diff --git a/agenix.nix b/agenix.nix index ed9b4e4..c8acf14 100644 --- a/agenix.nix +++ b/agenix.nix @@ -10,8 +10,4 @@ in { "secrets/matrix-macaroon.age".publicKeys = [ server jet ]; "secrets/ntfy-admin-hash.age".publicKeys = [ server jet ]; "secrets/mymx-webhook.age".publicKeys = [ server jet ]; - "secrets/noisebell-pi-api-key.age".publicKeys = [ server jet ]; - "secrets/noisebell-inbound-api-key.age".publicKeys = [ server jet ]; - "secrets/noisebell-discord-token.age".publicKeys = [ server jet ]; - "secrets/noisebell-discord-webhook-secret.age".publicKeys = [ server jet ]; } diff --git a/flake.lock b/flake.lock index e2c5d10..1966546 100644 --- a/flake.lock +++ b/flake.lock @@ -23,7 +23,46 @@ "type": "github" } }, + "agenix_2": { + "inputs": { + "darwin": "darwin_2", + "home-manager": "home-manager_2", + "nixpkgs": [ + "noisebell", + "nixpkgs" + ], + "systems": "systems_2" + }, + "locked": { + "lastModified": 1770165109, + "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", + "owner": "ryantm", + "repo": "agenix", + "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "crane": { + "locked": { + "lastModified": 1773189535, + "narHash": "sha256-E1G/Or6MWeP+L6mpQ0iTFLpzSzlpGrITfU2220Gq47g=", + "owner": "ipetkov", + "repo": "crane", + "rev": "6fa2fb4cf4a89ba49fc9dd5a3eb6cde99d388269", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_2": { "locked": { "lastModified": 1773115265, "narHash": "sha256-5fDkKTYEgue2klksd52WvcXfZdY1EIlbk0QggAwpFog=", @@ -60,6 +99,29 @@ "type": "github" } }, + "darwin_2": { + "inputs": { + "nixpkgs": [ + "noisebell", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -82,7 +144,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1731533236, @@ -119,6 +181,28 @@ "type": "github" } }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "noisebell", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "mymx": { "inputs": { "nixpkgs": [ @@ -157,6 +241,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1773646010, + "narHash": "sha256-iYrs97hS7p5u4lQzuNWzuALGIOdkPXvjz7bviiBjUu8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5b2c2d84341b2afb5647081c1386a80d7a8d8605", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1744536153, "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", @@ -174,28 +274,66 @@ }, "noisebell": { "inputs": { - "crane": "crane", + "agenix": "agenix_2", "nixpkgs": [ "nixpkgs" ], - "rust-overlay": "rust-overlay_2" + "pi-service": "pi-service", + "remote": "remote" }, "locked": { - "dir": "remote", - "lastModified": 1773729127, - "narHash": "sha256-KwxwZGlTHOZCCY+pDhwmluZctCSD7tFes87LWQ8h1Sg=", + "lastModified": 1773745186, + "narHash": "sha256-rxNWtNXvdzLQYAV3Wz6DQIg81Ax0aIgOYBW4KoLALIU=", "ref": "refs/heads/main", - "rev": "dc7b8cbaddc6a44aa05b2d3f7c42dc98dd24f060", - "revCount": 30, + "rev": "9ecac57275f3e8140e8919ad1284f1ec3821551c", + "revCount": 36, "type": "git", "url": "https://git.extremist.software/jet/noisebell" }, "original": { - "dir": "remote", "type": "git", "url": "https://git.extremist.software/jet/noisebell" } }, + "pi-service": { + "inputs": { + "crane": "crane", + "nixpkgs": "nixpkgs_2", + "rust-overlay": "rust-overlay_2" + }, + "locked": { + "path": "./pi/pi-service", + "type": "path" + }, + "original": { + "path": "./pi/pi-service", + "type": "path" + }, + "parent": [ + "noisebell" + ] + }, + "remote": { + "inputs": { + "crane": "crane_2", + "nixpkgs": [ + "noisebell", + "nixpkgs" + ], + "rust-overlay": "rust-overlay_3" + }, + "locked": { + "path": "./remote", + "type": "path" + }, + "original": { + "path": "./remote", + "type": "path" + }, + "parent": [ + "noisebell" + ] + }, "root": { "inputs": { "agenix": "agenix", @@ -231,6 +369,29 @@ "inputs": { "nixpkgs": [ "noisebell", + "pi-service", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1773716879, + "narHash": "sha256-vXCTasEzzTTd0ZGEuyle20H2hjRom66JeNr7i2ktHD0=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "1a9ddeb45c5751b800331363703641b84d1f41f0", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_3": { + "inputs": { + "nixpkgs": [ + "noisebell", + "remote", "nixpkgs" ] }, @@ -248,9 +409,9 @@ "type": "github" } }, - "rust-overlay_3": { + "rust-overlay_4": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1772679930, @@ -296,13 +457,28 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "website": { "inputs": { "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ], - "rust-overlay": "rust-overlay_3" + "rust-overlay": "rust-overlay_4" }, "locked": { "lastModified": 1773122265, diff --git a/flake.nix b/flake.nix index 4bc1c11..8736f96 100644 --- a/flake.nix +++ b/flake.nix @@ -13,7 +13,7 @@ website.url = "git+https://git.extremist.software/jet/website"; website.inputs.nixpkgs.follows = "nixpkgs"; - noisebell.url = "git+https://git.extremist.software/jet/noisebell?dir=remote"; + noisebell.url = "git+https://git.extremist.software/jet/noisebell"; noisebell.inputs.nixpkgs.follows = "nixpkgs"; agenix.url = "github:ryantm/agenix"; diff --git a/modules/noisebell.nix b/modules/noisebell.nix index efcbca5..5e08454 100644 --- a/modules/noisebell.nix +++ b/modules/noisebell.nix @@ -1,27 +1,27 @@ -{ config, ... }: +{ config, inputs, ... }: { users.groups.noisebell = {}; users.users.noisebell-cache.extraGroups = [ "noisebell" ]; users.users.noisebell-discord.extraGroups = [ "noisebell" ]; - age.secrets.noisebell-pi-api-key = { - file = ../secrets/noisebell-pi-api-key.age; + age.secrets.noisebell-pi-to-cache-key = { + file = "${inputs.noisebell}/secrets/pi-to-cache-key.age"; group = "noisebell"; mode = "0440"; }; - age.secrets.noisebell-inbound-api-key = { - file = ../secrets/noisebell-inbound-api-key.age; + age.secrets.noisebell-cache-to-pi-key = { + file = "${inputs.noisebell}/secrets/cache-to-pi-key.age"; group = "noisebell"; mode = "0440"; }; age.secrets.noisebell-discord-token = { - file = ../secrets/noisebell-discord-token.age; + file = "${inputs.noisebell}/secrets/discord-token.age"; group = "noisebell"; mode = "0440"; }; age.secrets.noisebell-discord-webhook-secret = { - file = ../secrets/noisebell-discord-webhook-secret.age; + file = "${inputs.noisebell}/secrets/discord-webhook-secret.age"; group = "noisebell"; mode = "0440"; }; @@ -31,8 +31,8 @@ port = 3003; domain = "noisebell.extremist.software"; piAddress = "http://noisebell:80"; - piApiKeyFile = config.age.secrets.noisebell-pi-api-key.path; - inboundApiKeyFile = config.age.secrets.noisebell-inbound-api-key.path; + piApiKeyFile = config.age.secrets.noisebell-cache-to-pi-key.path; + inboundApiKeyFile = config.age.secrets.noisebell-pi-to-cache-key.path; outboundWebhooks = [ { url = "https://discord.noisebell.extremist.software/webhook"; secretFile = config.age.secrets.noisebell-discord-webhook-secret.path; } ]; diff --git a/secrets/noisebell-discord-token.age b/secrets/noisebell-discord-token.age deleted file mode 100644 index 1aaf23a..0000000 Binary files a/secrets/noisebell-discord-token.age and /dev/null differ diff --git a/secrets/noisebell-discord-webhook-secret.age b/secrets/noisebell-discord-webhook-secret.age deleted file mode 100644 index 362f450..0000000 --- a/secrets/noisebell-discord-webhook-secret.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 uKftJg 9Ts1I3lKnIiDlkti3wqLkMd/O5J2X7eu3jjzCqCJZEs -FmoQ/sj9Iyn9mP6WjHAQyNubk5fvl/wq7iV9WmE+Zng --> ssh-ed25519 Ziw7aw 2n9PloxmkZfOp7CrIlHU8X4gv0FeWqrXzRbuBlurPnU -0OKghn+2VNq0GhkeUAtNFI7MEMs0iLttqw02a7ticZ0 ---- In0BcqmKff+nXF3dc1ArM8dznFJkmwWiDaABguHGaBY -Lѻb8v#_ӄp~&S}QF0N1S~7P6TuTM)(f0"NE; i \ No newline at end of file diff --git a/secrets/noisebell-inbound-api-key.age b/secrets/noisebell-inbound-api-key.age deleted file mode 100644 index 7d81c4b..0000000 --- a/secrets/noisebell-inbound-api-key.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 uKftJg 8VicSc9Efje62LAEUo1ceUeHSyfqJ56JgkmetY6W/mY -xixUVxK3vKespUthQG0QmoucnhCgHBDzpIWcnjBj/uY --> ssh-ed25519 Ziw7aw UpfNqKBiOIM7BDCg9oOQdQ/lXba8vGeKYp00MJTCogs -Js43kbclj+7yIYPb1htOi8StldIgGlKouIKcbOP8R2w ---- 0qkwj31Z31Fuefmm79uIQsPOAMUqAF7/DOdmRsyb2Ks -Vgk8r*oZi[PѪ1ֶ #±vlr=Sk/02fakk3c \ No newline at end of file diff --git a/secrets/noisebell-pi-api-key.age b/secrets/noisebell-pi-api-key.age deleted file mode 100644 index ebf6831..0000000 Binary files a/secrets/noisebell-pi-api-key.age and /dev/null differ