commit 594931d796c97d32c5bd4e516931eb61cf84cd35 · kitten.sh/system

+4

.gitignore

···

       5
        
       

     

       6
        
       **/encrypt/*

     

       7
        
       !**/encrypt/*.age

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0

···

       5
        
       

     

       6
        
       **/encrypt/*

     

       7
        
       !**/encrypt/*.age

     

       8
       +
       

     

       9
       +
       **/certs/*

     

       10
       +
       !**/certs/*.age

     

       11
       +
       !**/certs/ca.crt

+2 -2

lib/apps/genCerts.nix

···

       43
        
       

     

       44
        
         caCertificate = {

     

       45
        
           name = "ca";

     

       46
       -
           output = "modules/base/encrypt/";

     

       47
        
           settings.initca = true;

     

       48
        
         };

     

       49
        
       

     

       50
        
         certificates = [

     

       51
        
           {

     

       52
        
             name = "mqtt";

     

       53
       -
             output = "modules/automation/encrypt/";

     

       54
        
             settings = {

     

       55
        
               profile = "auth-only";

     

       56
        
               config = caConf;

···

       43
        
       

     

       44
        
         caCertificate = {

     

       45
        
           name = "ca";

     

       46
       +
           output = "modules/base/certs/";

     

       47
        
           settings.initca = true;

     

       48
        
         };

     

       49
        
       

     

       50
        
         certificates = [

     

       51
        
           {

     

       52
        
             name = "mqtt";

     

       53
       +
             output = "modules/automation/certs/";

     

       54
        
             settings = {

     

       55
        
               profile = "auth-only";

     

       56
        
               config = caConf;

modules/automation/certs/mqtt.crt.age

This is a binary file and will not be displayed.

modules/automation/certs/mqtt.key.age

This is a binary file and will not be displayed.

+19

modules/base/certs.nix

···

       1
       +
       { lib, config, ... }:

     

       2
       +
       

     

       3
       +
       with lib;

     

       4
       +
       let

     

       5
       +
         cfg = config.modules.gpg;

     

       6
       +
       in {

     

       7
       +
         options.modules.certs = {

     

       8
       +
           enable = mkOption {

     

       9
       +
             default = true;

     

       10
       +
             description = "CA Certificates";

     

       11
       +
             type = types.bool;

     

       12
       +
           };

     

       13
       +
         };

     

       14
       +
       

     

       15
       +
         config = mkIf cfg.enable {

     

       16
       +
           security.pki.certificateFiles = [ ./certs/ca.crt ];

     

       17
       +
         };

     

       18
       +
       }

     

       19
       +

+29

modules/base/certs/ca.crt

···

       1
       +
       -----BEGIN CERTIFICATE-----

     

       2
       +
       MIIE6jCCAtKgAwIBAgIUXTqgvbXI0xhtkVXYUUFVvLD5Nv0wDQYJKoZIhvcNAQEN

     

       3
       +
       BQAwDTELMAkGA1UEAxMCY2EwHhcNMjQwOTIxMjIwNjAwWhcNMjkwOTIwMjIwNjAw

     

       4
       +
       WjANMQswCQYDVQQDEwJjYTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB

     

       5
       +
       ALzvrQg/WajwUho0LDjbPThVeSn/kMnrtHCMKrXnTZdz3Ok/KmRtTgNJ9QbbJsLR

     

       6
       +
       A6EhyVxK/W775jki3bLv/hi998s6H4yimgoP+x64l/KFrcxUPsDSM5GfGCfDZoFO

     

       7
       +
       fAxoLT5RWhuQdJ679x9GIIG0sIunWs8VPkXlipXMORb2tU8g9rEUR1uJwYVhW2by

     

       8
       +
       EX4znWcndJg5+yAVzFdzPjSyuiPPUES4MPXHHBgyP6qeH1C8gUmYV8l5u+On4lSW

     

       9
       +
       UE66Shk3mO5dbvit3+g+/7zGR584tM+cxqzeHz+S0yOKOhnL01OWtf2FHBIZSRmK

     

       10
       +
       j5AM9/Z4MqOom7qVHDol1kO8j/0ub1Xb1tXJ4eAKTeecrx3ouUawCoenrPJYV2f5

     

       11
       +
       6+tp0QQ20X7+IF4DojA2oqOx6QtDN5AweRnQuZFd+hYusStuspMVeeKzP+XUPYTA

     

       12
       +
       3ILlTJ26/2Fenc65uewgtbxVR30HNQ7S7jMrI+xzRXPZ9ZSXNbMne62UNPQL1dpK

     

       13
       +
       cmsRuNkpobnC10Tw/HVmFmhf07zi71IIj/IIL1YdSxFT8xI27WAwh0GNUBGYUkJe

     

       14
       +
       EbpeMlr3czl6Sx0AG/tsOsJDCu4mdp9Y1kyEIWtkMgi5jeboTWUPhYQ+zBTe2eyu

     

       15
       +
       yPBcEmp44W4OGazbbv0qg6/2h1emwaDDEBTZINvtCz15AgMBAAGjQjBAMA4GA1Ud

     

       16
       +
       DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSz4KVhDRkOqW70

     

       17
       +
       pi6hoPPMAb7wwzANBgkqhkiG9w0BAQ0FAAOCAgEADdy4pZGIeQqNVChDNNMET7Tl

     

       18
       +
       DFgTp1q4DQT0Yk9qHtVpIhbxTBWCyfoweNZVx7LL4RzTzZQ73O4YJ7obHPAlMqEW

     

       19
       +
       bHL/ZctSgG0saVpwk6t0hlX0va/SOjZheplDQBavWTlBlWkE8PiySGcD+CPcP8iS

     

       20
       +
       qCNh6Eyt2DHODXjGPjaucQlQ3jovNqJjGQbMmFkVQjYwK5Liyj/qu3MxEYky95yt

     

       21
       +
       S/W8ipnzLE74Um/sJTE0XMKGTcSPrci5ren0EqrgEvuX8rFoJqmJSQloe8H8DycH

     

       22
       +
       6IptkHncIy8trAby4sZNNA8DHzfJRNe++DVxcbHbXCyd1Nh+yvODuFqZPAcNWY3Y

     

       23
       +
       aV56xaeu4C0l+ukDj1OpclovZC5r0JFhtcnde6JQo+/8WhVobpRdIYbVFbbV+TiF

     

       24
       +
       8zUTQobQdDWJriInEoAqmTD+r5gcZYjJJH29yCRzKnltMMCnybDiDSBLwAZPZ94r

     

       25
       +
       mCeINP2AXGCgJfcXKDvL0o5MVL5jW9xt4ARgn8QaDVqWQfPbWaSLHoQhm671gOHI

     

       26
       +
       Jk/yq5WsfFuoYWS+dM39vRqb9LWub91Q9HQA+IJ5PXyvpLOI5FJKV5Lp+HkRMA++

     

       27
       +
       T7wH8VFKIJHGjAm3j2JxrNUeVq+n5/dadHFvv/i1b/nzcWH48L8TxjFR4ab3JG9M

     

       28
       +
       ftCgJngtxuQKgwJa6HQ=

     

       29
       +
       -----END CERTIFICATE-----

+1

modules/base/default.nix

···

       3
        
       {

     

       4
        
         imports = [

     

       5
        
           ./nix-config.nix

     

       0
        
       
     

       6
        
           ./shell.nix

     

       7
        
           ./linux.nix

     

       8
        
           ./gpg.nix

···

       3
        
       {

     

       4
        
         imports = [

     

       5
        
           ./nix-config.nix

     

       6
       +
           ./certs.nix

     

       7
        
           ./shell.nix

     

       8
        
           ./linux.nix

     

       9
        
           ./gpg.nix

+3

secrets.nix

···

       21
        
         "./home/base/encrypt/CA84692E3CC846C8EC7272468E962B63FC599E49.key.age".publicKeys = keys;

     

       22
        
       

     

       23
        
         "./home/development/encrypt/npmrc.age".publicKeys = keys;

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       24
        
       }

···

       21
        
         "./home/base/encrypt/CA84692E3CC846C8EC7272468E962B63FC599E49.key.age".publicKeys = keys;

     

       22
        
       

     

       23
        
         "./home/development/encrypt/npmrc.age".publicKeys = keys;

     

       24
       +
       

     

       25
       +
         "./modules/automation/certs/mqtt.key.age".publicKeys = keys;

     

       26
       +
         "./modules/automation/certs/mqtt.crt.age".publicKeys = keys;

     

       27
        
       }