gerd.teeworlds: add secrets patch + secrets

2024-08-14 12:24:04 +02:00 · 2024-08-14 12:24:04 +02:00 · 0c47c0cbe6
commit 0c47c0cbe6
parent 87f69b6f5a
5 changed files with 35 additions and 5 deletions
--- a/machines/gerd/services/teeworlds.nix
+++ b/machines/gerd/services/teeworlds.nix
@ -2,19 +2,22 @@

 {
  services.teeworlds = {
-      enable = true;
-      openPorts = true;
+    enable = true;
+    openPorts = true;

-      motd = "Welcome to ${config.mine.shared.settings.domain}'s Teeworld server!";
+    motd = "Welcome to ${config.mine.shared.settings.domain}'s Teeworld server!";

-      password = "XHDThcZGjBW8W4UGZ7bwYVbgPErJobuv";
+    environmentFile = config.age.secrets.teeworlds-env.path;
+    password = "$TEEWORLDS_PASSWORD";
  };

  mine.shared.meta.teeworlds = {
    name = "Teeworlds";
-    description = ''We host our own Teeworlds instance. Connect using `nix-shell -p teeworlds --run 'teeworlds "connect teeworlds.fricloud.dk" "password ${config.services.teeworlds.password}"'`, the password is ${config.services.teeworlds.password}'';
+    description = ''We host our own Teeworlds instance. Connect using `nix-shell -p teeworlds --run 'teeworlds "connect teeworlds.fricloud.dk" "password {{secrets.TEEWORLDS_PASSWORD}}"'`, the password is {{secrets.TEEWORLDS_PASSWORD}}'';
    url = "";

+    secrets.auth = config.age.secrets.teeworlds-env.path;
+
    package = let
      pkg = config.services.teeworlds.package;
    in {
--- a/secrets/default.nix
+++ b/secrets/default.nix
@ -24,6 +24,9 @@

    # forgejo
    forgejo-authelia-secret.file = ./forgejo/authelia-secret.age;
+
+    # teeworlds
+    teeworlds-env.file = ./teeworlds/env.age;
  };

  users.groups.secrets-lldap-bind-user-pass = {};
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -28,4 +28,7 @@ in

  # forgejo
  "forgejo/authelia-secret.age".publicKeys = defaultAccess;
+
+  # teeworlds
+  "teeworlds/env.age".publicKeys = defaultAccess;
 }
--- a/secrets/teeworlds/env.age
+++ b/secrets/teeworlds/env.age
@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 QSDXqg ntHsb1DKwiuswQq/BKhTw0mmvlnvanpPhjdY3lD4NWo
+uXVQHnjMlPBFPgbAB9oLARUMZ78EW15Kv7YgKXeL/YU
+-> ssh-ed25519 n8n9DQ BSnWJrmod7N8R0HxhDE+M/pycuTXzE2WsYzWAi846Ww
+G4c3sZ2holV5VBpPIibkfXXSW638uv26Cow2LFdEkLw
+-> ssh-ed25519 BTp6UA 0mA1o+wWla0IFOqaZNVNdgzOqc1fawUde9dqEUi4tws
+OGhqQu4ogpRo5jHZsYCyNb4VaQOfeKdOJpI8r8LcVVs
+--- /RpUgDJ08NIK80JCW+UhEODKdXBpkPchxetQuTpcH94
+âl©ÎY |-LX á@Gû[[ˆÆˆÈ;œO`ó.c‡ÚE#µJÅM]ÇzïK^ÎéJ…Ä{ÿh§½RAPvNî0¿¤³Gÿ'
+èu#¹Ú_é
--- a/shared/sources/default.nix
+++ b/shared/sources/default.nix
@ -4,4 +4,15 @@ let
  # declare pkgs from sources
  pkgs = import sources.nixpkgs { };
 in sources // {
+  nixpkgs = pkgs.applyPatches {
+    src = sources.nixpkgs;
+    name = "nixpkgs-patched";
+    patches = [
+      # tmp teeworlds fetchpatch to inject secrets
+      (pkgs.fetchpatch {
+        url = "https://github.com/NixOS/nixpkgs/pull/334590.patch";
+        sha256 = "sha256-5Uf/jLV0CJFbWyPmkpF4kEVISvoG+fujvTAFIR0a2ek=";
+      })
+    ];
+  };
 }