feat(LOTS): this needs work

2025-09-07 20:25:59 +02:00
parent b8cd4cd16c
commit 764b5bb944
7 changed files with 63 additions and 7 deletions
--- a/hosts/ziggy/server.nix
+++ b/hosts/ziggy/server.nix
@@ -3,7 +3,7 @@
  server = {
    enable = true;
    email = "adam@cnst.dev";
-    domain = "cnix.dev";
+    domain = "ziggy.local";
    user = "share";
    group = "share";
    uid = 974;
--- a/modules/nixos/services/agenix/default.nix
+++ b/modules/nixos/services/agenix/default.nix
@@ -84,8 +84,8 @@ in
      })
      (mkIf cfg.ziggy.enable {
        secrets = {
-          cloudflareDnsCredentials.file = "${self}/secrets/cloudflareDnsCredentials.age";
+          cloudflareDnsCredentialsZiggy.file = "${self}/secrets/cloudflareDnsCredentialsZiggy.age";
-          pihole.file = "${self}/secrets/pihole.age";
+          piholeZiggy.file = "${self}/secrets/piholeZiggy.age";
        };
      })
      (mkIf cfg.toothpc.enable {
--- a/modules/server/caddy/default.nix
+++ b/modules/server/caddy/default.nix
@@ -6,6 +6,15 @@
 let
  inherit (lib) mkIf mkEnableOption;
  cfg = config.server.caddy;
  getCloudflareCredentials =
    hostname:
    if hostname == "ziggy" then
      config.age.secrets.cloudflareDnsCredentialsZiggy.path
    else if hostname == "sobotka" then
      config.age.secrets.cloudflareDnsCredentials.path
    else
      throw "Unknown hostname: ${hostname}";
  in      
 {
  options = {
@@ -34,7 +43,7 @@ in
        dnsResolver = "1.1.1.1:53";
        dnsPropagationCheck = true;
        group = config.services.caddy.group;
-        environmentFile = config.age.secrets.cloudflareDnsCredentials.path;
+        environmentFile = getCloudflareCredentials config.networking.hostName;
      };
    };
--- a/modules/server/podman/default.nix
+++ b/modules/server/podman/default.nix
@@ -6,6 +6,23 @@
 let
  srv = config.server;
  cfg = config.server.podman;
  piholeUrl =
  if config.networking.hostName == "sobotka" then
  "pihole0"
  else if config.networking.hostName == "ziggy" then
  "pihole1"
  else
    throw "Unknown hostname";
    getPiholeSecret =
    hostname:
    if hostname == "ziggy" then
      [ config.age.secrets.piholeZiggy.path ]
    else if hostname == "sobotka" then
      [ config.age.secrets.pihole.path ]
    else
      throw "Unknown hostname: ${hostname}";
 in
 {
  options.server.podman = {
@@ -80,7 +97,7 @@ in
      };
      url = lib.mkOption {
        type = lib.types.str;
-        default = "pihole.${srv.domain}";
+        default = "${piholeUrl}.${srv.domain}";
      };
      homepage.name = lib.mkOption {
        type = lib.types.str;
@@ -259,7 +276,7 @@ in
            # REV_SERVER = "true";
            WEBTHEME = "default-darker";
          };
-          environmentFiles = [ config.age.secrets.pihole.path ];
+          environmentFiles = getPiholeSecret config.networking.hostName;
          ports = [
            "53:53/tcp"
            "53:53/udp"
--- a/secrets/cloudflareDnsCredentialsZiggy.age
+++ b/secrets/cloudflareDnsCredentialsZiggy.age
@@ -0,0 +1,11 @@
 age-encryption.org/v1
 -> ssh-ed25519 t9iOEg fwIUYbDh7BaGI5buakqKNguBGdaeguynjERtCCYOHyA
 YslX0C87abUC0nH6cmbHvloCPYt1udj8s2PBjLxV3ZM
 -> ssh-ed25519 KUYMFA j4/66I7oCc8xQKyYm60sM+0+Mu5OELuiRksr9LWewlc
 43W5+fmguuSFlX1W+roPBCgeM1yOi4gVLCWa4Kd0cb4
 -> ssh-ed25519 AzmhiA Lpm6W5/SgSwut7avMWgnxoEw0mo5sj9LmtvSc+SxxAo
 lV3YELHkUtMWG+pM6y69nHhY6eD1YoeQQRzE71EL+KE
 -> ssh-ed25519 qWEgFA pGLL8o6p5NGJgBbsdsto2Qp/aY62I4NrsLbmH3Dn60U
 1rrZxG7F4EuP4CTEyayE52MbrEKoP2YUR3mBxExdp0Y
 --- wvP3mMfgsNqU9QfuTSlIIhkcdTC60m7tQbWca2sALSY
 <EFBFBD><EFBFBD>&"<22><>rR|<7C><><EFBFBD>qxJX<4A>!J<>$&<26>|<7C><><EFBFBD><EFBFBD>j<EFBFBD><6A>3<EFBFBD>+2whdx<64>'<27><><15><>9<EFBFBD><39>KA<4B><41>*èůk<C5AF><6B>"<22><>~<7E><1D>+<2B><>I<EFBFBD>:<3A><><EFBFBD><EFBFBD><Dڷ<44>
--- a/secrets/piholeZiggy.age
+++ b/secrets/piholeZiggy.age
@@ -0,0 +1,11 @@
 age-encryption.org/v1
 -> ssh-ed25519 t9iOEg odEjwn/Rp//iANPIp/x1dM+4f84awTifdapQjG7sHWM
 X6oQZFRcB5msBA3SSJYbG2ewNR9J9GvuFFDjuyL8JR0
 -> ssh-ed25519 KUYMFA /sXDDI7YLp9pccIO8ZfkdmJbOk+YzLzs0gvPMLkC3XQ
 wAQ0zeCVl2Soj2nl5xvMN5QewdQ7gtbqFGMeeL/h3w8
 -> ssh-ed25519 AzmhiA OFEbMVrV7Y64x7/yL2JtxaljmrKs993zI/z39EdrXGo
 P5Rqcf6CnYhOFGrSfbWYy3Y/84+fJqBA3UEBKWh/vFo
 -> ssh-ed25519 qWEgFA WItETWlsJL/rHg1N3RRp/DbPYSDt0RVi68orXQbKSWk
 mS28E5rQ6ytyMO34JWPe1u0mmZ889++pUU5USCkXqfE
 --- WnId1RrJWwe6eqprrcaDNpYH/xVgA9MVU3Xl+qb027A
 <EFBFBD>6<EFBFBD>)$<24><><EFBFBD><EFBFBD><EFBFBD>%<25>"<22>y<EFBFBD><79><08>mxs<^<5E>z+,V<>|<7C>{Gc<><63>-<2D><><0B>j<EFBFBD><6A><EFBFBD>r<>~<03><><EFBFBD>-<2D>k<EFBFBD>V<EFBFBD><56><EFBFBD><EFBFBD><EFBFBD>3<EFBFBD><33>	<09>p<EFBFBD>(&:<3A>Q<><51><EFBFBD><EFBFBD>'|RPB<50>
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -72,6 +72,10 @@ in
    kima
    usobotka
    rsobotka
  ];
  "cloudflareDnsCredentialsZiggy.age".publicKeys = [
    cnst
    kima
    uziggy
    rziggy
  ];
@@ -98,6 +102,10 @@ in
    kima
    usobotka
    rsobotka
  ];
   "piholeZiggy.age".publicKeys = [
    cnst
    kima
    uziggy
    rziggy
  ];