cloudflared: access token using agenix
This commit is contained in:
parent
f1a5a4bb26
commit
79de75f874
9 changed files with 41 additions and 29 deletions
BIN
agenix/hosts/sail/cloudflared/environment.age
Normal file
BIN
agenix/hosts/sail/cloudflared/environment.age
Normal file
Binary file not shown.
|
@ -1,5 +1,11 @@
|
||||||
{
|
{
|
||||||
age.secrets = {
|
age.secrets = {
|
||||||
|
cloudflared-environment = {
|
||||||
|
file = ./cloudflared/environment.age;
|
||||||
|
owner = "cloudflared";
|
||||||
|
group = "cloudflared";
|
||||||
|
};
|
||||||
|
|
||||||
mastodon-database-password = {
|
mastodon-database-password = {
|
||||||
file = ./mastodon/databasePassword.age;
|
file = ./mastodon/databasePassword.age;
|
||||||
owner = "mastodon";
|
owner = "mastodon";
|
||||||
|
|
30
flake.lock
30
flake.lock
|
@ -140,11 +140,11 @@
|
||||||
"utils": "utils"
|
"utils": "utils"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1675595366,
|
"lastModified": 1675637696,
|
||||||
"narHash": "sha256-WoQkwaaoZqrhWpIrMxA+2j8CgxgyvjHzCyEZAQu06rQ=",
|
"narHash": "sha256-tilJS8zCS3PaDfVOfsBZ4zspuam8tc7IMZxtGa/K/uo=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "9621e9ab80a038cd11c7cfcae4df46a59d62b16a",
|
"rev": "c43d4a3d6d9ef8ddbe2438362f5c775b4186000b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -163,11 +163,11 @@
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"dir": "contrib",
|
"dir": "contrib",
|
||||||
"lastModified": 1675561032,
|
"lastModified": 1675657440,
|
||||||
"narHash": "sha256-0BnsvvebFprjoi1Vz8xF6F9RJVaxJwbAeS7FdRDzeIs=",
|
"narHash": "sha256-UkEa4LKXLNglbn5U2o/zee9AePaVVzLkhe06rv6jtDg=",
|
||||||
"owner": "neovim",
|
"owner": "neovim",
|
||||||
"repo": "neovim",
|
"repo": "neovim",
|
||||||
"rev": "5c4b503d3cb4a48d083bcf50d4932927e6eb749d",
|
"rev": "6c39edaa7e5060cedfbbf61e88f4aad20fdff73d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -184,11 +184,11 @@
|
||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": "nixpkgs"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1675584806,
|
"lastModified": 1675671305,
|
||||||
"narHash": "sha256-e3Be4OA16rgsQI881yrejy/wrjX62WQLOK3z1UfbTZk=",
|
"narHash": "sha256-AUcqYR+hZsGz0LCA+FNXejCEToLRceFXia4zMqxh2KE=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "neovim-nightly-overlay",
|
"repo": "neovim-nightly-overlay",
|
||||||
"rev": "6690d543402dea98fd975709ed3be6d6b778f302",
|
"rev": "3660ca973f7f9608855abc497626776745c701e3",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -204,11 +204,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1675585357,
|
"lastModified": 1675671894,
|
||||||
"narHash": "sha256-AIXHHZxtj2sUV8jlYtZ4p09TAmD/EkJ5E8+YWfCbmDM=",
|
"narHash": "sha256-Kpt06wlPeQ83JhaWFliMjelpLyV652Y13XZdENgGi6Y=",
|
||||||
"owner": "nifoc",
|
"owner": "nifoc",
|
||||||
"repo": "nix-overlay",
|
"repo": "nix-overlay",
|
||||||
"rev": "fecfe2b744653563d90904847d474378e839f7d3",
|
"rev": "1207e81469356b607bc39e4f8368264cd0e33917",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -235,11 +235,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1675584158,
|
"lastModified": 1675614288,
|
||||||
"narHash": "sha256-SBkchaDzCHxnPNRDdtZ5ko5caHio9iS0Mbyn/xXbXxs=",
|
"narHash": "sha256-i3Rc/ENnz62BcrSloeVmAyPicEh4WsrEEYR+INs9TYw=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "d840126a0890621e7b220894d749132dd4bde6a0",
|
"rev": "d25de6654a34d99dceb02e71e6db516b3b545be6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -102,6 +102,8 @@
|
||||||
{:key :RightArrow
|
{:key :RightArrow
|
||||||
:mods :CMD
|
:mods :CMD
|
||||||
:action (wezterm.action.ActivateTabRelative 1)}]
|
:action (wezterm.action.ActivateTabRelative 1)}]
|
||||||
|
:send_composed_key_when_left_alt_is_pressed true
|
||||||
|
:send_composed_key_when_right_alt_is_pressed true
|
||||||
;; Mouse
|
;; Mouse
|
||||||
:mouse_bindings [; Only select text and don't open hyperlinks
|
:mouse_bindings [; Only select text and don't open hyperlinks
|
||||||
{:event {:Up {:streak 1 :button :Left}}
|
{:event {:Up {:streak 1 :button :Left}}
|
||||||
|
|
|
@ -112,12 +112,12 @@ rec {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
nvim-treesitter = pkgs.vimPlugins.nvim-treesitter.overrideAttrs (_: {
|
nvim-treesitter = pkgs.vimPlugins.nvim-treesitter.overrideAttrs (_: {
|
||||||
version = "2023-02-05";
|
version = "2023-02-06";
|
||||||
src = pkgs.fetchFromGitHub {
|
src = pkgs.fetchFromGitHub {
|
||||||
owner = "nvim-treesitter";
|
owner = "nvim-treesitter";
|
||||||
repo = "nvim-treesitter";
|
repo = "nvim-treesitter";
|
||||||
rev = "24d5be6e7192a855a0eba21829717614fa1cf54e";
|
rev = "d3a68725e8349212a359d1914fc6e86ff31e4142";
|
||||||
sha256 = "0mk81rjjg4z86kc5wh400j3hvhfq5fflmv0w7daxbxz83133xnxx";
|
sha256 = "1ccbbbvv2w2vwn9r6z2yc6479sjzm4zx89vzn555b26qazpjmxwn";
|
||||||
fetchSubmodules = false;
|
fetchSubmodules = false;
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
@ -225,12 +225,12 @@ rec {
|
||||||
};
|
};
|
||||||
nvim-lspconfig = pkgs.vimUtils.buildVimPluginFrom2Nix {
|
nvim-lspconfig = pkgs.vimUtils.buildVimPluginFrom2Nix {
|
||||||
pname = "nvim-lspconfig";
|
pname = "nvim-lspconfig";
|
||||||
version = "2023-01-31";
|
version = "2023-02-06";
|
||||||
src = pkgs.fetchFromGitHub {
|
src = pkgs.fetchFromGitHub {
|
||||||
owner = "neovim";
|
owner = "neovim";
|
||||||
repo = "nvim-lspconfig";
|
repo = "nvim-lspconfig";
|
||||||
rev = "902d6aa31450d26e11bedcbef8af5b6fe2e1ffe8";
|
rev = "255e07ce2a05627d482d2de77308bba51b90470c";
|
||||||
sha256 = "1hmkm3znqm7c6fi0qai1i424qjm5b9dh9l0srzyy7cax3629yyfr";
|
sha256 = "15lgwqwk6c6rkagbjakylfaq4v49ib7ahp4mcw121k3i5akj1hh7";
|
||||||
fetchSubmodules = false;
|
fetchSubmodules = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -445,12 +445,12 @@ rec {
|
||||||
};
|
};
|
||||||
nvim-autopairs = pkgs.vimUtils.buildVimPluginFrom2Nix {
|
nvim-autopairs = pkgs.vimUtils.buildVimPluginFrom2Nix {
|
||||||
pname = "nvim-autopairs";
|
pname = "nvim-autopairs";
|
||||||
version = "2023-01-30";
|
version = "2023-02-06";
|
||||||
src = pkgs.fetchFromGitHub {
|
src = pkgs.fetchFromGitHub {
|
||||||
owner = "windwp";
|
owner = "windwp";
|
||||||
repo = "nvim-autopairs";
|
repo = "nvim-autopairs";
|
||||||
rev = "5a3523ddb573804752de6c021c5cb82e267b79ca";
|
rev = "0e065d423f9cf649e1d92443c939a4b5073b6768";
|
||||||
sha256 = "1s17rmxgnadz6wbcd21x8504ra8crbxf27qjdxh6b4a1g0w75hy1";
|
sha256 = "174krjkvhcfn25pq9aqwm36cy40dkcxs2rx5y6lbhysizw09gq9s";
|
||||||
fetchSubmodules = false;
|
fetchSubmodules = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Binary file not shown.
|
@ -7,6 +7,8 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# sail
|
# sail
|
||||||
|
"agenix/hosts/sail/cloudflared/environment.age".publicKeys = sail;
|
||||||
|
|
||||||
"agenix/hosts/sail/mastodon/databasePassword.age".publicKeys = sail;
|
"agenix/hosts/sail/mastodon/databasePassword.age".publicKeys = sail;
|
||||||
"agenix/hosts/sail/mastodon/smtpPassword.age".publicKeys = sail;
|
"agenix/hosts/sail/mastodon/smtpPassword.age".publicKeys = sail;
|
||||||
"agenix/hosts/sail/mastodon/otpSecret.age".publicKeys = sail;
|
"agenix/hosts/sail/mastodon/otpSecret.age".publicKeys = sail;
|
||||||
|
|
|
@ -14,7 +14,7 @@ in
|
||||||
|
|
||||||
../nixos/git.nix
|
../nixos/git.nix
|
||||||
|
|
||||||
(import ../nixos/cloudflared.nix (args // { inherit secret; }))
|
../nixos/cloudflared.nix
|
||||||
|
|
||||||
(import ../nixos/freshrss.nix (args // { inherit secret; }))
|
(import ../nixos/freshrss.nix (args // { inherit secret; }))
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, secret, ... }:
|
{ pkgs, config, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
users.users.cloudflared = {
|
users.users.cloudflared = {
|
||||||
|
@ -10,10 +10,12 @@
|
||||||
|
|
||||||
systemd.services.cloudflared-sail = {
|
systemd.services.cloudflared-sail = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "network-online.target" "systemd-resolved.service" ];
|
after = [ "network.target" "network-online.target" ];
|
||||||
|
wants = [ "network.target" "network-online.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run --token=${secret.cloudflared.token}";
|
ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run";
|
||||||
Restart = "always";
|
EnvironmentFile = [ config.age.secrets.cloudflared-environment.path ];
|
||||||
|
Restart = "on-failure";
|
||||||
User = "cloudflared";
|
User = "cloudflared";
|
||||||
Group = "cloudflared";
|
Group = "cloudflared";
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue