summaryrefslogtreecommitdiffstats
path: root/tv/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'tv/2configs')
-rw-r--r--tv/2configs/binary-cache/default.nix2
-rw-r--r--tv/2configs/default.nix6
-rw-r--r--tv/2configs/gitrepos.nix4
-rw-r--r--tv/2configs/initrd/sshd.nix2
-rw-r--r--tv/2configs/ppp.nix2
-rw-r--r--tv/2configs/wiregrill.nix2
6 files changed, 10 insertions, 8 deletions
diff --git a/tv/2configs/binary-cache/default.nix b/tv/2configs/binary-cache/default.nix
index 66d740715..5b4e75107 100644
--- a/tv/2configs/binary-cache/default.nix
+++ b/tv/2configs/binary-cache/default.nix
@@ -11,7 +11,7 @@
services.nix-serve = {
enable = true;
- secretKeyFile = toString <secrets> + "/nix-serve.key";
+ secretKeyFile = "${config.krebs.secret.directory}/nix-serve.key";
};
services.nginx = {
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index a8d840c15..91aad54cf 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -10,7 +10,6 @@ with import ./lib;
networking.hostName = config.krebs.build.host.name;
imports = [
- <secrets>
./backup.nix
./bash
./htop.nix
@@ -28,6 +27,11 @@ with import ./lib;
defaultUserShell = "/run/current-system/sw/bin/bash";
mutableUsers = false;
users = {
+ root = {
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.tv.pubkey
+ ];
+ };
tv = {
inherit (config.krebs.users.tv) home uid;
isNormalUser = true;
diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index 58dffe6a6..102d264b6 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -178,9 +178,7 @@ with import ./lib;
'';
};
};
- } //
- # TODO don't put secrets/repos.nix into the store
- import <secrets/repos.nix> { inherit config lib pkgs; }
+ }
);
irc-announce = args: pkgs.git-hooks.irc-announce (recursiveUpdate {
diff --git a/tv/2configs/initrd/sshd.nix b/tv/2configs/initrd/sshd.nix
index eff848074..d7264f073 100644
--- a/tv/2configs/initrd/sshd.nix
+++ b/tv/2configs/initrd/sshd.nix
@@ -12,6 +12,6 @@
ignoreEmptyHostKeys = true;
};
boot.initrd.secrets = {
- "/etc/ssh/ssh_host_rsa_key" = <secrets/initrd/ssh_host_rsa_key>;
+ "/etc/ssh/ssh_host_rsa_key" = "${config.krebs.secret.directory}/initrd/ssh_host_rsa_key";
};
}
diff --git a/tv/2configs/ppp.nix b/tv/2configs/ppp.nix
index 24d2831c4..b3ae4da89 100644
--- a/tv/2configs/ppp.nix
+++ b/tv/2configs/ppp.nix
@@ -1,7 +1,7 @@
with import ./lib;
{ config, pkgs, ... }: let
cfg = {
- pin = "@${toString <secrets/o2.pin>}";
+ pin = "@${config.krebs.secret.directory}/o2.pin";
ttys.ppp = "/dev/ttyACM0";
ttys.com = "/dev/ttyACM1";
};
diff --git a/tv/2configs/wiregrill.nix b/tv/2configs/wiregrill.nix
index edf65e979..cace01a6b 100644
--- a/tv/2configs/wiregrill.nix
+++ b/tv/2configs/wiregrill.nix
@@ -12,7 +12,7 @@ in
optional (cfg.net.ip4 != null) cfg.net.ip4.addr ++
optional (cfg.net.ip6 != null) cfg.net.ip6.addr;
listenPort = 51820;
- privateKeyFile = (toString <secrets>) + "/wiregrill.key";
+ privateKeyFile = "${config.krebs.secret.directory}/wiregrill.key";
allowedIPsAsRoutes = true;
peers = mapAttrsToList
(_: host: {