john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

soteria mtls cleanup

Browse Source
This commit is contained in:
John Lancaster
2026-03-24 22:01:07 -05:00
parent b6be6eba68
commit 6bf45ce941
1 changed files with 11 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/hosts/soteria/soteria.nix
+11 -38
View File
@@ -26,42 +26,6 @@ in
hostname = hostname; hostname = hostname;
caURL = caURL; caURL = caURL;
}; };
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets."janus/admin_password" = {
owner = "${hostname}";
};
# mtls = {
# enable = true;
# subject = hostname;
# caURL = caURL;
# san = [
# "${hostname}.john-stream.com"
# # "192.168.1.244"
# ];
# };
# restic.envoy = {
# enable = true;
# port = 10000;
# spiffePrefix = "spiffe://john-stream.com";
# upstreamHost = "127.0.0.1";
# upstreamPort = 8000;
# logLevel = "debug";
# policies = {
# ubuntu-policy = {
# pathPrefix = "/john-ubuntu";
# principal = "spiffe://john-stream.com/ubuntu";
# };
# p14-policy = {
# pathPrefix = "/john-p14s";
# principal = "spiffe://john-stream.com/john-p14s";
# };
# gitea-policy = {
# pathPrefix = "/gitea";
# principal = "spiffe://john-stream.com/gitea";
# };
# };
# };
home-manager.users."${username}" = { home-manager.users."${username}" = {
imports = with inputs.self.modules; [ imports = with inputs.self.modules; [
@@ -72,17 +36,19 @@ in
]; ];
}; };
flake.modules.homeManager."${hostname}" = { config, ... }: { flake.modules.homeManager."${hostname}" = { config, lib, pkgs, ... }: {
imports = with inputs.self.modules; [ imports = with inputs.self.modules; [
homeManager.rebuild homeManager.rebuild
homeManager.mysops homeManager.mysops
homeManager.mtls homeManager.mtls
homeManager.docker
]; ];
homeManagerFlakeDir = "${config.xdg.configHome}/home-manager"; homeManagerFlakeDir = "${config.xdg.configHome}/home-manager";
home.username = "${username}"; home.username = "${username}";
home.homeDirectory = "/home/${username}"; home.homeDirectory = "/home/${username}";
shell.program = "zsh"; shell.program = "zsh";
docker.enable = true;
home.file.".step/config/defaults.json".text = builtins.toJSON { home.file.".step/config/defaults.json".text = builtins.toJSON {
"ca-url" = "https://janus.john-stream.com/"; "ca-url" = "https://janus.john-stream.com/";
@@ -90,6 +56,12 @@ in
root = "${config.home.homeDirectory}/.step/certs/root_ca.crt"; root = "${config.home.homeDirectory}/.step/certs/root_ca.crt";
}; };
# sops.secrets."janus/admin_password" = {
# path = "${config.home.homeDirectory}/.janus";
# mode = "0400";
# sopsFile = ./secrets.yaml;
# };
mysops.hostSecretFile = "${config.xdg.configHome}/home-manager/modules/hosts/soteria/secrets.yaml"; mysops.hostSecretFile = "${config.xdg.configHome}/home-manager/modules/hosts/soteria/secrets.yaml";
mtls = { mtls = {
enable = true; enable = true;
@@ -99,8 +71,9 @@ in
"${hostname}.john-stream.com" "${hostname}.john-stream.com"
"192.168.1.142" "192.168.1.142"
]; ];
lifetime = "1h";
renew.postCommands = [ renew.postCommands = [
"docker restart envoy" "${lib.getExe pkgs.docker} restart envoy"
]; ];
}; };
}; };