gerd.teeworlds: add secrets patch + secrets

2024-08-14 12:24:04 +02:00 · 2024-08-14 12:24:04 +02:00 · 0c47c0cbe6
commit 0c47c0cbe6
parent 87f69b6f5a
5 changed files with 35 additions and 5 deletions
--- a/machines/gerd/services/teeworlds.nix
+++ b/machines/gerd/services/teeworlds.nix
@ -2,19 +2,22 @@
 {
  services.teeworlds = {
-      enable = true;
+    enable = true;
-      openPorts = true;
+    openPorts = true;
-      motd = "Welcome to ${config.mine.shared.settings.domain}'s Teeworld server!";
+    motd = "Welcome to ${config.mine.shared.settings.domain}'s Teeworld server!";
-      password = "XHDThcZGjBW8W4UGZ7bwYVbgPErJobuv";
+    environmentFile = config.age.secrets.teeworlds-env.path;
    password = "$TEEWORLDS_PASSWORD";
  };
  mine.shared.meta.teeworlds = {
    name = "Teeworlds";
-    description = ''We host our own Teeworlds instance. Connect using `nix-shell -p teeworlds --run 'teeworlds "connect teeworlds.fricloud.dk" "password ${config.services.teeworlds.password}"'`, the password is ${config.services.teeworlds.password}'';
+    description = ''We host our own Teeworlds instance. Connect using `nix-shell -p teeworlds --run 'teeworlds "connect teeworlds.fricloud.dk" "password {{secrets.TEEWORLDS_PASSWORD}}"'`, the password is {{secrets.TEEWORLDS_PASSWORD}}'';
    url = "";
    secrets.auth = config.age.secrets.teeworlds-env.path;
    package = let
      pkg = config.services.teeworlds.package;
    in {
--- a/secrets/default.nix
+++ b/secrets/default.nix
@ -24,6 +24,9 @@
    # forgejo
    forgejo-authelia-secret.file = ./forgejo/authelia-secret.age;
    # teeworlds
    teeworlds-env.file = ./teeworlds/env.age;
  };
  users.groups.secrets-lldap-bind-user-pass = {};
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -28,4 +28,7 @@ in
  # forgejo
  "forgejo/authelia-secret.age".publicKeys = defaultAccess;
  # teeworlds
  "teeworlds/env.age".publicKeys = defaultAccess;
 }
--- a/secrets/teeworlds/env.age
+++ b/secrets/teeworlds/env.age
@ -0,0 +1,10 @@
 age-encryption.org/v1
 -> ssh-ed25519 QSDXqg ntHsb1DKwiuswQq/BKhTw0mmvlnvanpPhjdY3lD4NWo
 uXVQHnjMlPBFPgbAB9oLARUMZ78EW15Kv7YgKXeL/YU
 -> ssh-ed25519 n8n9DQ BSnWJrmod7N8R0HxhDE+M/pycuTXzE2WsYzWAi846Ww
 G4c3sZ2holV5VBpPIibkfXXSW638uv26Cow2LFdEkLw
 -> ssh-ed25519 BTp6UA 0mA1o+wWla0IFOqaZNVNdgzOqc1fawUde9dqEUi4tws
 OGhqQu4ogpRo5jHZsYCyNb4VaQOfeKdOJpI8r8LcVVs
 --- /RpUgDJ08NIK80JCW+UhEODKdXBpkPchxetQuTpcH94
 âl©ÎY |-LX á@Gû[[ˆÆˆÈ;œO`ó.c‡ÚE#µJÅM]ÇzïK^ÎéJ…Ä{ÿh§½RAPvNî0¿¤³Gÿ'
 èu#¹Ú_é
--- a/shared/sources/default.nix
+++ b/shared/sources/default.nix
@ -4,4 +4,15 @@ let
  # declare pkgs from sources
  pkgs = import sources.nixpkgs { };
 in sources // {
  nixpkgs = pkgs.applyPatches {
    src = sources.nixpkgs;
    name = "nixpkgs-patched";
    patches = [
      # tmp teeworlds fetchpatch to inject secrets
      (pkgs.fetchpatch {
        url = "https://github.com/NixOS/nixpkgs/pull/334590.patch";
        sha256 = "sha256-5Uf/jLV0CJFbWyPmkpF4kEVISvoG+fujvTAFIR0a2ek=";
      })
    ];
  };
 }