diff --git a/machines/gerd/services/teeworlds.nix b/machines/gerd/services/teeworlds.nix index edb614d..e43cdbe 100644 --- a/machines/gerd/services/teeworlds.nix +++ b/machines/gerd/services/teeworlds.nix @@ -2,19 +2,22 @@ { services.teeworlds = { - enable = true; - openPorts = true; + enable = true; + openPorts = true; - motd = "Welcome to ${config.mine.shared.settings.domain}'s Teeworld server!"; + motd = "Welcome to ${config.mine.shared.settings.domain}'s Teeworld server!"; - password = "XHDThcZGjBW8W4UGZ7bwYVbgPErJobuv"; + environmentFile = config.age.secrets.teeworlds-env.path; + password = "$TEEWORLDS_PASSWORD"; }; mine.shared.meta.teeworlds = { name = "Teeworlds"; - description = ''We host our own Teeworlds instance. Connect using `nix-shell -p teeworlds --run 'teeworlds "connect teeworlds.fricloud.dk" "password ${config.services.teeworlds.password}"'`, the password is ${config.services.teeworlds.password}''; + description = ''We host our own Teeworlds instance. Connect using `nix-shell -p teeworlds --run 'teeworlds "connect teeworlds.fricloud.dk" "password {{secrets.TEEWORLDS_PASSWORD}}"'`, the password is {{secrets.TEEWORLDS_PASSWORD}}''; url = ""; + secrets.auth = config.age.secrets.teeworlds-env.path; + package = let pkg = config.services.teeworlds.package; in { diff --git a/secrets/default.nix b/secrets/default.nix index 36817a5..6ab8521 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -24,6 +24,9 @@ # forgejo forgejo-authelia-secret.file = ./forgejo/authelia-secret.age; + + # teeworlds + teeworlds-env.file = ./teeworlds/env.age; }; users.groups.secrets-lldap-bind-user-pass = {}; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 0630241..f2ca33d 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -28,4 +28,7 @@ in # forgejo "forgejo/authelia-secret.age".publicKeys = defaultAccess; + + # teeworlds + "teeworlds/env.age".publicKeys = defaultAccess; } diff --git a/secrets/teeworlds/env.age b/secrets/teeworlds/env.age new file mode 100644 index 0000000..93e026e --- /dev/null +++ b/secrets/teeworlds/env.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 QSDXqg ntHsb1DKwiuswQq/BKhTw0mmvlnvanpPhjdY3lD4NWo +uXVQHnjMlPBFPgbAB9oLARUMZ78EW15Kv7YgKXeL/YU +-> ssh-ed25519 n8n9DQ BSnWJrmod7N8R0HxhDE+M/pycuTXzE2WsYzWAi846Ww +G4c3sZ2holV5VBpPIibkfXXSW638uv26Cow2LFdEkLw +-> ssh-ed25519 BTp6UA 0mA1o+wWla0IFOqaZNVNdgzOqc1fawUde9dqEUi4tws +OGhqQu4ogpRo5jHZsYCyNb4VaQOfeKdOJpI8r8LcVVs +--- /RpUgDJ08NIK80JCW+UhEODKdXBpkPchxetQuTpcH94 +âl©ÎY |-LX á@Gû[[ˆÆˆÈ;œO`ó.c‡ÚE#µJÅM]ÇzïK^ÎéJ…Ä{ÿh§½RAPvNî0¿¤³Gÿ' +èu#¹Ú_é \ No newline at end of file diff --git a/shared/sources/default.nix b/shared/sources/default.nix index 5222bb1..ecc33f1 100644 --- a/shared/sources/default.nix +++ b/shared/sources/default.nix @@ -4,4 +4,15 @@ let # declare pkgs from sources pkgs = import sources.nixpkgs { }; in sources // { + nixpkgs = pkgs.applyPatches { + src = sources.nixpkgs; + name = "nixpkgs-patched"; + patches = [ + # tmp teeworlds fetchpatch to inject secrets + (pkgs.fetchpatch { + url = "https://github.com/NixOS/nixpkgs/pull/334590.patch"; + sha256 = "sha256-5Uf/jLV0CJFbWyPmkpF4kEVISvoG+fujvTAFIR0a2ek="; + }) + ]; + }; }