create shared nixos config between physical and VM

rename nixos -> nix
2024-01-28 12:06:30 +01:00 · 2024-01-28 12:06:30 +01:00 · 32154e7163
commit 32154e7163
parent 472175c5a3
39 changed files with 114 additions and 196 deletions
--- a/nixos/secrets/README.md
+++ b/nixos/secrets/README.md
@ -1,5 +0,0 @@
-To create a secret:
-
-```bash
-nix run github:ryantm/agenix# -- -e secret.age
-``
--- a/nixos/secrets/atlas_host_ed25519.age
+++ b/nixos/secrets/atlas_host_ed25519.age
--- a/nixos/secrets/atlas_user_ed25519.age
+++ b/nixos/secrets/atlas_user_ed25519.age
--- a/nixos/secrets/borg_passphrase.age
+++ b/nixos/secrets/borg_passphrase.age
@ -1,15 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 UwNSRQ Lr6HfHB1pQVAVESUkR1a1ie8o9cTtCa0LA4y20UvfRU
-8X+VZUfk2oRrM+A4pZC/6yyexo2Kr8MO7isiXPsnOJk
-> ssh-ed25519 JJ7S4A fngT1OkV0pfig7UZ4vA8CWFDWc//xn2KWRsk1+EI0Ac
-9J+I87tFasCug4rVaXJKNKzxr450YtZUypSTmwf/r7g
-> ssh-ed25519 aqswPA I/RtBp+6CgMOPs41nbd8CqBgpgch8ixRGbzacXSDKRE
-adBD/lskyXK/QU+v/OlQ1wQK7PkhALpdxgHUc1i+jcU
-> ssh-ed25519 LAPUww JtDnT4+NqLMBc+LpQSh0eQnSyXzJOHHbaZFNQmxIdC0
-/DjWq9XUAH3xZvU1PlB7Q70LQ0x9SRMmaSYQ+DyQZEM
-> ssh-ed25519 vBZj5g 4YBFh5e32ZHr8byvd4vbZ9zljHO4FTrJGhsZiH//KVw
-iA+foYHtgt2PjBG9yfBWNLeygiIbW3MsbUQdVWgyrno
-> ssh-ed25519 QP0PgA urlidySF5ZG9ILjdPuJPX6V/aDIAYzwBVd+XopDF5UA
-NL/RxiKPRn+uZW37jJKLOHCaktuvzm0SIwcMmBgF5CY
--- aeaUWpBxSTjrcDDQa6Zk2dcdvhsdqs22JlvkduILpqE
-âå™§òQú²à¡)Š„Åçä¿7bt¡íu+Õ<>=¼¯M£ÁlìMúzsÕÚ8ð…	aÿ
--- a/nixos/secrets/database_passwords.env.age
+++ b/nixos/secrets/database_passwords.env.age
@ -1,16 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 UwNSRQ XKuX/onJklTJ1ws0svIwJy1PZN1MHsf5+N3z7XGvCyY
-JkyemSdV/ZcbjWLrwYLhKCE4Ln2seLR0WyYXGMepgBw
-> ssh-ed25519 JJ7S4A 9wzkTABOPcmTG7LNWvZa7dKG0Ingf+KDckZ1tL2c3QQ
-IkxcStI4kwXkWj+j3PWl7FdyoVMVsiH9SZBnyffbcYQ
-> ssh-ed25519 aqswPA 3i/v1qWLseD+FrPrnAXtSoK98a6Nrb3XrHinp2QPTn0
-RxuPM1oICEoF5oZAyQlCm+fOivI9sfZenZSlOGBIZK8
-> ssh-ed25519 LAPUww MkvAMN/fZiV66+ub4Q/CDTIxJ3N3cMWBT0SQajespR0
-uh6SGtxR3BvsU/fTTTOnsNXD+bHNYMhTAFoc3QUtMr8
-> ssh-ed25519 vBZj5g Jiu1sEmlws4eFPriuL2oS99Q9tFCyf4Zkv/khLONvT0
-cLLHcvmIb1Nb7eVmKJyYdvfulgbcZ73N0x6GWyKeJPs
-> ssh-ed25519 QP0PgA A1Raf1CiVJ5tnJXRIeS0VpCUNX/iYNzGozQxApY9KGM
-998c6IZfPNW8uMttkK8xGp1hgKXBcrwuBOgOpXWPCu8
--- /Qv6sfhphlYb9WtWdmPt6RZJPHxBO4jCSgauazsHIt8
-1kYiL7¸<37>Áª-Ç}—`ýŠƒÇNƒV‹oäCñ'ÞÛ§ýhßô[øvDŠU€pv×½¶Òõ¦~e‰Â0yœ¦ÿ—ÑÄ2`•Ý<E280A2>ºîÆ±ŽïÑ¥ÂÔåú8›/´ª	¸
-÷MEÐŽh·sÈqÌâ¤|ßkØªí<Ó°¡+ÊÍ9eË0óŸ‘¸;)Ï?IL-ëÓJY¾gðpk+Ûí’úˆHRûé5ÔÍÉÛ¥ú”§„Ø×på :8·ùo©þ1¥zâs—`•_MSÒí«Q˜;Q_o]·
--- a/nixos/secrets/ec2_borg_server.pem.age
+++ b/nixos/secrets/ec2_borg_server.pem.age
--- a/nixos/secrets/jefke_host_ed25519.age
+++ b/nixos/secrets/jefke_host_ed25519.age
--- a/nixos/secrets/jefke_user_ed25519.age
+++ b/nixos/secrets/jefke_user_ed25519.age
--- a/nixos/secrets/lewis_host_ed25519.age
+++ b/nixos/secrets/lewis_host_ed25519.age
--- a/nixos/secrets/lewis_user_ed25519.age
+++ b/nixos/secrets/lewis_user_ed25519.age
--- a/nixos/secrets/postgresql_server.key.age
+++ b/nixos/secrets/postgresql_server.key.age
--- a/nixos/secrets/secrets.nix
+++ b/nixos/secrets/secrets.nix
@ -1,43 +0,0 @@
-let
-  pkgs = import <nixpkgs> { };
-  lib = pkgs.lib;
-
-  publicKeyURLs = [
-    "https://github.com/pizzapim.keys"
-    "https://github.com/pizzaniels.keys"
-  ];
-
-  encryptedFileNames = [
-    "jefke_host_ed25519.age"
-    "jefke_user_ed25519.age"
-    "postgresql_server.key.age"
-    "atlas_host_ed25519.age"
-    "atlas_user_ed25519.age"
-    "lewis_host_ed25519.age"
-    "lewis_user_ed25519.age"
-    "database_passwords.env.age"
-    "borg_passphrase.age"
-    "ec2_borg_server.pem.age"
-  ];
-
-  machinePublicKeys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJUSH2IQg8Y/CCcej7J6oe4co++6HlDo1MYDCR3gV3a root@jefke.hyp"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZ1OGe8jLyc+72SFUnW4FOKbpqHs7Mym85ESBN4HWV7 root@atlas.hyp"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5lZjsqS6C50WO8p08TY7Fg8rqQH04EkpDTxCRGtR7a root@lewis.hyp"
-  ];
-
-  fetchPublicKeys = url:
-    let
-      publicKeysFile = builtins.fetchurl { inherit url; };
-      publicKeysFileContents = lib.strings.fileContents publicKeysFile;
-    in
-    lib.strings.splitString "\n" publicKeysFileContents;
-
-  adminPublicKeys = lib.flatten (builtins.map fetchPublicKeys publicKeyURLs);
-
-  allPublicKeys = lib.flatten [ machinePublicKeys adminPublicKeys ];
-
-  publicKeysForEncryptedFileName = encryptedFileName:
-    { "${encryptedFileName}".publicKeys = allPublicKeys; };
-in
-lib.attrsets.mergeAttrsList (builtins.map publicKeysForEncryptedFileName encryptedFileNames)