diff --git a/nixosModules/server/miniflux.nix b/nixosModules/server/miniflux.nix index e80121e..af17177 100755 --- a/nixosModules/server/miniflux.nix +++ b/nixosModules/server/miniflux.nix @@ -17,10 +17,12 @@ }; sops.secrets.minifluxenv = { + format = "dotenv"; sopsFile = ./secrets/miniflux.env; - # key = null; - owner = "miniflux"; - group = "miniflux"; - mode = "0600"; + # key = null; + # owner = "miniflux"; + # group = "miniflux"; + mode = "0650"; + # path = "/run/secrets/miniflux.env"; }; } diff --git a/nixosModules/server/secrets/miniflux.env.enc b/nixosModules/server/secrets/miniflux.env similarity index 100% rename from nixosModules/server/secrets/miniflux.env.enc rename to nixosModules/server/secrets/miniflux.env diff --git a/nixosModules/users.nix b/nixosModules/users.nix index c619fa4..00fc822 100755 --- a/nixosModules/users.nix +++ b/nixosModules/users.nix @@ -66,6 +66,21 @@ group = config.users.users."${xlib.device.username}".group; mode = "0600"; }; + ssh_key_public = { + format = "yaml"; + key = "ssh_key_public"; + + path = "/home/${xlib.device.username}/.ssh/id_ed25519.pub"; + owner = config.users.users."${xlib.device.username}".name; + group = config.users.users."${xlib.device.username}".group; + mode = "0655"; + }; + ssh_key_public_host = { + format = "yaml"; + key = "ssh_key_public"; + path = "/etc/ssh/id_ed25519.pub"; + mode = "0655"; + }; }; }; } diff --git a/secrets/default.yaml b/secrets/default.yaml index e0389d0..9142393 100644 --- a/secrets/default.yaml +++ b/secrets/default.yaml @@ -1,6 +1,7 @@ ssh_key_private: ENC[AES256_GCM,data:cyqjgPmj9rAR1n25ICRM8V+46rb9iZ3r15ujnrulh775MwjhDjKy1wPnDYlCl+YNIWxmsQnxmEYoRi3jHYOwaItQsH47D3velK9BVuBGo/srWsE1D7Sd8olAWFqeM5n1LLlLzm3zB9Jvl1rE1VhkaLj/q0arnTvTGMnkgmpCxTn0x6J9PydV4zNzNyVz2ejtnb2fnYm6fhfF5nCyKlwFQ5k922k5EOnnK57JF6zQEsLV83Rh0hu/vjbwPYeKjeLUsaFTIMtoCfuQg8p+1EEGTt4FUPsSaXaax/5WWtKccSl2Ky6QM+4kHocpEIxcLZlbWVfpY/sfisDBdxNEzq+EeXBc7I3oV8SsvZ7EraCjuDIY17DJjyTxgduZmorVHwQVwGqfTJcunAQ6NTX2FmCrGINPlduIXI5ENHO/ki+XweMugYYGCVxg/A/wBkWdqqGFMkxneXK9e9LNu66Cx3WIALWY0eZJQapo0AaxCb8IFPLtidyxhmBulR50T2SMQFchY0mtbVhUtnWXZmdffbX6,iv:irfuVOG/3kJto9Bfo9kfWuAiMnSDv2lEIgHgS74sNPI=,tag:WMz84t/fUyUokm5WYoNAOQ==,type:str] age_key_private: ENC[AES256_GCM,data:x0B/ch6jnR91pUoh+l299zkLkon8EVdpv43Y9ZaO5UGtoHZTz4WNv+bFlx8JeKpIi225yafviEwDkjXSNVSOyEiKX96AMdITWEQ=,iv:/IPQF64nEXsR6WAFnKRVn9xNLJxnPFkl4zy3Y1SAbow=,tag:OOR+kdQcRIelf2u+MHRT+g==,type:str] hashed_password: ENC[AES256_GCM,data:4XLEKKrBy6J+WVcOOgQLrxyPgkNuqd2QBpE2IZUSe9rxNL8E+hA39EDXzlR/p08VX83Y8SsCc9AP4Lc+E4461fCt7G5JDDVBdqWhWDhRxdiUfQMcjRbj5WoNBCuB85VixwIYNgR2drGvKA==,iv:BbSSWimBybfwc9ICXuQwPn6SENAqbwvW1zfFtcG/RJ8=,tag:bC2xPTVX/rYzAhRuoiKwbA==,type:str] +ssh_key_public: ENC[AES256_GCM,data:0LhcdZrSFDl5KvHTC9C6XILjcwzN6gCSbC+7qwJZG7G13BOde76mtIpHnzLVu1QhKgc681Qw5j0MaAOMbIFSi5uFbnh87r+3onJ98l2IMQc=,iv:Z0l6a5APKqvYCYlLriUrM+RKsd+x1d6m79gP1LFOzec=,tag:hNLcmSx42uCS5CO/2ZzlgQ==,type:str] sops: age: - recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm @@ -12,7 +13,7 @@ sops: bk9jY0J0dE9jd1gxRzhNUlNBaHc3QlkKFDdWVhqMUgRjndhph+UvkSPcvsP0Z92+ 5U9lYlHnWwTIUKnFM8pVxdrLDE7O8Q5qw/H33ECttyMD4NZIYjmmyA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-09T21:06:50Z" - mac: ENC[AES256_GCM,data:sRMK7HtFr2tPXZd47h1sKyK3fPaoFzmAhS80RwqHSEfu+gg1Su1fIda+5stG27+WqvKE0+IqBSCotiJ02WaxYbxaf4OpoMHar/+DEteugotSL/fMnsphZHYPil+Gj4f+iubc0ynsuRv8ej2Xw5pBmAV4V4OGxeOuoahyb7va8Vo=,iv:Trggj7IZEGMOHArlBk92cUO8t77OfRx9EUy0gne4LaI=,tag:LZt2SLYaNDYZog+8e2oWCQ==,type:str] + lastmodified: "2025-10-09T22:17:57Z" + mac: ENC[AES256_GCM,data:/ubehy/KUtmgteU5EK4r7icDk/yh9U72DRVnnQAb7JTUtxKQOWADHj2evjiv0QMfAughrS9O9OO/gEuuWXHKGHJslqqLxegm8RECoFBa0P40cxS4ZW33HN7Yi2irsSvLs3Ghw2b9lExHUP2dKfT4pwi/hO8HHg+mFN/q6vv8vTI=,iv:/Klr3CWkGwv0LxtKqysWvatzbv0XzG+wjHlmuI2c/Vg=,tag:jf0B6uObTe6KFf7D9GQYwg==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0