blahai/nyx
1
0
Fork 0
mirror of https://github.com/blahai/nyx.git synced 2025-01-18 19:10:21 +00:00
Code Issues Projects Releases Packages Wiki Activity

Global: finally figured out how sops works but cloudflared is a bitch

Browse source
This commit is contained in:
blahai 2024-11-13 21:08:46 +02:00
parent f62fda8150
commit bd8c46cd26
Signed by: blahai
SSH key fingerprint: SHA256:ZfCryi+V64yG+vC1ZIIsqgvBCmA31tTi7RJ6M8CvpRc
4 changed files with 6 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
modules/nixos/services/cloudflared.nix
View file

@ -1,28 +0,0 @@
{ lib, config, pkgs, inputs, ... }:
{
imports = [
../../../secrets/secrets.nix
];
services.cloudflared = {
enable = true;
};
users.users.cloudflared = {
group = "cloudflared";
isSystemUser = true;
};
users.groups.cloudflared = { };
systemd.services.my_tunnel = {
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" "systemd-resolved.service" ];
serviceConfig = {
ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run --token=${sops.secrets.cloudflared.nyx.token}";
Restart = "always";
User = "cloudflared";
Group = "cloudflared";
};
};
}

1
modules/nixos/services/default.nix
View file

@ -1,7 +1,6 @@
{ ... }: { ... }:
{ {
imports = [ imports = [
# ./cloudflared.nix
./vpn.nix ./vpn.nix
./pipewire.nix ./pipewire.nix
]; ];

5
secrets/secrets.nix
View file

@ -1,5 +1,4 @@
{ inputs, lib, ... }: { inputs, config, ... }: {
{
imports = [ inputs.sops-nix.nixosModules.sops ]; imports = [ inputs.sops-nix.nixosModules.sops ];
sops = { sops = {
@ -8,7 +7,7 @@
age.keyFile = "/home/pingu/.config/sops/age/keys.txt"; age.keyFile = "/home/pingu/.config/sops/age/keys.txt";
secrets = { secrets = {
cloudflared.nyx.token = {}; searx = {};
}; };
}; };
} }

7
secrets/secrets.yaml
View file

@ -1,6 +1,7 @@
cloudflared: cloudflared:
nyx: nyx:
token: ENC[AES256_GCM,data:WqwknTZwdxjlGbCbbU2S34L8IjX+qVhTbA6NgPcLdEl6bGOlqZSMVCcICiR/X5R5gikz/iJoTJ4T1ECP+clSKuc124VJrCfB9AggB8CXTEgzdCWXyzpP9svcZjmJlkTwc6pHdeM3SgolXS8E05EY535rt4E2mT4xd9PhUfD4CE7Im9ct8aV917iFc68Zg0JhTXsZtxiciDPakHJfe50Ix/GdDSS1d0CJPK9hOop6rB7f9Qwz0lmIKQ==,iv:MySjVlFbj52J0geGlFBL2GAtRZzb0ImtewADTkgtp6w=,tag:hWccRob0R/n8bbNA3PdADg==,type:str] token: ENC[AES256_GCM,data:UnxScVl7WHLvdiRkcdyaCcIZR04IdIABVni2QY4vf8nfB87L1NP0sswIdKjo8Yt+nSyJKeLDec8iO1R0logISEMnXSTZXnXnTXx73HsPfXN0szzhDeQL1GliqrIUWfGThuL59MDcfTGlP01z2pR55CWOSLyNNYihYCeVstPlNwN5WLDwXRoMFQcciAloWSkK1S7cIotpkTm9nJYz5dEHv8LDTcXaH5LMzblSElMizjFy/1tqyj4kHg==,iv:nHvg9PvnRaDIbVfymz6gzZtXn+y3lG4MpEY3GhJzDyg=,tag:Q1G9DoxeeOlE4ESI7f08sw==,type:str]
searx: ENC[AES256_GCM,data:hiXF//Xz0FEQ8cfaaWTeDWwgqflAFjFd6Mxxj5dQrvLOmWwa5BsAHnPZEhlLtH8r//ZnDZDfpyIx+hvkqOzvuQ==,iv:rIguplTqxLrVikDljLW5wM13+Z4Amn1zTuvUNedI7ck=,tag:RKGmhEo+BYqhhWwxqYgSMA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -16,8 +17,8 @@ sops:
dERTMHFTUHBXNkczcVcrb0lTVXdTcDQKcgynRtVEs27vbtstdYj323Jn85U8o5Fd dERTMHFTUHBXNkczcVcrb0lTVXdTcDQKcgynRtVEs27vbtstdYj323Jn85U8o5Fd
fxGFj88mpFaipMU9IT9xXjzJhqKOmKqOVVw/M8tD8oEh8Chtj8y3PQ== fxGFj88mpFaipMU9IT9xXjzJhqKOmKqOVVw/M8tD8oEh8Chtj8y3PQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-25T12:15:03Z" lastmodified: "2024-11-12T17:59:51Z"
mac: ENC[AES256_GCM,data:lZhWh6CUtbCV73Iued+i4HcokDUjFb4NpdG3UH2lzOJ+MigYUX7QiRPavjfI5x7hXm0aNB+kKlZvGyklYJJ7yskYR82MfcWaCsZau0j1y/sIQEGSEK7dPoE39PnttG+m2KbH/ln9Df604NiiB4TUu68x6yhXZK53lGUBF9hk+T4=,iv:GpdU/VY+OZmoWap/s404t6xCug7OXBnqHljljXOE2a4=,tag:Q7lSt+MBANzQa202oIjrMA==,type:str] mac: ENC[AES256_GCM,data:MTFQsm/4srshP8cPD5L2GqXc+1Y8u2IwQH/BS/LVT6buN7iGWhssbZjjDLQ2bmgvYygtzpRwv8F54Fjy0BrcoYL6BET1fi4IG1HcFFk2orV3+A9x6/5NLdfkD9sxW4vZn216jWxqAZGArAN4cd5ELmormHPajO5qdNfCpM2F0mE=,iv:Y6bPgMYeYwfP/4+idlmIpSD7/pJF07AkE5vmqxg1xx8=,tag:rLf+vVAU8vyBIIUjPphijQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.1