From a1a79dab66eda6ab1e1af0e5658cc5659ceb0028 Mon Sep 17 00:00:00 2001 From: Alexander Heldt Date: Sat, 11 May 2024 16:34:55 +0200 Subject: [PATCH] sombrero: Update `syncthing` password --- hosts/sombrero/modules/syncthing/default.nix | 17 ++++++++++------- secrets/secrets.nix | 1 + secrets/sombrero/syncthing-password.age | 7 +++++++ 3 files changed, 18 insertions(+), 7 deletions(-) create mode 100644 secrets/sombrero/syncthing-password.age diff --git a/hosts/sombrero/modules/syncthing/default.nix b/hosts/sombrero/modules/syncthing/default.nix index 4d1dd2d..dfe92b2 100644 --- a/hosts/sombrero/modules/syncthing/default.nix +++ b/hosts/sombrero/modules/syncthing/default.nix @@ -1,4 +1,4 @@ -{ lib, config, ... }: +{ pkgs, lib, config, ... }: let enabled = config.mod.syncthing.enable; nginxEnabled = config.mod.nginx.enable; @@ -33,12 +33,10 @@ in guiAddress = "0.0.0.0:8384"; settings = { - extraOptions = { - gui = { - user = "syncthing"; - password = "CBLPEBrHoGPOnfdZtLibnSAaPAALXfSU"; - insecureSkipHostcheck = false; - }; + gui = { + user = "syncthing"; + password = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.syncthing-password.path})"; + insecureSkipHostcheck = false; }; devices = { @@ -137,6 +135,11 @@ in secrets = { "syncthing-cert".file = ../../../../secrets/sombrero/syncthing-cert.age; "syncthing-key".file = ../../../../secrets/sombrero/syncthing-key.age; + "syncthing-password" = { + file = ../../../../secrets/sombrero/syncthing-password.age; + owner = "alex"; + group = "users"; + }; }; }; }; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index a6d330f..fee8086 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -23,6 +23,7 @@ in { "sombrero/syncthing-cert.age".publicKeys = [ sombrero alex ]; "sombrero/syncthing-key.age".publicKeys = [ sombrero alex ]; + "sombrero/syncthing-password.age".publicKeys = [ sombrero alex ]; "sombrero/alex.sombrero-github.com.age".publicKeys = [ sombrero alex ]; "sombrero/alex.sombrero-github.com.pub.age".publicKeys = [ sombrero alex ]; "pinwheel/alex.sombrero-codeberg.org.age".publicKeys = [ sombrero alex ]; diff --git a/secrets/sombrero/syncthing-password.age b/secrets/sombrero/syncthing-password.age new file mode 100644 index 0000000..53c9568 --- /dev/null +++ b/secrets/sombrero/syncthing-password.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 MxZlmA nx1zNgQ2P8plL9XugoiAFWj/7NsYhDNoDSi7GJ6lrl0 +EBKUnHWTO4aLOoL35ksxkeYrlePsvbLGWVVY3IwV5qc +-> ssh-ed25519 ek+b7Q NDyCYRFhUMbl9IlDLPFvosUV7D3PEGJvNUgn0xEPg3E +eGRiqeLIZOF/1m/IdoaxOlbxXcn/JI6+NQI2M/GbX5I +--- Wz6fzhu7i3Ga3+n2dznjPXOQBGOgBosDARijldd3YcQ +¦?2V0F¼Îøv_¶=ò<Ž‹¨SÚB¥ i6ïzCÏ “ß8˜“?äD¤´Õµ‹Q \ No newline at end of file