daniel/dotfiles
1
0
Fork 0
Code Activity Actions

cloudflared: access token using agenix

Browse source
This commit is contained in:
Daniel Kempkens 2023-02-06 11:47:54 +01:00
parent f1a5a4bb26
commit 79de75f874
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
9 changed files with 41 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
agenix/hosts/sail/cloudflared/environment.age Normal file
View file

Binary file not shown.

6
agenix/hosts/sail/config.nix
View file

@ -1,5 +1,11 @@
{ {
age.secrets = { age.secrets = {
cloudflared-environment = {
file = ./cloudflared/environment.age;
owner = "cloudflared";
group = "cloudflared";
};
mastodon-database-password = { mastodon-database-password = {
file = ./mastodon/databasePassword.age; file = ./mastodon/databasePassword.age;
owner = "mastodon"; owner = "mastodon";

30
flake.lock
View file

@ -140,11 +140,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1675595366, "lastModified": 1675637696,
"narHash": "sha256-WoQkwaaoZqrhWpIrMxA+2j8CgxgyvjHzCyEZAQu06rQ=", "narHash": "sha256-tilJS8zCS3PaDfVOfsBZ4zspuam8tc7IMZxtGa/K/uo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "9621e9ab80a038cd11c7cfcae4df46a59d62b16a", "rev": "c43d4a3d6d9ef8ddbe2438362f5c775b4186000b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -163,11 +163,11 @@
}, },
"locked": { "locked": {
"dir": "contrib", "dir": "contrib",
"lastModified": 1675561032, "lastModified": 1675657440,
"narHash": "sha256-0BnsvvebFprjoi1Vz8xF6F9RJVaxJwbAeS7FdRDzeIs=", "narHash": "sha256-UkEa4LKXLNglbn5U2o/zee9AePaVVzLkhe06rv6jtDg=",
"owner": "neovim", "owner": "neovim",
"repo": "neovim", "repo": "neovim",
"rev": "5c4b503d3cb4a48d083bcf50d4932927e6eb749d", "rev": "6c39edaa7e5060cedfbbf61e88f4aad20fdff73d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -184,11 +184,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1675584806, "lastModified": 1675671305,
"narHash": "sha256-e3Be4OA16rgsQI881yrejy/wrjX62WQLOK3z1UfbTZk=", "narHash": "sha256-AUcqYR+hZsGz0LCA+FNXejCEToLRceFXia4zMqxh2KE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "neovim-nightly-overlay", "repo": "neovim-nightly-overlay",
"rev": "6690d543402dea98fd975709ed3be6d6b778f302", "rev": "3660ca973f7f9608855abc497626776745c701e3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -204,11 +204,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1675585357, "lastModified": 1675671894,
"narHash": "sha256-AIXHHZxtj2sUV8jlYtZ4p09TAmD/EkJ5E8+YWfCbmDM=", "narHash": "sha256-Kpt06wlPeQ83JhaWFliMjelpLyV652Y13XZdENgGi6Y=",
"owner": "nifoc", "owner": "nifoc",
"repo": "nix-overlay", "repo": "nix-overlay",
"rev": "fecfe2b744653563d90904847d474378e839f7d3", "rev": "1207e81469356b607bc39e4f8368264cd0e33917",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -235,11 +235,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1675584158, "lastModified": 1675614288,
"narHash": "sha256-SBkchaDzCHxnPNRDdtZ5ko5caHio9iS0Mbyn/xXbXxs=", "narHash": "sha256-i3Rc/ENnz62BcrSloeVmAyPicEh4WsrEEYR+INs9TYw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d840126a0890621e7b220894d749132dd4bde6a0", "rev": "d25de6654a34d99dceb02e71e6db516b3b545be6",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
home/config/wezterm/config.fnl
View file

@ -102,6 +102,8 @@
{:key :RightArrow {:key :RightArrow
:mods :CMD :mods :CMD
:action (wezterm.action.ActivateTabRelative 1)}] :action (wezterm.action.ActivateTabRelative 1)}]
:send_composed_key_when_left_alt_is_pressed true
:send_composed_key_when_right_alt_is_pressed true
;; Mouse ;; Mouse
:mouse_bindings [; Only select text and don't open hyperlinks :mouse_bindings [; Only select text and don't open hyperlinks
{:event {:Up {:streak 1 :button :Left}} {:event {:Up {:streak 1 :button :Left}}

18
home/programs/nvim/plugins.nix
View file

@ -112,12 +112,12 @@ rec {
}; };
}; };
nvim-treesitter = pkgs.vimPlugins.nvim-treesitter.overrideAttrs (_: { nvim-treesitter = pkgs.vimPlugins.nvim-treesitter.overrideAttrs (_: {
version = "2023-02-05"; version = "2023-02-06";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "nvim-treesitter"; owner = "nvim-treesitter";
repo = "nvim-treesitter"; repo = "nvim-treesitter";
rev = "24d5be6e7192a855a0eba21829717614fa1cf54e"; rev = "d3a68725e8349212a359d1914fc6e86ff31e4142";
sha256 = "0mk81rjjg4z86kc5wh400j3hvhfq5fflmv0w7daxbxz83133xnxx"; sha256 = "1ccbbbvv2w2vwn9r6z2yc6479sjzm4zx89vzn555b26qazpjmxwn";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}); });
@ -225,12 +225,12 @@ rec {
}; };
nvim-lspconfig = pkgs.vimUtils.buildVimPluginFrom2Nix { nvim-lspconfig = pkgs.vimUtils.buildVimPluginFrom2Nix {
pname = "nvim-lspconfig"; pname = "nvim-lspconfig";
version = "2023-01-31"; version = "2023-02-06";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "neovim"; owner = "neovim";
repo = "nvim-lspconfig"; repo = "nvim-lspconfig";
rev = "902d6aa31450d26e11bedcbef8af5b6fe2e1ffe8"; rev = "255e07ce2a05627d482d2de77308bba51b90470c";
sha256 = "1hmkm3znqm7c6fi0qai1i424qjm5b9dh9l0srzyy7cax3629yyfr"; sha256 = "15lgwqwk6c6rkagbjakylfaq4v49ib7ahp4mcw121k3i5akj1hh7";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };
@ -445,12 +445,12 @@ rec {
}; };
nvim-autopairs = pkgs.vimUtils.buildVimPluginFrom2Nix { nvim-autopairs = pkgs.vimUtils.buildVimPluginFrom2Nix {
pname = "nvim-autopairs"; pname = "nvim-autopairs";
version = "2023-01-30"; version = "2023-02-06";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "windwp"; owner = "windwp";
repo = "nvim-autopairs"; repo = "nvim-autopairs";
rev = "5a3523ddb573804752de6c021c5cb82e267b79ca"; rev = "0e065d423f9cf649e1d92443c939a4b5073b6768";
sha256 = "1s17rmxgnadz6wbcd21x8504ra8crbxf27qjdxh6b4a1g0w75hy1"; sha256 = "174krjkvhcfn25pq9aqwm36cy40dkcxs2rx5y6lbhysizw09gq9s";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}; };

BIN
secret/hosts/sail.nix
View file

Binary file not shown.

2
secrets.nix
View file

@ -7,6 +7,8 @@ let
in in
{ {
# sail # sail
"agenix/hosts/sail/cloudflared/environment.age".publicKeys = sail;
"agenix/hosts/sail/mastodon/databasePassword.age".publicKeys = sail; "agenix/hosts/sail/mastodon/databasePassword.age".publicKeys = sail;
"agenix/hosts/sail/mastodon/smtpPassword.age".publicKeys = sail; "agenix/hosts/sail/mastodon/smtpPassword.age".publicKeys = sail;
"agenix/hosts/sail/mastodon/otpSecret.age".publicKeys = sail; "agenix/hosts/sail/mastodon/otpSecret.age".publicKeys = sail;

2
system/hosts/sail.nix
View file

@ -14,7 +14,7 @@ in
../nixos/git.nix ../nixos/git.nix
(import ../nixos/cloudflared.nix (args // { inherit secret; })) ../nixos/cloudflared.nix
(import ../nixos/freshrss.nix (args // { inherit secret; })) (import ../nixos/freshrss.nix (args // { inherit secret; }))

10
system/nixos/cloudflared.nix
View file

@ -1,4 +1,4 @@
{ pkgs, secret, ... }: { pkgs, config, ... }:
{ {
users.users.cloudflared = { users.users.cloudflared = {
@ -10,10 +10,12 @@
systemd.services.cloudflared-sail = { systemd.services.cloudflared-sail = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" "systemd-resolved.service" ]; after = [ "network.target" "network-online.target" ];
wants = [ "network.target" "network-online.target" ];
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run --token=${secret.cloudflared.token}"; ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run";
Restart = "always"; EnvironmentFile = [ config.age.secrets.cloudflared-environment.path ];
Restart = "on-failure";
User = "cloudflared"; User = "cloudflared";
Group = "cloudflared"; Group = "cloudflared";
}; };