diff --git a/flake.lock b/flake.lock index 04719bc..474c3aa 100644 --- a/flake.lock +++ b/flake.lock @@ -663,17 +663,17 @@ }, "nixpkgsSisko": { "locked": { - "lastModified": 1742288794, - "narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=", + "lastModified": 1747542820, + "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42", + "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043", "type": "github" }, "original": { "owner": "NixOS", "repo": "nixpkgs", - "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42", + "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043", "type": "github" } }, diff --git a/flake.nix b/flake.nix index 440867f..145218e 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,7 @@ inputs = { flakeParts.url = "github:hercules-ci/flake-parts"; - nixpkgsSisko.url = "github:NixOS/nixpkgs/b6eaf97c6960d97350c584de1b6dcff03c9daf42"; + nixpkgsSisko.url = "github:NixOS/nixpkgs/292fa7d4f6519c074f0a50394dbbe69859bb6043"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixosHardware.url = "github:NixOS/nixos-hardware"; homeManager = { diff --git a/hosts/default.nix b/hosts/default.nix index 7ed6ca8..cf4fc6f 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -109,6 +109,7 @@ "home-assistant-token".owner = "prometheus"; "grafana-password".owner = "grafana"; "cloudflare-dyndns-api-token" = { }; + "cloudflare-api-tokens" = { }; "restic-hetzner-password" = { }; "hass-ssh-key".owner = "hass"; "sisko-attic-environment-file".owner = "atticd"; diff --git a/modules/nginx-base/default.nix b/modules/nginx-base/default.nix index 5068162..a79716e 100644 --- a/modules/nginx-base/default.nix +++ b/modules/nginx-base/default.nix @@ -14,7 +14,7 @@ dnsProvider = "cloudflare"; dnsPropagationCheck = true; group = config.services.nginx.group; - environmentFile = config.age.secrets.cloudflare-dyndns-api-token.path; + environmentFile = config.age.secrets.cloudflare-api-tokens.path; }; }; }; diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 1b2258d..000ede4 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -92,7 +92,7 @@ ]; protocol = "ssh-ng"; sshUser = "root"; - sshKey = "/home/${config.ccr.username}/.ssh/id_rsa"; + sshKey = "/home/${config.ccr.username}/.ssh/id_ed25519"; } ++ (lib.lists.optional (config.networking.hostName == "picard") { hostName = "mac.staging.mlabs.city?remote-program=/run/current-system/sw/bin/nix-store"; diff --git a/secrets/cloudflare-api-tokens.age b/secrets/cloudflare-api-tokens.age new file mode 100644 index 0000000..57e68b8 --- /dev/null +++ b/secrets/cloudflare-api-tokens.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> ssh-rsa /AagBw +hD7PDjueXimBVI/rjcYxN77LHV2eGytKcUbmh17aSL1CNM+eriURFao3tj52Hiaz +3VMB6FxWUk9kzgjMPvf5WZukuZ2WbpPH8xlDV+6ZH7e/IzmjIfx8Ny14Mr1IF/Rx +TBiCIAM19/1/mR9MiIBW85bb+Bb/waWIZAgxW3N1RpqH5+vAVqx0iY3XRF5+0gOq +blP3yEw3QaL6FuY0+a+d/TnCsrz2Gi1Rba9oCUmkzOP96TsJYdN58Ut6nrHFkURK +mShL2xBMLmfA8Z5ep+D8ueyQbcYpeU3KHcIcRM6dRTwQKvWXAVkRt1nUGasKrO9Y +oJT9BrcxjtqgF/xhHRjWpamjFSI3mlJnJNEbruddDwQUccrJOvEzvqZ7GK0WoFX2 +HmhdDOiocMGWFeBPAKlNtU3+QmtZvhvOIgbjKhNxmCt1A/qxfvRk7Y2IDIBo+CFo +sKMrT1tCo4UYaJdZYl64XYNCQb3C2EfO7Exrq3d2urNidzUbr9OBx7CCI1nu375c +Qol9Kr28fLtxRuSZlrqIe9vKVYyLDPznrRlh6TmgqmMLIW70Y8cZwMtT8L8sOkcm +A8MoxpWFzK4BKo0Iqmw6eZ3nx/0LAzkz005ZEwrmi2W/XxOWJgBiaLmu7YwnoGq0 +gzwwvA5V5MT6Iy7FzkQpMi0h/H4MZ0mcbihKdPun85Q +-> ssh-ed25519 +vdRnA 23Gviu8hfWCEBPHP7xYIaOx34kFsxJJgJ/BNUDlb9Cg +ROiMY2gw/rpNBmJnlRVb7Qhi5+8TY3Velj8gEZcaedI +--- dhmvfQoCjuRUJtvXNI/eCjH0W+IeJm8bFRvYk1JihD0 +qMC,݈ԝ9-\KJ]J(Sn.Qp~Z$e"픒\'rSlu +UD<Սv]|/g[ W_>-fl8|wيlB[\.k(W{=w 3N}qG-wMb^Q{ \ No newline at end of file diff --git a/secrets/cloudflare-dyndns-api-token.age b/secrets/cloudflare-dyndns-api-token.age index 57e68b8..6f09f52 100644 Binary files a/secrets/cloudflare-dyndns-api-token.age and b/secrets/cloudflare-dyndns-api-token.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 8724ce7..7b341b1 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -92,6 +92,10 @@ with keys.users; deltaflyer pike ]; + "cloudflare-api-tokens.age".publicKeys = [ + ccr-ssh + sisko + ]; "cloudflare-dyndns-api-token.age".publicKeys = [ ccr-ssh sisko