jet/extremist-software
jet/extremist-software
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: move secrets to noisebell repo and update

Browse source
This commit is contained in:
Jet 2026-03-17 03:50:26 -07:00
parent 5204cc3af6
commit 50f85422e4
No known key found for this signature in database
8 changed files with 198 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

4
agenix.nix
View file

@ -10,8 +10,4 @@ in {
"secrets/matrix-macaroon.age".publicKeys = [ server jet ]; "secrets/matrix-macaroon.age".publicKeys = [ server jet ];
"secrets/ntfy-admin-hash.age".publicKeys = [ server jet ]; "secrets/ntfy-admin-hash.age".publicKeys = [ server jet ];
"secrets/mymx-webhook.age".publicKeys = [ server jet ]; "secrets/mymx-webhook.age".publicKeys = [ server jet ];
"secrets/noisebell-pi-api-key.age".publicKeys = [ server jet ];
"secrets/noisebell-inbound-api-key.age".publicKeys = [ server jet ];
"secrets/noisebell-discord-token.age".publicKeys = [ server jet ];
"secrets/noisebell-discord-webhook-secret.age".publicKeys = [ server jet ];
} }

200
flake.lock generated
View file

@ -23,7 +23,46 @@
"type": "github" "type": "github"
} }
}, },
"agenix_2": {
"inputs": {
"darwin": "darwin_2",
"home-manager": "home-manager_2",
"nixpkgs": [
"noisebell",
"nixpkgs"
],
"systems": "systems_2"
},
"locked": {
"lastModified": 1770165109,
"narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
"owner": "ryantm",
"repo": "agenix",
"rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"crane": { "crane": {
"locked": {
"lastModified": 1773189535,
"narHash": "sha256-E1G/Or6MWeP+L6mpQ0iTFLpzSzlpGrITfU2220Gq47g=",
"owner": "ipetkov",
"repo": "crane",
"rev": "6fa2fb4cf4a89ba49fc9dd5a3eb6cde99d388269",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_2": {
"locked": { "locked": {
"lastModified": 1773115265, "lastModified": 1773115265,
"narHash": "sha256-5fDkKTYEgue2klksd52WvcXfZdY1EIlbk0QggAwpFog=", "narHash": "sha256-5fDkKTYEgue2klksd52WvcXfZdY1EIlbk0QggAwpFog=",
@ -60,6 +99,29 @@
"type": "github" "type": "github"
} }
}, },
"darwin_2": {
"inputs": {
"nixpkgs": [
"noisebell",
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -82,7 +144,7 @@
}, },
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1731533236,
@ -119,6 +181,28 @@
"type": "github" "type": "github"
} }
}, },
"home-manager_2": {
"inputs": {
"nixpkgs": [
"noisebell",
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"mymx": { "mymx": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -157,6 +241,22 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1773646010,
"narHash": "sha256-iYrs97hS7p5u4lQzuNWzuALGIOdkPXvjz7bviiBjUu8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5b2c2d84341b2afb5647081c1386a80d7a8d8605",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1744536153, "lastModified": 1744536153,
"narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
@ -174,28 +274,66 @@
}, },
"noisebell": { "noisebell": {
"inputs": { "inputs": {
"crane": "crane", "agenix": "agenix_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"rust-overlay": "rust-overlay_2" "pi-service": "pi-service",
"remote": "remote"
}, },
"locked": { "locked": {
"dir": "remote", "lastModified": 1773745186,
"lastModified": 1773729127, "narHash": "sha256-rxNWtNXvdzLQYAV3Wz6DQIg81Ax0aIgOYBW4KoLALIU=",
"narHash": "sha256-KwxwZGlTHOZCCY+pDhwmluZctCSD7tFes87LWQ8h1Sg=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "dc7b8cbaddc6a44aa05b2d3f7c42dc98dd24f060", "rev": "9ecac57275f3e8140e8919ad1284f1ec3821551c",
"revCount": 30, "revCount": 36,
"type": "git", "type": "git",
"url": "https://git.extremist.software/jet/noisebell" "url": "https://git.extremist.software/jet/noisebell"
}, },
"original": { "original": {
"dir": "remote",
"type": "git", "type": "git",
"url": "https://git.extremist.software/jet/noisebell" "url": "https://git.extremist.software/jet/noisebell"
} }
}, },
"pi-service": {
"inputs": {
"crane": "crane",
"nixpkgs": "nixpkgs_2",
"rust-overlay": "rust-overlay_2"
},
"locked": {
"path": "./pi/pi-service",
"type": "path"
},
"original": {
"path": "./pi/pi-service",
"type": "path"
},
"parent": [
"noisebell"
]
},
"remote": {
"inputs": {
"crane": "crane_2",
"nixpkgs": [
"noisebell",
"nixpkgs"
],
"rust-overlay": "rust-overlay_3"
},
"locked": {
"path": "./remote",
"type": "path"
},
"original": {
"path": "./remote",
"type": "path"
},
"parent": [
"noisebell"
]
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
@ -231,6 +369,29 @@
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"noisebell", "noisebell",
"pi-service",
"nixpkgs"
]
},
"locked": {
"lastModified": 1773716879,
"narHash": "sha256-vXCTasEzzTTd0ZGEuyle20H2hjRom66JeNr7i2ktHD0=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "1a9ddeb45c5751b800331363703641b84d1f41f0",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_3": {
"inputs": {
"nixpkgs": [
"noisebell",
"remote",
"nixpkgs" "nixpkgs"
] ]
}, },
@ -248,9 +409,9 @@
"type": "github" "type": "github"
} }
}, },
"rust-overlay_3": { "rust-overlay_4": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1772679930, "lastModified": 1772679930,
@ -296,13 +457,28 @@
"type": "github" "type": "github"
} }
}, },
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"website": { "website": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"rust-overlay": "rust-overlay_3" "rust-overlay": "rust-overlay_4"
}, },
"locked": { "locked": {
"lastModified": 1773122265, "lastModified": 1773122265,

2
flake.nix
View file

@ -13,7 +13,7 @@
website.url = "git+https://git.extremist.software/jet/website"; website.url = "git+https://git.extremist.software/jet/website";
website.inputs.nixpkgs.follows = "nixpkgs"; website.inputs.nixpkgs.follows = "nixpkgs";
noisebell.url = "git+https://git.extremist.software/jet/noisebell?dir=remote"; noisebell.url = "git+https://git.extremist.software/jet/noisebell";
noisebell.inputs.nixpkgs.follows = "nixpkgs"; noisebell.inputs.nixpkgs.follows = "nixpkgs";
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";

18
modules/noisebell.nix
View file

@ -1,27 +1,27 @@
{ config, ... }: { config, inputs, ... }:
{ {
users.groups.noisebell = {}; users.groups.noisebell = {};
users.users.noisebell-cache.extraGroups = [ "noisebell" ]; users.users.noisebell-cache.extraGroups = [ "noisebell" ];
users.users.noisebell-discord.extraGroups = [ "noisebell" ]; users.users.noisebell-discord.extraGroups = [ "noisebell" ];
age.secrets.noisebell-pi-api-key = { age.secrets.noisebell-pi-to-cache-key = {
file = ../secrets/noisebell-pi-api-key.age; file = "${inputs.noisebell}/secrets/pi-to-cache-key.age";
group = "noisebell"; group = "noisebell";
mode = "0440"; mode = "0440";
}; };
age.secrets.noisebell-inbound-api-key = { age.secrets.noisebell-cache-to-pi-key = {
file = ../secrets/noisebell-inbound-api-key.age; file = "${inputs.noisebell}/secrets/cache-to-pi-key.age";
group = "noisebell"; group = "noisebell";
mode = "0440"; mode = "0440";
}; };
age.secrets.noisebell-discord-token = { age.secrets.noisebell-discord-token = {
file = ../secrets/noisebell-discord-token.age; file = "${inputs.noisebell}/secrets/discord-token.age";
group = "noisebell"; group = "noisebell";
mode = "0440"; mode = "0440";
}; };
age.secrets.noisebell-discord-webhook-secret = { age.secrets.noisebell-discord-webhook-secret = {
file = ../secrets/noisebell-discord-webhook-secret.age; file = "${inputs.noisebell}/secrets/discord-webhook-secret.age";
group = "noisebell"; group = "noisebell";
mode = "0440"; mode = "0440";
}; };
@ -31,8 +31,8 @@
port = 3003; port = 3003;
domain = "noisebell.extremist.software"; domain = "noisebell.extremist.software";
piAddress = "http://noisebell:80"; piAddress = "http://noisebell:80";
piApiKeyFile = config.age.secrets.noisebell-pi-api-key.path; piApiKeyFile = config.age.secrets.noisebell-cache-to-pi-key.path;
inboundApiKeyFile = config.age.secrets.noisebell-inbound-api-key.path; inboundApiKeyFile = config.age.secrets.noisebell-pi-to-cache-key.path;
outboundWebhooks = [ outboundWebhooks = [
{ url = "https://discord.noisebell.extremist.software/webhook"; secretFile = config.age.secrets.noisebell-discord-webhook-secret.path; } { url = "https://discord.noisebell.extremist.software/webhook"; secretFile = config.age.secrets.noisebell-discord-webhook-secret.path; }
]; ];

BIN
secrets/noisebell-discord-token.age
View file

Binary file not shown.

7
secrets/noisebell-discord-webhook-secret.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 uKftJg 9Ts1I3lKnIiDlkti3wqLkMd/O5J2X7eu3jjzCqCJZEs
FmoQ/sj9Iyn9mP6WjHAQyNubk5fvl/wq7iV9WmE+Zng
-> ssh-ed25519 Ziw7aw 2n9PloxmkZfOp7CrIlHU8X4gv0FeWqrXzRbuBlurPnU
0OKghn+2VNq0GhkeUAtNFI7MEMs0iLttqw02a7ticZ0
--- In0BcqmKff+nXF3dc1ArM8dznFJkmwWiDaABguHGaBY
<EFBFBD>LÑ»b8v#_Ó„p~À&ÎS³}QF0NƒàÞ1§S~ªå7×Pþ6T¤îuîTªMë)ü§¢Ôï(fÀ0"ÇNƒ¶E¢«Þ; i

7
secrets/noisebell-inbound-api-key.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 uKftJg 8VicSc9Efje62LAEUo1ceUeHSyfqJ56JgkmetY6W/mY
xixUVxK3vKespUthQG0QmoucnhCgHBDzpIWcnjBj/uY
-> ssh-ed25519 Ziw7aw UpfNqKBiOIM7BDCg9oOQdQ/lXba8vGeKYp00MJTCogs
Js43kbclj+7yIYPb1htOi8StldIgGlKouIKcbOP8R2w
--- 0qkwj31Z31Fuefmm79uIQsPOAMUqAF7/DOdmRsyb2Ks
VgîãËk8årà®*÷Œo¡¡Zi[÷ÆâP<C3A2>ÎѪÿð¯1Ö¶õ ô#–±Òvlr=§Sk/02faÏkk˜3Éc

BIN
secrets/noisebell-pi-api-key.age
View file

Binary file not shown.