diff options
Diffstat (limited to 'tv/2configs')
-rw-r--r-- | tv/2configs/binary-cache/default.nix | 2 | ||||
-rw-r--r-- | tv/2configs/default.nix | 6 | ||||
-rw-r--r-- | tv/2configs/gitrepos.nix | 4 | ||||
-rw-r--r-- | tv/2configs/initrd/sshd.nix | 2 | ||||
-rw-r--r-- | tv/2configs/ppp.nix | 2 | ||||
-rw-r--r-- | tv/2configs/wiregrill.nix | 2 |
6 files changed, 10 insertions, 8 deletions
diff --git a/tv/2configs/binary-cache/default.nix b/tv/2configs/binary-cache/default.nix index 66d740715..5b4e75107 100644 --- a/tv/2configs/binary-cache/default.nix +++ b/tv/2configs/binary-cache/default.nix @@ -11,7 +11,7 @@ services.nix-serve = { enable = true; - secretKeyFile = toString <secrets> + "/nix-serve.key"; + secretKeyFile = "${config.krebs.secret.directory}/nix-serve.key"; }; services.nginx = { diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index a8d840c15..91aad54cf 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -10,7 +10,6 @@ with import ./lib; networking.hostName = config.krebs.build.host.name; imports = [ - <secrets> ./backup.nix ./bash ./htop.nix @@ -28,6 +27,11 @@ with import ./lib; defaultUserShell = "/run/current-system/sw/bin/bash"; mutableUsers = false; users = { + root = { + openssh.authorizedKeys.keys = [ + config.krebs.users.tv.pubkey + ]; + }; tv = { inherit (config.krebs.users.tv) home uid; isNormalUser = true; diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 58dffe6a6..102d264b6 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -178,9 +178,7 @@ with import ./lib; ''; }; }; - } // - # TODO don't put secrets/repos.nix into the store - import <secrets/repos.nix> { inherit config lib pkgs; } + } ); irc-announce = args: pkgs.git-hooks.irc-announce (recursiveUpdate { diff --git a/tv/2configs/initrd/sshd.nix b/tv/2configs/initrd/sshd.nix index eff848074..d7264f073 100644 --- a/tv/2configs/initrd/sshd.nix +++ b/tv/2configs/initrd/sshd.nix @@ -12,6 +12,6 @@ ignoreEmptyHostKeys = true; }; boot.initrd.secrets = { - "/etc/ssh/ssh_host_rsa_key" = <secrets/initrd/ssh_host_rsa_key>; + "/etc/ssh/ssh_host_rsa_key" = "${config.krebs.secret.directory}/initrd/ssh_host_rsa_key"; }; } diff --git a/tv/2configs/ppp.nix b/tv/2configs/ppp.nix index 24d2831c4..b3ae4da89 100644 --- a/tv/2configs/ppp.nix +++ b/tv/2configs/ppp.nix @@ -1,7 +1,7 @@ with import ./lib; { config, pkgs, ... }: let cfg = { - pin = "@${toString <secrets/o2.pin>}"; + pin = "@${config.krebs.secret.directory}/o2.pin"; ttys.ppp = "/dev/ttyACM0"; ttys.com = "/dev/ttyACM1"; }; diff --git a/tv/2configs/wiregrill.nix b/tv/2configs/wiregrill.nix index edf65e979..cace01a6b 100644 --- a/tv/2configs/wiregrill.nix +++ b/tv/2configs/wiregrill.nix @@ -12,7 +12,7 @@ in optional (cfg.net.ip4 != null) cfg.net.ip4.addr ++ optional (cfg.net.ip6 != null) cfg.net.ip6.addr; listenPort = 51820; - privateKeyFile = (toString <secrets>) + "/wiregrill.key"; + privateKeyFile = "${config.krebs.secret.directory}/wiregrill.key"; allowedIPsAsRoutes = true; peers = mapAttrsToList (_: host: { |