feat(nixos/ddclient): Proper secrets management

2025-03-09 16:38:53 -07:00 · 2025-03-09 16:38:53 -07:00 · 58cf4bf8fc
commit 58cf4bf8fc
parent ff54f4080f
3 changed files with 7 additions and 2 deletions
--- a/modules/nixos/services/ddclient/default.nix
+++ b/modules/nixos/services/ddclient/default.nix
@ -8,10 +8,12 @@ in {
  options.marleyos.services.ddclient.enable = lib.mkEnableOption "ddclient";

  config = lib.mkIf cfg.enable {
+    age.secrets.ddclient.file = ../../../../secrets/ddclient.conf.age;
+
    services.ddclient = {
      enable = true;

-      configFile = "/home/marley/ddclient.conf";
+      configFile = config.age.secrets.ddclient.path;
    };
  };
 }
--- a/secrets/ddclient.conf.age
+++ b/secrets/ddclient.conf.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -7,6 +7,9 @@ let
  marleycentre = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEA86DphSL36GsvatkXgFU1ONzt53UzXdUaQN1EBWeCD root@nixos";
  marleynet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIArAAwU4JX7wa5X3Un3q5b+ZD52j0nCnNsGEybWf/7SB root@nixos";
  systems = [nyx marleycentre marleynet];
+
+  defaultKeys = users ++ systems;
 in {
-  "babeshare-pass.age".publicKeys = users ++ systems;
+  "babeshare-pass.age".publicKeys = defaultKeys;
+  "ddclient.conf.age".publicKeys = defaultKeys;
 }