change encypt key from gnupg to age. And encrypt dae url

2025-01-12 17:18:01 +08:00 · 2025-01-12 17:18:01 +08:00 · 991a8b4bbc
commit 991a8b4bbc
parent 7d52c44603
9 changed files with 73 additions and 44 deletions
--- a/nixos/configurations/Tytonidae/dae/default.nix
+++ b/nixos/configurations/Tytonidae/dae/default.nix
@ -1,4 +1,9 @@
-{ pkgs, config, ... }:
+{
+  pkgs,
+  config,
+  rootPath,
+  ...
+}:
 {
  services.dae = {
    enable = true;
@ -9,7 +14,10 @@
    disableTxChecksumIpGeneric = false;
    config = builtins.readFile ./config.dae;
  };
-  environment.etc."dae/urls.txt".source = ./urls.txt;
+  sops.secrets.url = {
+    mode = "0444";
+    sopsFile = rootPath + "/secrets/general.yaml";
+  };
  systemd.services =
    let
      new_proxy = "/etc/dae/proxy.d.new";
@ -17,7 +25,7 @@
      update = ''
        num=0
        check=1
-        urls="$(${pkgs.coreutils}/bin/cat /etc/dae/urls.txt)"
+        urls="$(${pkgs.coreutils}/bin/cat ${config.sops.secrets.url.path})"
        mkdir -p ${new_proxy}
        for url in "''${urls}"; do
          txt=${new_proxy}/''${num}.txt
@ -49,6 +57,7 @@
        before = [ "dae.service" ];
        serviceConfig = {
          Type = "oneshot";
+          User = "root";
          ExecStart =
            let
              script = pkgs.writeTextFile {
--- a/nixos/configurations/Tytonidae/dae/urls.txt
+++ b/nixos/configurations/Tytonidae/dae/urls.txt
@ -1 +0,0 @@
-https://bava8u2znaj6bdzzjnfb.wgetcloud.online/link/df057715-3fa5-38c8-b550-316aa84c22c1?target=v2rayn&list=1&simple=1
--- a/nixos/configurations/Tytonidae/default.nix
+++ b/nixos/configurations/Tytonidae/default.nix
@ -25,6 +25,10 @@
    hostName = "Tytonidae";
  };

+  programs.gnupg.agent = {
+    enable = true;
+  };
+
  networking.hostName = "Tytonidae";

  time.timeZone = "Asia/Shanghai";
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@ -16,6 +16,7 @@
    ++ [
      ./nix.nix
      ./home.nix
+      ./sops.nix
    ];

  config = {
--- a/nixos/modules/sops.nix
+++ b/nixos/modules/sops.nix
@ -0,0 +1,20 @@
+{
+  rootPath,
+  config,
+  ...
+}:
+{
+  config = {
+    sops.defaultSopsFile = rootPath + "/secrets/general.yaml";
+    sops.age =
+      let
+        unixName = config.youthlic.home-manager.unixName;
+        cfg = config.users.users."${unixName}";
+      in
+      {
+        keyFile = "${cfg.home}/.config/sops/age/keys.txt";
+        sshKeyPaths = [ ];
+        generateKey = false;
+      };
+  };
+}
				`@ -1 +0,0 @@`
				`https://bava8u2znaj6bdzzjnfb.wgetcloud.online/link/df057715-3fa5-38c8-b550-316aa84c22c1?target=v2rayn&list=1&simple=1`