From 4c9d337aa37aa31ef39030c7d788db926dcee980 Mon Sep 17 00:00:00 2001
From: Alexander Heldt <me@alexanderheldt.se>
Date: Fri, 27 Oct 2023 20:41:25 +0200
Subject: [PATCH] sombrero: Add secrets for `syncthing`

---
 hosts/sombrero/modules/syncthing/default.nix |  11 +++++++++--
 secrets/secrets.nix                          |   3 +++
 secrets/sombrero/syncthing-cert.age          | Bin 0 -> 1199 bytes
 secrets/sombrero/syncthing-key.age           | Bin 0 -> 691 bytes
 4 files changed, 12 insertions(+), 2 deletions(-)
 create mode 100644 secrets/sombrero/syncthing-cert.age
 create mode 100644 secrets/sombrero/syncthing-key.age

diff --git a/hosts/sombrero/modules/syncthing/default.nix b/hosts/sombrero/modules/syncthing/default.nix
index 9649045..a190816 100644
--- a/hosts/sombrero/modules/syncthing/default.nix
+++ b/hosts/sombrero/modules/syncthing/default.nix
@@ -27,8 +27,8 @@ in
 
         dataDir = "/home/alex/backup/sync";
 
-        cert = "/home/alex/backup/sync/hosts/sombrero/syncthing/cert.pem";
-        key = "/home/alex/backup/sync/hosts/sombrero/syncthing/key.pem";
+        cert = config.age.secrets.syncthing-cert.path;
+        key = config.age.secrets.syncthing-key.path;
 
         guiAddress = "0.0.0.0:8384";
 
@@ -144,5 +144,12 @@ in
         };
       };
     };
+
+    age = {
+      secrets = {
+        "syncthing-cert".file = ../../../../secrets/sombrero/syncthing-cert.age;
+        "syncthing-key".file = ../../../../secrets/sombrero/syncthing-key.age;
+      };
+  };
   };
 }
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 5dc4477..f6d6960 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -15,4 +15,7 @@ in {
   "pinwheel/netrc.age".publicKeys = [ pinwheel alex ];
   "pinwheel/work-ovpn.age".publicKeys = [ pinwheel alex ];
   "pinwheel/work-ovpn-userpass.age".publicKeys = [ pinwheel alex ];
+
+  "sombrero/syncthing-cert.age".publicKeys = [ sombrero alex ];
+  "sombrero/syncthing-key.age".publicKeys = [ sombrero alex ];
 }
diff --git a/secrets/sombrero/syncthing-cert.age b/secrets/sombrero/syncthing-cert.age
new file mode 100644
index 0000000000000000000000000000000000000000..899f9882cabc17364afb1995d435b0c627f6b3f2
GIT binary patch
literal 1199
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlt%%CWbyP@?%nk~v
z^7qN|Dor=d@T#aZNq2U!4EIfTEbvTniYP8EPj}JQkIeLOcI0vnx3rANFs=yoH!`UV
zHA@T+%PaRSiSls{)V3(jE-FaRaMU*T)-P~%jzqUDHCsE$JW#>C%FW!rFtbA6t136i
zEix)dKRY$O&?Ge_KULq^q}Vq<*f**yz%npA*q6&W$<M$z&&?py$H_I^+b}T4GOMC8
zzc9EUFCahPB*`t*(Zt*}H7eZItr%omLPE7^O>uCVZhBE_VsWZMl9rvVj%J2JoO!e^
zmsz%(kyCk@i$!^2R8p2#Kw6r!yLXOpdYGYEl97e8YnE|tuv1z=X0mH#SVW+YQFtJi
zuCA^^d8LoGrCUjXp|7#0V{TNLVXBX_fqqC@T9K(oxxQnrQ=(^KcvgvvwsAJs6UDXC
z3y*Sm@A`ButH{Odx!tF2`8{gh%1*{Mtf6<_uk}23_FhAC*87kp858$Tb?yA4e`(RB
zw;wncC9yx=5#Ka1cbb#2!=gW3+JC$<7G-v2&apl)`Onwnx=EXA54Ol9m0p)&O=$Dj
zc>98<%L<K-gcbfD%&MoC9GiLS@H&@??E74cWftuWyzf(*5ccT6>C>-sRGU7U96Igd
zvCwplrq`lVdtGO5KUy}uvsdcCLEB@Za(@1gGSyTyOiuod`)9QHaH6k#>kXk*Q#ZIB
z<~`>(<>3x{hn%%WXZ=N-gsYeJ#CB^}JpI-!|Jm%^!rX3$W1DA9Hjl|XSD@(sl~wn7
z%&GP(uK7kRn+@09{hfb#;~Llc2Lg3B(motsWtJ0ly2#dV!}3Q)*Cu&ZJ(AcMRPaUU
zlA!xk_jz~cFs^(cb;4l%RJXYXj5c*b>jFG4$BRp}Hn^mAun1ayzs}1dnPxs!CgGEt
z>Lw<EBS#r#?`O8!H>)|{yi~a4-M{T^U7tU2ZP(dk^)T_C@RJ?hORI!FF3Qu9$>08K
z%as|aI~8Pi@=3h9xAjo(%8I-UmW{sRA0=~sX)DgHJoE8>c+Hymy4N!AxaeQK5YlWX
zbFD7M{8`9li^@MY!{<*o_|L=KW}^I_DW6j%_DI9rwY~q}#6_@wzoUOqL{ho>vsP>4
zoySVE<!`Ys`8Gk)uKs*wX249Q8-0;33fHHo#n0Yc7T})|5D_{dKe{C7?&~=+T-K(l
zk&#b|_uP0ZYv9*vD9Pmb)=QXck?Kk*7q=*jM?XUDdl#-e{NLN|%&ocK)PgL#+}cuX
zIdgn!8#DjS+833b7?Z!D#zl3f0`r{XDl$q&RRKBH^4H21oLt_`-5!=H&{_A;=Sks`
zjI}B{3XQkk2-)56yP~gtr)RD6$4foCe>7MbZ`FKW({jaNnuGQO77e*iDMvP}U9kJ`
zyFmMm&mPHMUD0fz$G&0NiL66glgxKKx!YBL>*$r28lDHbBUCj{EA%fB+7WrrX+!k%
z@B;=+=cZLhWyv~aHCH@hzj^jw!9u;<fUcK{-`Xy^mfTk}IP!m?M9}F3j%^Y8Hyt-s
lNKA^G>yj?J=Uw6g-`jCXx=WjmOv>we78m8co28+;1^|KZ3HSg2

literal 0
HcmV?d00001

diff --git a/secrets/sombrero/syncthing-key.age b/secrets/sombrero/syncthing-key.age
new file mode 100644
index 0000000000000000000000000000000000000000..cdc5431b3ec8efcca3b28a3624c0fcef5bf9b7bd
GIT binary patch
literal 691
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlt%%CWbySFOHuExy
z%nx@;cP=t7uZT*_%6CrGcg@PK%Ff6RDJsm;FOM)V^^1yh3FWE`EzLGh&o++;b<Hg-
zvkVFjH}Q8VEZ6rci7K}&^b1V#EG-Ezi88NpcSW}?HCsE$JWwGq$FDNS)xaw~xxzWW
z#MeA6ASW=-%`Gq}s5s5bt<bm3)xyoKDkC$`Es)FE%rrN&JS;2IDc{e+DIg`%Inl((
zDLmPuDpEgF+bG1<*e%sH+0!G_2yC09gPo;AW}<F-QEFmwszP+2dzrI>oqb7Ss<vT-
zLT+kRu41vTf{r4WSD>YbL6xVccafv3Z<xNRg}-@ll2M6ErmMS?yQ_(DNwASVm#(g^
zLP2?9hIUFyQE+6bMOCOzk)f-(e`rxuPF_StTB&n#PL@HEQ%Y*7lUs=+*W~0y0ToMs
z<;Yd!1kZ22yV&}h&TXlWNhhz{ZBg5$X};!jTBI{imuLjXuL*v)+YUbZzg=P9{a=6i
zV|?a47h3)(jG<k>o_$Io>sN*=J3d$JSh;V`<f3QCCtmD5`#D6uJWF=A$o*7b-@Q9~
zh0OR@b}+Yv@afInGWp$-v*F)jq}UHOY2GO5Ke*W=Xxf#}A=wQoMJ!(C>n&C;zTdiY
z*^}8HViy)>$e%4z<#}AP<=A<Rp!Or@8|_l_cDVXoX`UfbTQAD_&E$#oH1%e~TmiLh
z9LHV=|Bd~pR{ZY+OVaJ*_HU-8Y}_wf5<BxLPwvXo*RSO6OubWl+`azouji($6Sdjw
z%ug(i%b595#){wm^kV(ipQpYE*j-%0;$!ym@6CPvD)!C_-CIO{zIs1-+4PC~#eRGh
Ye9m_6c_T;P)>(gxPj=;KT#Zx!06A(I)c^nh

literal 0
HcmV?d00001