From 75b1dd3fbffbd4886d3777ad1cacb7a20f04085b Mon Sep 17 00:00:00 2001
From: punkfairie <marley@punkfairie.net>
Date: Sun, 9 Mar 2025 16:38:53 -0700
Subject: [PATCH] feat(nixos/ddclient): Proper secrets management

---
 modules/nixos/services/ddclient/default.nix |   4 +++-
 secrets/ddclient.conf.age                   | Bin 0 -> 1428 bytes
 secrets/secrets.nix                         |   5 ++++-
 3 files changed, 7 insertions(+), 2 deletions(-)
 create mode 100644 secrets/ddclient.conf.age

diff --git a/modules/nixos/services/ddclient/default.nix b/modules/nixos/services/ddclient/default.nix
index 61999d7..7946753 100644
--- a/modules/nixos/services/ddclient/default.nix
+++ b/modules/nixos/services/ddclient/default.nix
@@ -8,10 +8,12 @@ in {
   options.marleyos.services.ddclient.enable = lib.mkEnableOption "ddclient";
 
   config = lib.mkIf cfg.enable {
+    age.secrets.ddclient.file = ../../../../secrets/ddclient.conf.age;
+
     services.ddclient = {
       enable = true;
 
-      configFile = "/home/marley/ddclient.conf";
+      configFile = config.age.secrets.ddclient.path;
     };
   };
 }
diff --git a/secrets/ddclient.conf.age b/secrets/ddclient.conf.age
new file mode 100644
index 0000000000000000000000000000000000000000..c152598eb7359daa1abda1e8595c3267d63294f0
GIT binary patch
literal 1428
zcmZY4{Xf$Q0KoC?C1H|sy?UTDdcI*}&&10%Uo)HeZnm|Fv?sI89&Gj`6|(ANSJ%Ul
zdF~Zch&=U3p)Oofkxmct(2MJebW-kI?tZ@e2R`rDhc6NPij_i*Nu4THDg9I$30&_F
z@eP4$wMo8WQ2-k4kB72T{iP-XlttzzYJgNwsm7+jG$fG`B;XK6f1XmrlCUXUofxfw
zNfE3F`ffHvC(xv@xoEVCBOxV|lNdyOlAc6SM{t#7P$xsHkxIOX4cF?~2;je33<=A?
z7@!ecm5#tsa&gE+E}zedMZrxVfvaYLfGIW#nMwxr)L1<{RSUATkTeuEjX<ZX04dvF
z8G#BHBVcGGLdP~4Fj9q%PD7z$0W}HDQ_AH3)wE=>fg^z$#Nk-65KkpAg&;+5NTSjh
zVls_Fp`eKhy+8w!i5N9Qh{Lg&JV+QD7m2|pYt<mmAX8xtRJt4`RR!>r@DwsWnY`P;
zfzkDmoR~1f|K8+!5ThnQL7iF=jX;PPXd(zl@wowfKo^ZsX#pZjlcGk6=}bfviX|g(
z0uT^vv`(XoNy9UVkp!bM2CLvx^!_OnfB}Xv6|o=#&w`}_CTX+^CWQF<`a<C%lQBtz
z&@wPawHAw~kr_G(kHH{C>)|YPfPe~<{hJEo0V#SpL{bv6!fa9VP4GFhu&gk+|LWv=
zXr!t5x8hmHM&4;$+^nXt_Sp7T#-;BEcYHce8cc1wwI(-nRj8Y%tygAvT+Md5U4H0z
z9NipjZ@pA{l7IAD`Nb2`;4S;TiW)VKQR%l~Ru?2#erEPSkk`s#rw}VWoOAPHZInlz
z+uIEo=vT|RghW4Pw#LZc<@81z-iuUx8O9Bzfu|;7OjqiUBUIha^VoTLT(0w8)Os$X
z@Zn&K`#wrZOF<hy;pNsB6yFU8Bhiz4N}n!n{Lp%ThA}KG8#q$#b2CP|8drO#?!L)f
zs<G0SecZ1+QNL+LQ>pdPxUDU{6j5_w99#coAS{UWIwPkITwW_-436lwe>XT#T*R81
zbgjK}YW%JPYVJ(1KX7W}#7vK;L1gZeg&3MD%wEG(Nl$-k?|k!^xkA$1T=yYga6)#)
z=U2$VzK|J5{$iutR+DwEh*wq#y=`t^>KJcL7Cen*cMD3G6^iS@{kCY;PtOEX@xyj`
zmi?O&T2?REp9DVEo)4a;DQ{#g=|4<M6fR?ZC}@~^9@>4a3Z7rtrKrB#rP7yW-cx)Y
zvSXDnM=qpTt4i<Y^m-c0z_&@>8J*?_12+3(c@;FW=P3H#mQU_~Jaa?lj@(Ii20WBU
zw-MK#IoCaAnc&oS)H&+TJH7MZK7fe*rUG}|7;?+2Hi{c+M)mOt?ISP93o~8xu*z&B
zT|eI=c%A*S@5^brT66*ZOPhA(swL}Y&cda@r<pud0i1fa3Qado@N}rCgUi=|)EbA9
zAcISwjo~m8ZrJ{ftnN8xSI>=Y_lg4CYtUFKBFYY)?&tEATlzZ!|DIzZjy}o>L{9$L
z;B=rB*DC6e<3W!{uFZ*fn@8`h)i$gt580WOi?1e!pj5np3`&${-}qeT;XRyZov#Y+
zK3O_v*U}I@yfq_jGSp0oXxCKvZg!@unT<2zt+cg!lGGg`7l)Tl>|9di?ENOu;+6LP
ziFcxF;=8uM;8)GXoyT~8zG=?^d<+(`*GZ1*z4O+e-S-Xvg@5-J`2;kzREG9tZX;a#
zs9SeLm}dE0a=<=6f@HjoYs`aBuUz0{xm$;bdE8pe=HyXtStbea6ii>4h835TcS-W2
z-N%9-78)Mmu$?b#)%eT2Y;b)>()9}0Ovk@oH+1X-udWLkSy&8NrX2$&<Fg&EEmjTx
P;N0Bg<>tdAdSU+o#3gBV

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 7ca6dd1..a46de88 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -7,6 +7,9 @@ let
   marleycentre = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEA86DphSL36GsvatkXgFU1ONzt53UzXdUaQN1EBWeCD root@nixos";
   marleynet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIArAAwU4JX7wa5X3Un3q5b+ZD52j0nCnNsGEybWf/7SB root@nixos";
   systems = [nyx marleycentre marleynet];
+
+  defaultKeys = users ++ systems;
 in {
-  "babeshare-pass.age".publicKeys = users ++ systems;
+  "babeshare-pass.age".publicKeys = defaultKeys;
+  "ddclient.conf.age".publicKeys = defaultKeys;
 }