From 379c26527a3e68d3ef53ca559077f20cf372669e Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Sat, 14 Sep 2024 07:43:11 -0500 Subject: [PATCH] Dragon ddns --- flake.nix | 11 +++++++++++ nixos/dragon.nix | 20 ++++++++++++++++++++ secrets/dragon/secrets.yml | 30 ++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+) create mode 100644 secrets/dragon/secrets.yml diff --git a/flake.nix b/flake.nix index 1693b6c..24c67f8 100644 --- a/flake.nix +++ b/flake.nix @@ -302,6 +302,17 @@ gaming slippi.nixosModules.default + outputs.nixosModules.deno-netlify-ddns-client + + { + services.deno-netlify-ddns-client = { + enable = true; + username = "dragon.h"; + # TODO: router doesn't even do ipv6 yet... + ipv6 = false; + }; + } + ./nixos/dragon.nix { diff --git a/nixos/dragon.nix b/nixos/dragon.nix index f12868e..593a5e5 100644 --- a/nixos/dragon.nix +++ b/nixos/dragon.nix @@ -10,6 +10,26 @@ home-manager.users.daniel.home.stateVersion = "24.05"; networking.hostName = "dragon"; } + + { + # sops secrets config + sops = { + defaultSopsFile = ../secrets/dragon/secrets.yml; + age = { + sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + keyFile = "/var/lib/sops-nix/key.txt"; + generateKey = true; + }; + }; + } + { + sops.secrets = { + ddns-pass = {mode = "0400";}; + }; + services.deno-netlify-ddns-client = { + passwordFile = config.sops.secrets.ddns-pass.path; + }; + } ]; hardware.graphics.extraPackages = [ # pkgs.rocmPackages.clr.icd diff --git a/secrets/dragon/secrets.yml b/secrets/dragon/secrets.yml new file mode 100644 index 0000000..e98ae5d --- /dev/null +++ b/secrets/dragon/secrets.yml @@ -0,0 +1,30 @@ +ddns-pass: ENC[AES256_GCM,data:/Dpjl761JLHTM+we1PJs7pkcHcWzBk0jQ1bP4plOYGS4N3vXhXn1bHCYmENlrOwU3riETBZ5OeRA1LvFNZHPQw==,iv:LbgN5utHUBZRV49e6ux7HPG0xt4ydTqyZA+NZuaJnWs=,tag:l0VRaMJ6ie63lej6mZTMPg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCTitMaFRiK1BSMEcwRmNk + Q0hmOGlZSFpkUUhyZkkwSU40QXB5cmlkR1FRCkRhbVBXQ2FjUzRhdEhrSEZKcWhM + dTNuVUljU0NSbVQzbXhZeFNENmN5QjgKLS0tIDFncEMrUCtWWTMyUGZIelY5aXB4 + NmJWeDFSVVoxZCtRWlhNNXNyVWRvY28KgPbg6RScxBrxI0DvD6R7iKm8/70kJLdG + FhbgK9d/7UPMfefluEah7vKzXV/dn+/4KsCJuKFFZ1AsM5hDFQ+JGQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ez4why08hdx0qf940cjzs6ep4q5rk2gqq7lp99pe58fktpwv65esx4xrht + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXa1owK21QNUovZzZHekpw + OWdsSy9ZcmhGNzc1enNGVHRHTTlSb1E5UEJJCkF3MlpYQ1c5UGNySk94aENHMDh2 + ME1rUlZscHFYSUVwOWFSczZGV2Z5aEEKLS0tIFlXTUFZaVJtWXltZGdEZzJPSjFJ + bTdCNS9zMzdvT2NiZVRyT1JzVmRFUFEKguq2i4rnVvGECZlUcEEubXfv4Ya/zI1N + 3mWQslPHgnnWuwG7flbvafHYnyZCXsMqNKnNDM6wayDgKAbtCx3Syg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-14T12:41:15Z" + mac: ENC[AES256_GCM,data:sO3omCYH1urB/qcW3VippCinCUO1cmp5KrUSQk5ms7k+i9xUhdL3tTYHGVTa4PHV6VluukKnHuwAijo+rneNdCeMdIkAEskk/X6SDYgkwmjXuNcNEA4la22EqSrenJ8W3UafHDvP8+vpUKAzVo0E82Vmo9/YNJaqvqQM8PtciSc=,iv:2GboNZpAezZsWK3CbcwVw40zW4CucP3JhsYlvZ/Hy2M=,tag:w3XmkN76oYV+PmliPB01MQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0