feat(LOTS): this needs work

2025-09-07 20:25:59 +02:00
parent b8cd4cd16c
commit 764b5bb944
7 changed files with 63 additions and 7 deletions
--- a/hosts/ziggy/server.nix
+++ b/hosts/ziggy/server.nix
@@ -3,7 +3,7 @@
  server = {
    enable = true;
    email = "adam@cnst.dev";
-    domain = "cnix.dev";
+    domain = "ziggy.local";
    user = "share";
    group = "share";
    uid = 974;
--- a/modules/nixos/services/agenix/default.nix
+++ b/modules/nixos/services/agenix/default.nix
@@ -84,8 +84,8 @@ in
      })
      (mkIf cfg.ziggy.enable {
        secrets = {
-          cloudflareDnsCredentials.file = "${self}/secrets/cloudflareDnsCredentials.age";
-          pihole.file = "${self}/secrets/pihole.age";
+          cloudflareDnsCredentialsZiggy.file = "${self}/secrets/cloudflareDnsCredentialsZiggy.age";
+          piholeZiggy.file = "${self}/secrets/piholeZiggy.age";
        };
      })
      (mkIf cfg.toothpc.enable {
--- a/modules/server/caddy/default.nix
+++ b/modules/server/caddy/default.nix
@@ -6,6 +6,15 @@
 let
  inherit (lib) mkIf mkEnableOption;
  cfg = config.server.caddy;
+
+  getCloudflareCredentials =
+    hostname:
+    if hostname == "ziggy" then
+      config.age.secrets.cloudflareDnsCredentialsZiggy.path
+    else if hostname == "sobotka" then
+      config.age.secrets.cloudflareDnsCredentials.path
+    else
+      throw "Unknown hostname: ${hostname}";
  in      
 {
  options = {
@@ -34,7 +43,7 @@ in
        dnsResolver = "1.1.1.1:53";
        dnsPropagationCheck = true;
        group = config.services.caddy.group;
-        environmentFile = config.age.secrets.cloudflareDnsCredentials.path;
+        environmentFile = getCloudflareCredentials config.networking.hostName;
      };
    };

--- a/modules/server/podman/default.nix
+++ b/modules/server/podman/default.nix
@@ -6,6 +6,23 @@
 let
  srv = config.server;
  cfg = config.server.podman;
+  
+  piholeUrl =
+  if config.networking.hostName == "sobotka" then
+  "pihole0"
+  else if config.networking.hostName == "ziggy" then
+  "pihole1"
+  else
+    throw "Unknown hostname";
+
+    getPiholeSecret =
+    hostname:
+    if hostname == "ziggy" then
+      [ config.age.secrets.piholeZiggy.path ]
+    else if hostname == "sobotka" then
+      [ config.age.secrets.pihole.path ]
+    else
+      throw "Unknown hostname: ${hostname}";
 in
 {
  options.server.podman = {
@@ -80,7 +97,7 @@ in
      };
      url = lib.mkOption {
        type = lib.types.str;
-        default = "pihole.${srv.domain}";
+        default = "${piholeUrl}.${srv.domain}";
      };
      homepage.name = lib.mkOption {
        type = lib.types.str;
@@ -259,7 +276,7 @@ in
            # REV_SERVER = "true";
            WEBTHEME = "default-darker";
          };
-          environmentFiles = [ config.age.secrets.pihole.path ];
+          environmentFiles = getPiholeSecret config.networking.hostName;
          ports = [
            "53:53/tcp"
            "53:53/udp"
--- a/secrets/cloudflareDnsCredentialsZiggy.age
+++ b/secrets/cloudflareDnsCredentialsZiggy.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 t9iOEg fwIUYbDh7BaGI5buakqKNguBGdaeguynjERtCCYOHyA
+YslX0C87abUC0nH6cmbHvloCPYt1udj8s2PBjLxV3ZM
+-> ssh-ed25519 KUYMFA j4/66I7oCc8xQKyYm60sM+0+Mu5OELuiRksr9LWewlc
+43W5+fmguuSFlX1W+roPBCgeM1yOi4gVLCWa4Kd0cb4
+-> ssh-ed25519 AzmhiA Lpm6W5/SgSwut7avMWgnxoEw0mo5sj9LmtvSc+SxxAo
+lV3YELHkUtMWG+pM6y69nHhY6eD1YoeQQRzE71EL+KE
+-> ssh-ed25519 qWEgFA pGLL8o6p5NGJgBbsdsto2Qp/aY62I4NrsLbmH3Dn60U
+1rrZxG7F4EuP4CTEyayE52MbrEKoP2YUR3mBxExdp0Y
+--- wvP3mMfgsNqU9QfuTSlIIhkcdTC60m7tQbWca2sALSY
+<EFBFBD><EFBFBD>&"<22><>rR|<7C><><EFBFBD>qxJX<4A>!J<>$&<26>|<7C><><EFBFBD><EFBFBD>j<EFBFBD><6A>3<EFBFBD>+2whdx<64>'<27><><15><>9<EFBFBD><39>KA<4B><41>*èůk<C5AF><6B>"<22><>~<7E><1D>+<2B><>I<EFBFBD>:<3A><><EFBFBD><EFBFBD><Dڷ<44>
--- a/secrets/piholeZiggy.age
+++ b/secrets/piholeZiggy.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 t9iOEg odEjwn/Rp//iANPIp/x1dM+4f84awTifdapQjG7sHWM
+X6oQZFRcB5msBA3SSJYbG2ewNR9J9GvuFFDjuyL8JR0
+-> ssh-ed25519 KUYMFA /sXDDI7YLp9pccIO8ZfkdmJbOk+YzLzs0gvPMLkC3XQ
+wAQ0zeCVl2Soj2nl5xvMN5QewdQ7gtbqFGMeeL/h3w8
+-> ssh-ed25519 AzmhiA OFEbMVrV7Y64x7/yL2JtxaljmrKs993zI/z39EdrXGo
+P5Rqcf6CnYhOFGrSfbWYy3Y/84+fJqBA3UEBKWh/vFo
+-> ssh-ed25519 qWEgFA WItETWlsJL/rHg1N3RRp/DbPYSDt0RVi68orXQbKSWk
+mS28E5rQ6ytyMO34JWPe1u0mmZ889++pUU5USCkXqfE
+--- WnId1RrJWwe6eqprrcaDNpYH/xVgA9MVU3Xl+qb027A
+<EFBFBD>6<EFBFBD>)$<24><><EFBFBD><EFBFBD><EFBFBD>%<25>"<22>y<EFBFBD><79><08>mxs<^<5E>z+,V<>|<7C>{Gc<><63>-<2D><><0B>j<EFBFBD><6A><EFBFBD>r<>~<03><><EFBFBD>-<2D>k<EFBFBD>V<EFBFBD><56><EFBFBD><EFBFBD><EFBFBD>3<EFBFBD><33>	<09>p<EFBFBD>(&:<3A>Q<><51><EFBFBD><EFBFBD>'|RPB<50>
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -72,6 +72,10 @@ in
    kima
    usobotka
    rsobotka
+  ];
+  "cloudflareDnsCredentialsZiggy.age".publicKeys = [
+    cnst
+    kima
    uziggy
    rziggy
  ];
@@ -98,6 +102,10 @@ in
    kima
    usobotka
    rsobotka
+  ];
+   "piholeZiggy.age".publicKeys = [
+    cnst
+    kima
    uziggy
    rziggy
  ];