1
0
Fork 0

cloudflared: access token using agenix

This commit is contained in:
Daniel Kempkens 2023-02-06 11:47:54 +01:00
parent f1a5a4bb26
commit 79de75f874
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
9 changed files with 41 additions and 29 deletions

Binary file not shown.

View file

@ -1,5 +1,11 @@
{
age.secrets = {
cloudflared-environment = {
file = ./cloudflared/environment.age;
owner = "cloudflared";
group = "cloudflared";
};
mastodon-database-password = {
file = ./mastodon/databasePassword.age;
owner = "mastodon";

View file

@ -140,11 +140,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1675595366,
"narHash": "sha256-WoQkwaaoZqrhWpIrMxA+2j8CgxgyvjHzCyEZAQu06rQ=",
"lastModified": 1675637696,
"narHash": "sha256-tilJS8zCS3PaDfVOfsBZ4zspuam8tc7IMZxtGa/K/uo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "9621e9ab80a038cd11c7cfcae4df46a59d62b16a",
"rev": "c43d4a3d6d9ef8ddbe2438362f5c775b4186000b",
"type": "github"
},
"original": {
@ -163,11 +163,11 @@
},
"locked": {
"dir": "contrib",
"lastModified": 1675561032,
"narHash": "sha256-0BnsvvebFprjoi1Vz8xF6F9RJVaxJwbAeS7FdRDzeIs=",
"lastModified": 1675657440,
"narHash": "sha256-UkEa4LKXLNglbn5U2o/zee9AePaVVzLkhe06rv6jtDg=",
"owner": "neovim",
"repo": "neovim",
"rev": "5c4b503d3cb4a48d083bcf50d4932927e6eb749d",
"rev": "6c39edaa7e5060cedfbbf61e88f4aad20fdff73d",
"type": "github"
},
"original": {
@ -184,11 +184,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1675584806,
"narHash": "sha256-e3Be4OA16rgsQI881yrejy/wrjX62WQLOK3z1UfbTZk=",
"lastModified": 1675671305,
"narHash": "sha256-AUcqYR+hZsGz0LCA+FNXejCEToLRceFXia4zMqxh2KE=",
"owner": "nix-community",
"repo": "neovim-nightly-overlay",
"rev": "6690d543402dea98fd975709ed3be6d6b778f302",
"rev": "3660ca973f7f9608855abc497626776745c701e3",
"type": "github"
},
"original": {
@ -204,11 +204,11 @@
]
},
"locked": {
"lastModified": 1675585357,
"narHash": "sha256-AIXHHZxtj2sUV8jlYtZ4p09TAmD/EkJ5E8+YWfCbmDM=",
"lastModified": 1675671894,
"narHash": "sha256-Kpt06wlPeQ83JhaWFliMjelpLyV652Y13XZdENgGi6Y=",
"owner": "nifoc",
"repo": "nix-overlay",
"rev": "fecfe2b744653563d90904847d474378e839f7d3",
"rev": "1207e81469356b607bc39e4f8368264cd0e33917",
"type": "github"
},
"original": {
@ -235,11 +235,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1675584158,
"narHash": "sha256-SBkchaDzCHxnPNRDdtZ5ko5caHio9iS0Mbyn/xXbXxs=",
"lastModified": 1675614288,
"narHash": "sha256-i3Rc/ENnz62BcrSloeVmAyPicEh4WsrEEYR+INs9TYw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d840126a0890621e7b220894d749132dd4bde6a0",
"rev": "d25de6654a34d99dceb02e71e6db516b3b545be6",
"type": "github"
},
"original": {

View file

@ -102,6 +102,8 @@
{:key :RightArrow
:mods :CMD
:action (wezterm.action.ActivateTabRelative 1)}]
:send_composed_key_when_left_alt_is_pressed true
:send_composed_key_when_right_alt_is_pressed true
;; Mouse
:mouse_bindings [; Only select text and don't open hyperlinks
{:event {:Up {:streak 1 :button :Left}}

View file

@ -112,12 +112,12 @@ rec {
};
};
nvim-treesitter = pkgs.vimPlugins.nvim-treesitter.overrideAttrs (_: {
version = "2023-02-05";
version = "2023-02-06";
src = pkgs.fetchFromGitHub {
owner = "nvim-treesitter";
repo = "nvim-treesitter";
rev = "24d5be6e7192a855a0eba21829717614fa1cf54e";
sha256 = "0mk81rjjg4z86kc5wh400j3hvhfq5fflmv0w7daxbxz83133xnxx";
rev = "d3a68725e8349212a359d1914fc6e86ff31e4142";
sha256 = "1ccbbbvv2w2vwn9r6z2yc6479sjzm4zx89vzn555b26qazpjmxwn";
fetchSubmodules = false;
};
});
@ -225,12 +225,12 @@ rec {
};
nvim-lspconfig = pkgs.vimUtils.buildVimPluginFrom2Nix {
pname = "nvim-lspconfig";
version = "2023-01-31";
version = "2023-02-06";
src = pkgs.fetchFromGitHub {
owner = "neovim";
repo = "nvim-lspconfig";
rev = "902d6aa31450d26e11bedcbef8af5b6fe2e1ffe8";
sha256 = "1hmkm3znqm7c6fi0qai1i424qjm5b9dh9l0srzyy7cax3629yyfr";
rev = "255e07ce2a05627d482d2de77308bba51b90470c";
sha256 = "15lgwqwk6c6rkagbjakylfaq4v49ib7ahp4mcw121k3i5akj1hh7";
fetchSubmodules = false;
};
};
@ -445,12 +445,12 @@ rec {
};
nvim-autopairs = pkgs.vimUtils.buildVimPluginFrom2Nix {
pname = "nvim-autopairs";
version = "2023-01-30";
version = "2023-02-06";
src = pkgs.fetchFromGitHub {
owner = "windwp";
repo = "nvim-autopairs";
rev = "5a3523ddb573804752de6c021c5cb82e267b79ca";
sha256 = "1s17rmxgnadz6wbcd21x8504ra8crbxf27qjdxh6b4a1g0w75hy1";
rev = "0e065d423f9cf649e1d92443c939a4b5073b6768";
sha256 = "174krjkvhcfn25pq9aqwm36cy40dkcxs2rx5y6lbhysizw09gq9s";
fetchSubmodules = false;
};
};

Binary file not shown.

View file

@ -7,6 +7,8 @@ let
in
{
# sail
"agenix/hosts/sail/cloudflared/environment.age".publicKeys = sail;
"agenix/hosts/sail/mastodon/databasePassword.age".publicKeys = sail;
"agenix/hosts/sail/mastodon/smtpPassword.age".publicKeys = sail;
"agenix/hosts/sail/mastodon/otpSecret.age".publicKeys = sail;

View file

@ -14,7 +14,7 @@ in
../nixos/git.nix
(import ../nixos/cloudflared.nix (args // { inherit secret; }))
../nixos/cloudflared.nix
(import ../nixos/freshrss.nix (args // { inherit secret; }))

View file

@ -1,4 +1,4 @@
{ pkgs, secret, ... }:
{ pkgs, config, ... }:
{
users.users.cloudflared = {
@ -10,10 +10,12 @@
systemd.services.cloudflared-sail = {
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" "systemd-resolved.service" ];
after = [ "network.target" "network-online.target" ];
wants = [ "network.target" "network-online.target" ];
serviceConfig = {
ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run --token=${secret.cloudflared.token}";
Restart = "always";
ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run";
EnvironmentFile = [ config.age.secrets.cloudflared-environment.path ];
Restart = "on-failure";
User = "cloudflared";
Group = "cloudflared";
};