…Ðèöæ`Â|
jG¶^

9
secrets/secrets.nix Normal file
View File

@ -0,0 +1,9 @@
let
keys = import ../common/ssh.nix;
systems = keys.systems;
users = keys.users;
all = users ++ systems;
in
{
"searx.age".publicKeys = all;
}