setup radicle node again

2025-10-01 14:21:25 +02:00
parent 00967e3852
commit 1a42b79c81
5 changed files with 20 additions and 30 deletions
--- a/machines/crocus/configuration.nix
+++ b/machines/crocus/configuration.nix
@@ -4,7 +4,7 @@
 }:
 {
  imports = [
-    # ./radicle.nix
+    ./radicle.nix
    ../../system/core
    ../../system/nix
    ../../modules/remote-builder.nix
--- a/machines/crocus/radicle.nix
+++ b/machines/crocus/radicle.nix
@@ -1,9 +1,13 @@
-{ config, keys, ... }:
+{
+  config,
+  pkgs,
+  ...
+}:
 {
  services.radicle = {
    enable = true;
-    privateKeyFile = config.clan.core.vars.generators.radicle.files.radicle-private-key.path;
-    publicKey = keys.services.radicle;
+    privateKeyFile = config.clan.core.vars.generators.radicle.files."id_ed25519".path;
+    publicKey = config.clan.core.vars.generators.radicle.files."id_ed25519.pub".value;
    node = {
      openFirewall = true;
    };
@@ -15,13 +19,20 @@
        forceSSL = true;
      };
    };
+    settings = {
+      web.avatarUrl = "https://rpqt.fr/favicon.svg";
+      description = "rpqt's radicle node";
+    };
  };

  clan.core.vars.generators.radicle = {
-    prompts.radicle-private-key = {
-      description = "radicle node private key";
-      type = "hidden";
-      persist = true;
-    };
+    files."id_ed25519".secret = true;
+    files."id_ed25519.pub".secret = false;
+    runtimeInputs = [ pkgs.openssh ];
+    script = ''
+      ssh-keygen -t ed25519 -f "$out"/id_ed25519 -N "" -C "radicle"
+    '';
  };
+
+  clan.core.state.radicle.folders = [ "/var/lib/radicle" ];
 }
--- a/vars/per-machine/crocus/radicle/id_ed25519.pub/machines/crocus
+++ b/vars/per-machine/crocus/radicle/id_ed25519.pub/machines/crocus
@@ -1 +0,0 @@
-../../../../../../sops/machines/crocus
--- a/vars/per-machine/crocus/radicle/id_ed25519.pub/secret
+++ b/vars/per-machine/crocus/radicle/id_ed25519.pub/secret
@@ -1,19 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:vuMn3T+3/BdO3pgArEzzul28SyX29I9K8nwpLXsaH3qijdB/vJDPRQQb46fKhXwnIiacTnPBMwF+65PTaOxc+J7MpadZxYVD4SOQIKfXf9nyii1O2yiEcBEXBCOl,iv:JsLd4hBmkKViCBMcoaR9KJB4U9EemhU7frydMciJIIY=,tag:aEKpuLyZYP1R+NtjKVsHeQ==,type:str]",
-	"sops": {
-		"age": [
-			{
-				"recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSFo5bEk3NUtaOXpEVDNa\nOXUwZXhNYjYxZE15L3V6NTlyNDdsMnp6TURVCmxid2VuaWQ5ZTNZYUVkc2krR0lU\nRXRGU2JsNXNsd0xEeWRtZEtOR1RsUkkKLS0tIG9ZaGZRVWlXN2w3ZCsycGdoaWVs\nU1FGSldZa2tZOTlFWlFlNkxVQ2xqK3cKnA6CnGuil7WR3+e6k1/JblzPE8lxKR55\nDev4Ina9YAEAdP1C5g7at3CvhrARzfjHXfY193MWmm2NOG8NUfkcwQ==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxUGd2dHVXOHVPNXlGK1Na\nem40RUs2N1Q5clJIOHpsQ2dIYThKZ2hXb1NRCk51bjZTSWkvdWQyYzl4MDNNOE9N\nVUhqbzdvUUVBRTRrYXVBVDF6SEJRMW8KLS0tIFpxWCt6bTJQSlUzRWFjUXFWNFpk\nWjJaVlhuYllJZlZQRWVObXJnVjNPbmcKQD5NG7MaKlumfKOLgc6vzBWr9lFVGNLo\nWbvtwL7Y3LPRzQoFfed+VE0NGFI/EexBT5EN5vJwPNsGD3RQFjwjcQ==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2025-10-01T11:35:08Z",
-		"mac": "ENC[AES256_GCM,data:iYlQAmtfRn9dT9gN5QksoAXyg5k7aWc4KO3nsgRpogF/63n+0RAzqGz4O+Hr9RgiIzVo1ThUMIaVaPCTKYvUJ0BH2RZI3MmWV8BNG8FedFaO/fK7zGjuxoFaUC0LOUPX03QcZDYanbDulZ1NL+w1NxZZuCEZ1g6uVH3YewaxBuc=,iv:vvTQ/Wm4xtfaH7Oy6qGANp9YWVHgvRAuVZPfzcxU/dY=,tag:/HBo14UIp9YtyLv1vGu8vw==,type:str]",
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.10.2"
-	}
-}
--- a/vars/per-machine/crocus/radicle/id_ed25519.pub/users/rpqt
+++ b/vars/per-machine/crocus/radicle/id_ed25519.pub/users/rpqt
@@ -1 +0,0 @@
-../../../../../../sops/users/rpqt