From d8bb7cd0451202a97dc1aff70bd0c344ef4388f0 Mon Sep 17 00:00:00 2001 From: Yusuf Bera Ertan Date: Fri, 5 May 2023 03:50:25 +0300 Subject: [PATCH] add secrets --- hosts/tkaronto/modules/secrets.nix | 2 ++ hosts/tkaronto/modules/wgWolumondeIp | 1 + hosts/tkaronto/modules/wgWolumondeKey.pub | 1 + hosts/tkaronto/modules/wireguard.nix | 4 ++-- hosts/wolumonde/modules/ssh.nix | 2 +- hosts/wolumonde/modules/wgTkarontoKey.pub | 1 + hosts/wolumonde/modules/wireguard.nix | 2 +- lib/default.nix | 5 ++++- 8 files changed, 13 insertions(+), 5 deletions(-) create mode 100644 hosts/tkaronto/modules/wgWolumondeIp create mode 100644 hosts/tkaronto/modules/wgWolumondeKey.pub create mode 100644 hosts/wolumonde/modules/wgTkarontoKey.pub diff --git a/hosts/tkaronto/modules/secrets.nix b/hosts/tkaronto/modules/secrets.nix index 123d007..12311e5 100644 --- a/hosts/tkaronto/modules/secrets.nix +++ b/hosts/tkaronto/modules/secrets.nix @@ -1,4 +1,6 @@ { + age.identityPaths = ["/etc/nixos/keys/ssh_key"]; + age.secrets.nixGithubAccessToken.file = ../../../secrets/nixGithubAccessToken.age; age.secrets.wgTkarontoKey.file = ../../../secrets/wgTkarontoKey.age; } diff --git a/hosts/tkaronto/modules/wgWolumondeIp b/hosts/tkaronto/modules/wgWolumondeIp new file mode 100644 index 0000000..2dd8306 --- /dev/null +++ b/hosts/tkaronto/modules/wgWolumondeIp @@ -0,0 +1 @@ +23.88.101.188 \ No newline at end of file diff --git a/hosts/tkaronto/modules/wgWolumondeKey.pub b/hosts/tkaronto/modules/wgWolumondeKey.pub new file mode 100644 index 0000000..79ef04d --- /dev/null +++ b/hosts/tkaronto/modules/wgWolumondeKey.pub @@ -0,0 +1 @@ +wua7uoPmmz0nXop3TKJOEUJ++LSmJdQxCRk9rNbPaAg= diff --git a/hosts/tkaronto/modules/wireguard.nix b/hosts/tkaronto/modules/wireguard.nix index 6e55a2f..3b0f7a3 100644 --- a/hosts/tkaronto/modules/wireguard.nix +++ b/hosts/tkaronto/modules/wireguard.nix @@ -3,9 +3,9 @@ networking.wireguard.interfaces."wg0" = { privateKeyFile = config.age.secrets.wgTkarontoKey.path; peers = [{ - publicKey = import ./wgWolumondeKey.pub; + publicKey = builtins.readFile ./wgWolumondeKey.pub; allowedIPs = ["10.99.0.1/32"]; - endpoint = "${import ./wgWolumondeIp}:51820"; + endpoint = "${builtins.readFile ./wgWolumondeIp}:51820"; }]; }; } \ No newline at end of file diff --git a/hosts/wolumonde/modules/ssh.nix b/hosts/wolumonde/modules/ssh.nix index 6900163..aa30651 100644 --- a/hosts/wolumonde/modules/ssh.nix +++ b/hosts/wolumonde/modules/ssh.nix @@ -5,6 +5,6 @@ passwordAuthentication = false; }; users.users.root.openssh.authorizedKeys.keys = [ - (builtins.readFile "${inputs.self}/secrets/ssh-key.pub") + (builtins.readFile "${inputs.self}/secrets/yusdacra.key.pub") ]; } diff --git a/hosts/wolumonde/modules/wgTkarontoKey.pub b/hosts/wolumonde/modules/wgTkarontoKey.pub new file mode 100644 index 0000000..1174719 --- /dev/null +++ b/hosts/wolumonde/modules/wgTkarontoKey.pub @@ -0,0 +1 @@ +IPz9tX4jsDOYcujU5B2KVuPaPVG2JaYA1FqLsZzky0Q= diff --git a/hosts/wolumonde/modules/wireguard.nix b/hosts/wolumonde/modules/wireguard.nix index cbcf849..ce8b268 100644 --- a/hosts/wolumonde/modules/wireguard.nix +++ b/hosts/wolumonde/modules/wireguard.nix @@ -4,7 +4,7 @@ listenPort = 51820; privateKeyFile = config.age.secrets.wgWolumondeKey.path; peers = [{ - publicKey = import ./wgTkarontoKey.pub; + publicKey = builtins.readFile ./wgTkarontoKey.pub; allowedIPs = ["10.99.0.2/32"]; }]; }; diff --git a/lib/default.nix b/lib/default.nix index 00310dc..6f3d694 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -14,8 +14,11 @@ lib.makeExtensible (self: { importFolder = modules: let b = builtins; files = b.readDir modules; + fileNames = b.attrNames files; filesToImport = - b.map (name: "${modules}/${name}") (b.attrNames files); + b.map + (name: "${modules}/${name}") + (b.filter (name: b.match ".*\.nix" name != null) fileNames); in filesToImport;