From aff69929491eee36e314a82d5392c5c5ec9ee5fd Mon Sep 17 00:00:00 2001 From: "Lennart J. Kurzweg (Nx2)" Date: Mon, 3 Jun 2024 19:53:43 +0200 Subject: [PATCH] Sops xps --- .sops.yaml | 2 ++ sops-secrets.yaml | 50 ++++++++++++++++++++++++------------ system-modules/sshd.nix | 2 +- system-modules/syncthing.nix | 23 ++++++----------- 4 files changed, 44 insertions(+), 33 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 9a4312c..4319e34 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -4,10 +4,12 @@ keys: - &nx2 22FB2CC03DC5292AB81CF67D0AF27B383170E634 - &hosts: - &north age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e + - &xps age1jvf2lyrt2dw9jfnwgvnhmj9fmvyq8vvtepqjpkyycc5dqkkd4edqhxsgv6 creation_rules: - path_regex: sops-secrets.yaml$ key_groups: - age: - *north + - *xps pgp: - *nx2 diff --git a/sops-secrets.yaml b/sops-secrets.yaml index 22c19ae..05c3142 100644 --- a/sops-secrets.yaml +++ b/sops-secrets.yaml @@ -5,11 +5,18 @@ example: ENC[AES256_GCM,data:WH4=,iv:dQ7quTadSmPNi3F86Xfzne02CVMzyFipcrHYfHdKmf8 #ENC[AES256_GCM,data:8rASr+5XsQ==,iv:1uCh1v+k4wGUlsYTh/yHVBsrUZtTOsQur8RL2YW3V3A=,tag:+3YzUslU/YVTHnU2QzY1ow==,type:comment] ssh: NxNORTH-ssh_host_ed25519_key: ENC[AES256_GCM,data:4zIDtZzL196XTXg4qxCXLDvk9cD7cBvuK01TB/5ZjQp51jvbDA4aNgujEcVtcBQbCi34TsKMHa3j4VAdfeGrt6hmPLb1krog6/qsqSyFV9u9pBq2EqBokC0JIM8j5xpYWsswxa7/IWWuKTuJA3SXVey2SxJWMCzEXhov54L068ObVMJeKpg8C1+Ax6AohTG+ntYrvxIDz06RxyddfV/OBY/EbUafiDsNCa3rJo5jvsDSErChpXqvP0zInWnQF0bSyvo2CCwzAhHrN+c7dYkZ4cRMIMTnbfx93Qi3soWzfXvyZZsPIRW6UcvNfvNLY3g5amkQzUCYTxgXfiJbpoUHv4EZybOfGTU9sS+2s73OfWzkeQpJDp3QYDGCIdEctFkJ1ntFhdL2XKKHsvMPIWuOHbBuE7dG7yNyzICRAaQH4MDIrDDywXloGC+J6Vwjte/ZiNOjZA1WUPpVhlABppM0XQNauRz+uXcF7JCSn8mj1KNaD0JM2AR9tlu6sDociLq3JyoJMXoNNhuM//zu0Ac9,iv:BGc1rCP9LHpYpIMY94tsEE+YltQBx4ZouOmHZlM7WlU=,tag:7DpI9vXJ1vkZjDj2UtQ/Ag==,type:str] - NxXPS-ssh_host_ed25519_key: ENC[AES256_GCM,data:tdWOujPO,iv:jATctkrtEhrdQvw1jf7UCNYqltQaN8ySMpob5VApKJY=,tag:s0zu/eXnzW6eqqnGTwBJqg==,type:str] + NxXPS-ssh_host_ed25519_key: ENC[AES256_GCM,data:OOkbAOl8BYNBC0mv2LLyhXHiugnfp8ULM1H2upHD+D041MZeUjAvN+E7XaHuLHv1yddYvnT/CcX0yrn29mHzhlA/gEaOt7jr1n/pEPasOuxh476oSot6fIEkCbXCCEX3KF5t6Qr5y2Z8ZKiETRthqqcTxvYc/sy5ER+FPx3qqdnhWTQKi5wsXzYXqcAR8f8YyTDnHwxc98AC5MK1AEhIZ98eiJy8ifPIp3VVD3uVYtDYX1pT5hyntIa+LfvGi+Wk96rktEVO81HskKsDeif26fbnzqlqXvpwmkiH1IUTdp+8zJp9kXbL+W0S5RINmkmDT38+z2kNT9l6e2WOKwrL7hUoc6BV57QrtwxClQEZv6RuekX9DGI3pOP96ZNi7BZ7UwzmdkgK/suaGTtF/RgdccCs9FyBZfsYDNElMQqQBlXvXG/hnyIxHIPCLAnFEgFvkCtLOZjYH8Rp/BO5n53wOFkG884Wn615o98bD4CL17tLaIkoWtwUIpmJj5COqLWJvziCa2sEwvbWDfb35xzR,iv:MFIv7bXxyXDr8pQnVE/lAjQ69CnTPRr+out5/yRkeJk=,tag:++jnOAabbc/1ROerlwZn/g==,type:str] NxACE-ssh_host_ed25519_key: ENC[AES256_GCM,data:1dh3SYzf,iv:tG5maEax2fke5bhdcdAoMp8AObKbs8kKI1p5akysu4g=,tag:JTDa1beKwTQ9ggwlkdpYtg==,type:str] syncthing: - NxNORTH-cert.pem: ENC[AES256_GCM,data:nmI2a5G345pkmEbaQXsNWRMTbZGnH3zWZFWDJ0Gys5e9l1+Y8GndRHaiGnnPwAjswk7GRt3VqUtluCXEq1hYOEjRWqzziNGs2GjJGw8ddz5DNKtD4jriAKMYhZWTZXg/3rx/mSx/9qk79eGxbZmPzi9qAZi+phnjh+dUFuTZEvn3WM16+JBc8FEgX3AvgTbGR9bJcBjINvGSiYIQWKSLIScay9zHSYU62Qf24nPVRuXGibL7xOiV+HgBqA2N3VKY0Th/l4X/SrXrRAFSWJ+/ZuhRI6gS9ZcawlZIKpYtbKmiDpI0C/qGLhjjF2HKQMrElI3Nb+iHRoIS+zUMsa0RflgEMLCU71Ix22LzGLlbpyhvNja8sFLS1WnDLYafBg4/zw8cEJxPo+XZFtwms0GfQdAmvTTdtFTWHOqacuGMz1mZAYG+QLKd5xwYlkxVOarqGXX2l1TbbkyqaKAl7rWIx/3nF5Mhvob65DWNhPtSAj+39oHF1mMLmEitHiyHFn8nzSRvCkKiBAz4Xgngkq2HRyjpuxXcSk+RnbD2Ahuv4+X6IxSTYQnxSaxPvBqttvNLOIwSFbVqHiQgaH0bggecvQ3W/wBuXw50oUwK2baBKf5ENq58E6kVpO/IXvUCP1Oa5kVNKkQSc1Xig7SCFxTufEU2NmHPJxs2W0Pnf/tA2EyunkdHCMTO9aeRm5WCncbsvsHnTvQKO+F6CFL98zFItL74q831QGdFLxqYfiIhxG/cFjmzbESJJ+SDF25uNtsDrLoGTUJYeCIq3W+zMwUbEuCNiKpn7RvvHO4gP/pwwh7at6kmUbwjUNW9Ex3wwtIXQIsa5g1fIhTBXAATm4USOOWjN6XuHmqoVdjbgJ2VuAtwJyF7jP3JZvhiEaIJOjeAUvv5G4Zzp9FgyNJ6YTtOpzD/bobRDpDaVmitDNef2rDggbWACcGZ3uTgn4bylnCowyPS0T2JzolR3AhsC/xbjesBkHcnWJCrREdsvPFgeKm77IIFLwfNIq1RXYKt4vjmvTMe+dFoFscybV1v1lG3qQc9PaPezw==,iv:7N8WtW/yJWcK7iFzHhV+vjnA6uxDl1YrW/rnXlRWi6o=,tag:EMcVWqJHs3YCj4j+xz//FA==,type:str] - NxNORTH-key.pem: ENC[AES256_GCM,data:Zdtype95U/u6HXMsBQ9lG7LRv9jCksuiYCj5LB1pzO9w4O8VhcoaT54tgel9g9YBr5VWKbu2AOqrsVnwtmEUfx70Thsa6sYgYnFxkrxIMnXCPEvs9yTKOyO8OPaBFSO5eKOCZFYSx5jJ5anlxZ6JA6nDpevf/C93zaZYGveucYbcLZcdm785j1eQ6uS0HvCnYACgoy54Q6GcuZ3/mSioy4MIsEW/QCm/67rRlL3kRmdXTJBd2S57ZpS4ECxwcnzxbNVItS3YhmlaJpxRB9M/UwSiXce86AowKTmj5ckzwKRcM9bVP2c5oHLenVQIMQOvq2BUVpYk6/5kQ2HBb83E1/dkC7ZL81lfKpNspJP5upaXmZ/U6HmAS6vT31Lsj7NZ,iv:/vt0Z4a9QEu8a53c0djtkvtglqnKo96CYmBMXSccz3U=,tag:qCinJ/DoUbc8vPSJVY+rgA==,type:str] + NxNORTH: + cert.pem: ENC[AES256_GCM,data:G/cFGWFRryPoSnxNw9QF8oMFmwSDNOYhpWDWqON9akjQISBco72BqN08k/J1GA+c/5+IkhZRqKJKZGt8UsuZPErLH3uLrMgqyMwcfoMWqf1Bv/dJWPkv2hk4vsVl1lrNLwgN5075tfDqLNhRO7NYGXbh0oaL4OjyQmkkgJov8omhnLE6K089gdRYaPlcbitReBuv6xTLnJ8LVWyZe7n31FoEcwrj7zKt6uMxTCUMyDs9ONgN+JwXcL/E4gZ+8PbFwmpW7eR2T5vw7Hw+1ZgzBEDqdiAE3wuDajfYXnXMd0DfBLPbPHmeLklXRcqFNWn3jW7NPLASivqxABWrjsNwpqZWZFA1z7GAsz9LGoal6jUQELBbQv0oCrsfvcRaD8xGNVUwRwHIkAjh0Ia5GZPUGRPeeyVpoLdH5NfZLjU2erB44L4ClxqR0lk0ovZ8i11M42wtJp6uErGIgTdOfd7Sg7fkIvfgIB0C1h3MC5KGR9xlz2rcOW5Lh5rBhzs+81LZXpW/dOXHktEFiWRn+FFjpInLno/V5wFJXpRrlytIvNO+SsJAhyWU6Cko7nQRQYT5HaTHQW+yTAUEmP6K6PcT5zCQax/F3E/j5TccNjPjvVpLs0weL7DUG/j+UOh64U2e1pLZnYt0ARXytcXcfy0ht8S0+aDiLZ+kZbY0BwsY8IsoB/8S9TtxR4WYzPr+U7ldgVNGTdDAUlldH1zjPQH8FMblYDC07TCZJR66RQDDYgC+g7AekP/CO6qaz8P2R+ghk5wuaVUCSqXWolXKzlo+VY/qUTRCbuAW4+s4y+rwVRLVfaZglyqXCkfCNwtE1lH5ZIkZIuVFBF9aRvgiuMYoBTpaCEie+md2P9nYqGm70il+vaKqQfThM/+1UX0C8BKkSL4yIswSHtaZKVeScPEtJg6+DqgdwZEQ8WLotdoNcI8qNFNTO+HSBfUYtudYKOkujgt9Dm6H1OCIB1Axbj3ukYufXhcSATNI/m5jGOWwf0RAV/JrWsdnvou5PSEVg97D2DjPuG3a2dVyTke5kszr7uqdrUfixA==,iv:2vhqS0MFm4IoSu5BFzimg+p2bDTIqeqgvBbhse2jcU4=,tag:sxUlLyhn3Jb0Z+kl6ohEQg==,type:str] + key.pem: ENC[AES256_GCM,data:bo3adkzno1JlGRllvm+UXg/PWJpoDwHoNoH7RDNLW1f+3yhVj7jW9mJYwTcSD+hrAHjPa7MNAzz/uT0EOX6EgB83CLxCmYOxWJM8CJIvbeLA1djdqS5YLtkhQEiV+upuP1tElisSUVJao/0v4W6CAqRd5mv5FMOtm5GVMk0w0O4O9FZOOY9RjFh+x8rXjhKUxmLi8OdHg5EU43+pP95nqF99uLQxtTttxRsbeoN4666d2b9Xwp7j5HcOhAdkvdijJj5NKOwvG/bpak98lO3jFY3NrcJGFUAPMsb9xwWLxWuPvpvQAQSJRWOupvvvSDXEpjedeHUOOPoUqa2bNcZWw00t7UrAabS2yg5Lfo8GPQ6lHPGQuarZeKHJBIoab5r/,iv:d4nzWfUkrmZEFDr1C4+MI2vzyLBgT4OwRZb4hPskP6s=,tag:DoWTkwZnRHibM9kqqXUGRg==,type:str] + NxXPS: + cert.pem: ENC[AES256_GCM,data:DQhlDJ99Qbbv+qq79w+rvZJApH51U7KzvCWgUb5D/MBEYYv4Gq7Srntn/BrZjfUBUQCtK91cR3lHsWtRI/QkBzOtMxJcO7GhEC6mlrJ6hkukmZ5Z/e4W+kUrVbgSqUqq2UB4fDGrBNRcli9vleRmtswMgzcPv207p8n0OyYypkAsgaDlxKbylpOLcF2BFXoIR+R6cpbis5nU3vMWJopEdzVDDgl6qW4gZXjTOPcWUJ96IGXKSuTBN1rbqMAI3e3D2u/aK+RTs0KKGmSfqWZkJFM1GJERAa6OHzgLLXftERl565aBBKMgxHi7G9Z4vTSYvsdBzOHqKsK0V/JL8AGsCtVcgM9F8GMYRGq7mSJEcRK7B5hY/zzVJZZ2acLSuUoN92c5R/ZvMwD465nqaemVuc4gP2nu6bqyLFuOYEkuajXRJJElhoegPxGVyVtQm66093pPUB0zFHfkhT5CbN/qyo6ubuj7J8FwR4eBFUPI5aDrKb9diSHduohh7lzB2y9w/JwiZC4JqGZIPh6hJ8U56mA5GxLaiPv00p1CIIZKKdEX1j0IKPXkyVytmcveOHFuJj+iw3ysPkOD2Z0pUAt0DCfSmhx1MSzbEk3KDL4Z1w0mcH+28IZQ277t6Rq9vWp1Bvv6OSw6qcKTl4YSVsFrdoFZbZVkd0UYkb17jk6dEXt2aDU2V5D29FhuQrStygEvA3mxKUT7SOAmcsWDSTnnyfEdO1t4/z/2rW+bWl2CqnOXhs8j+a+PMUw3zhIs7alx1hD9H6yEUY9AmIBXETco37fwzP0WrM+R6h4G+fPu6LBuk+Xdi3hda485Z2RVFhCRrZk/GJ/BNGHJ45OmXi08G/G0IhtBjJVavScnO8f2CLq/OMAwrgDeoX/Bdp5MegjfHcj9BpnqkI6j1c28P1/GbIg5QgWv9xJfDAsgCuziNZKzXhi1jEeo6jbcOc3nqJBJS3bbWLZrAkDPIscZyhAJrBs+Ay5R39v853MNOWTbdUMwqX5ksyBuM3E3fxaO97FFxfDXpL/LaSrgNvYsagm07DAHbbhXz1jQbDc=,iv:ABR974ZNDnWCzA0rcI86PPztX7/hZCadc2dhxJfrldg=,tag:9oAAMs12m8qMhTKai7p3ow==,type:str] + key.pem: ENC[AES256_GCM,data:etNgxfryF0MJGX+X0guZKAaEh/PbaR9sVmbi7RikvL1okBUDxnVewOFuPQLKjDIpqhD8MIhUb4gdoWKq02MpqEvrlj3C+ffri8/8HLuwsm/vBniNvZHwdKyyWcodTUa5TpJt6nJMUzjJtKfv8u0dEEoQUbGN+nmWnJRSIczsWdw4RE30Hj/byiIWDZXmNtcXE5M6O7+buhqbmPpciFh6YjjofnJZ4KOD59Cmkl/KdGjaJUymsFMDmbDQsmeYmmzbfXuAZkW7C5KpBovAppLIn0m7H+ORyBK3wEZl+Hc9zK2pzKPb83qTclXkLQEx2Yfjdw6eK11IaqVBBSPPDgR0SZRwuPTlsoZqdlo1IUaKO77D8ARAohj+4X3JKfu0EeM6,iv:oGBk17V69Z/Nffc/pgqRoqsUFH7ZhCnQS3CR6uh4mQM=,tag:f4j2u6vr3tJpess37m46vw==,type:str] + NxACE: + cert.pem: ENC[AES256_GCM,data:Hg==,iv:NWaLNrHid5jUvAuiXUj3Rm4QLtXQPG+7NTITA7DBtwI=,tag:HuyWANId50xpByZBWSyjYA==,type:str] + key.pem: ENC[AES256_GCM,data:/w==,iv:QHILq9oHJ0nK3Wwy9ClDIBpppgQmyFJHU+Cb+ReVEXE=,tag:i2uPgiNKDjSldcORBPaYVQ==,type:str] sops: kms: [] gcp_kms: [] @@ -19,25 +26,34 @@ sops: - recipient: age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuQitqblRZVjZGS3p1RlpP - cGRPRWI4SGYwekw3bXhTOVIzcTJZaE9nR3lVCllMWHFrNTZPNTBXUWg2VDRMTUlW - SVRDU0wwNmN2bXhjcFhNbE1zNXVsWVUKLS0tIDNCcTBxVUYwbDhJWGdlVUo2ck5z - UlV2VWNjcjUzcC9KZjdsa25qU0wxWk0KqH+D2YWSk51R5qsRnom1xAu/jAEe0Wx9 - A5Nfrr+P+5oTnrF0MSP5o4zqFzs99PEcCE6sCksZoqkMYXbhXozgPg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrdkZKYWFJQ1Nyc1AxMktY + d3AyT2Zsc01ZUjNFdzBPU0srUnFzVklxNnkwCm9Pek4zVnBqNEZoZ1RlMmxibis1 + VW5vRHpPbENSbTl2cnl3a2JQNzlTelUKLS0tIEpUSHpwYytBT21BTWdWQlhHcFJt + SUIzR09xMmhWbzFOUlhmRUxHUWc1MU0KwXJtg+4bf1ao9x5tJU5fm9MUKYwz7GMz + dUua5Wy6DGgiGBLVTLxXaBjc6uRTNHHiRCdd4xja1apnh0dqkVsRIw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-03T14:14:15Z" - mac: ENC[AES256_GCM,data:0ik8M9+V6qlc+5Z5rPi0X9UOa2Yf/cZdrpsXXfPj7hV9WSVnlDn2kJGt2PeLT5TwllAWm5mMVgovKEnuI/2hrck4AAGcvretvC0EPHr5Q4FOx84A8pDTsvff4x555mYyaGC4C5s8hUPe/OwwJXG19FWqHBVq638K/jFBS6mUk6Y=,iv:f8g+2vhqwgaYtG0sk5MdjQwPOVgBt/uNwojFyGgWUNY=,tag:HQyWQNRaAhmIJ+A/Uvbi+w==,type:str] + - recipient: age1jvf2lyrt2dw9jfnwgvnhmj9fmvyq8vvtepqjpkyycc5dqkkd4edqhxsgv6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjT283YjMrWFBWODQ2UU1x + T1djNW5HTUlRdWtPdGtJUjdVcUhOWEtzdkhnCmdOUVhTNzF6UzZpSTkvNUJFVDhF + WDZId2o3dkdHOG5QL05RaXpLNk0zZU0KLS0tIHUwT3BCOVZEYVR2YXc1UTZVdEp4 + NzBKelE5NENBczJIc28xVkVmU3FKWkUKBEyLzVMSlID+p/ZcpZiMzqXhHoQyBnbt + AJ/vc2SStdXtuKOzCj2cKm2HV3U0nBlp0AFSRsreQZ3nPYya8fryZQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-03T16:42:49Z" + mac: ENC[AES256_GCM,data:pssDZOSjK8BY3i5aiJxmNfCX/L6zN+9U3QdQw6TEaLVWpcW8QjtAATh+/5z8G88ROQR/exW51C+saNrnuWsNU/oQ5MSC1r/9fbqjs6MLAHXS9Kl11xdzMw1KnIDRUB1tzPzL/WgqTnaRV5ND0mZdfbMqk7ivynjJGwqIjbhEybE=,iv:2wFVEL70D8zfKdYEnTV2qGC9MqTghpabzKnhF1ZOXow=,tag:CFZw6s4NttzCMv+mhUefTg==,type:str] pgp: - - created_at: "2024-06-03T14:32:43Z" + - created_at: "2024-06-03T17:01:02Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DCvJ7ODFw5jQSAQdAw7WVNFgl452xdetQH5D9TjUe/CINVE19hjBMNNqn+X0w - qnbUM5s3wCofJSdVDSgleVXXZA1KcbW0ORbd6FVPv8dKX3x2mUMDb/tdLTkYzOL1 - 1GgBCQIQ+10jG029Xa1Psa3J0ZXs9UOz2vGiuLj3kCDke2yfwUM6CHKEWlsaJXNE - QYphW1hlKYZmcMU2ZjKTVzyKHbsr6X+guakozwiDW2DQDxZTFtaNKcrr0oPKa1Cn - ZOkzYH6Zwoc0Cw== - =4e5L + hF4DCvJ7ODFw5jQSAQdAoSxKmoTPq3yDgcXE3Dn6oS/yy/aHkFZEgQAR/UC7xwYw + 8Oqo6j5XATs/hoShbQRNPkLjtagmehW87qk2QckfiVH08MM3SZ8lhFTWs9/jsQSi + 1GgBCQIQqOSY+v/i1JWEPvXW/3nLRa1lvpnj8P6yYbRZQ6F3Dd+wgzAcmckko+M8 + x+T1x9XcKUtr1eEMhozzzy0hEMPCl7AzDIl7AUALnaCkT6Wxd9ce6NkEneMroHol + YK1GYaVYIR+cgw== + =DI3a -----END PGP MESSAGE----- fp: 22FB2CC03DC5292AB81CF67D0AF27B383170E634 unencrypted_suffix: _unencrypted diff --git a/system-modules/sshd.nix b/system-modules/sshd.nix index 3e2cb10..a1578fc 100644 --- a/system-modules/sshd.nix +++ b/system-modules/sshd.nix @@ -4,7 +4,7 @@ environment.etc."ssh/ssh_host_ed25519_key.pub".text = if (host == "NxNORTH") then "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1r5gUQPPS/dGB0SsvWtP6WdNWoxMwhhHRrqlO19cJt root@NxNORTH" else if ( host == "NxXPS") then - "" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPf+08+t8a0lY2+nR1mhIU3vuksStiJOlojJjzCwFk7r root@NxXPS" else ""; sops.secrets."ssh/${host}-ssh_host_ed25519_key" = { diff --git a/system-modules/syncthing.nix b/system-modules/syncthing.nix index b220ba4..c397ce3 100644 --- a/system-modules/syncthing.nix +++ b/system-modules/syncthing.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, user, host, secrets, ...}: +{ config, lib, user, host, secrets, ...}: let # helper funcitons conv = _: device: with device; { "${name}" = {id = id;};}; @@ -25,14 +25,8 @@ lib.mkIf (user != "tv") { sops.secrets = { - "syncthing/${host}-cert.pem" = { - owner = user; - # path = "/home/${user}/.config/syncthing/cert.pem"; - }; - "syncthing/${host}-key.pem" = { - owner = user; - # path = "/home/${user}/.config/syncthing/key.pem"; - }; + "syncthing/${host}/cert.pem" = { owner = user; }; + "syncthing/${host}/key.pem" = { owner = user; }; }; services.syncthing = with (builtins.mapAttrs conv devices); { @@ -40,10 +34,8 @@ lib.mkIf (user != "tv") user = "${user}"; dataDir = "/home/${user}/.local/share/syncthing"; # useless ? configDir = cd; - # key = "/home/${user}/.config/syncthing/key.pem"; - # cert = "/home/${user}/.config/syncthing/cert.pem"; - key = config.sops.secrets."syncthing/${host}-key.pem".path; - cert = config.sops.secrets."syncthing/${host}-cert.pem".path; + key = config.sops.secrets."syncthing/${host}/key.pem".path; + cert = config.sops.secrets."syncthing/${host}/cert.pem".path; overrideDevices = true; overrideFolders = true; guiAddress = if ( host == "NxACE" ) then "0.0.0.0:8384" else "127.0.0.1:8384"; @@ -58,12 +50,13 @@ lib.mkIf (user != "tv") folders = with dirs; if (host == "NxXPS") then { "${default.name}" = { path = default.path; - devices = with devices; (justname [ north ace s21u ]); + devices = with devices; (justname [ north s21u ]); + # devices = with devices; (justname [ north ace s21u ]); }; } else if (host == "NxNORTH") then { "${default.name}" = { path = default.path; - devices = with devices; (justname [ s21u ]); + devices = with devices; (justname [ s21u xps ]); # devices = with devices; (justname [ xps ace s21u ]); }; } else {