From 1da1b8422b9447d0a174df7c7fef3eed3c5a8687 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Mon, 16 Oct 2023 10:59:27 +0200 Subject: [PATCH] deploy work ssh keys using homenix closes #16 --- configuration.nix | 5 ++--- home/home.nix | 24 +++++++++++++++--------- home/ssh/default.nix | 2 +- secrets/secrets.nix | 10 +++++++--- secrets/sue_azure_rsa.age | Bin 0 -> 2882 bytes secrets/sue_ed25519.age | Bin 0 -> 684 bytes 6 files changed, 25 insertions(+), 16 deletions(-) create mode 100644 secrets/sue_azure_rsa.age create mode 100644 secrets/sue_ed25519.age diff --git a/configuration.nix b/configuration.nix index 6f27176..b818a86 100644 --- a/configuration.nix +++ b/configuration.nix @@ -42,7 +42,7 @@ in btop ripgrep vim - dnsdog + dogdns tree ]; gnome.excludePackages = with pkgs; [ gnome.totem gnome-tour gnome.epiphany gnome.geary gnome-console ]; @@ -77,8 +77,7 @@ in age.secrets.wg-quick-home-privkey.file = ./secrets/wg-quick-home-privkey.age; age.secrets.wg-quick-home-preshared-key.file = ./secrets/wg-quick-home-preshared-key.age; - age.identityPaths = [ "/home/pim/.ssh/id_ed25519" ]; - + age.identityPaths = [ "/home/pim/.ssh/age_ed25519" ]; networking.wg-quick = { interfaces.home = { diff --git a/home/home.nix b/home/home.nix index bfba3fd..dae49c6 100644 --- a/home/home.nix +++ b/home/home.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: { imports = [ @@ -45,12 +45,18 @@ xdg.userDirs.enable = true; - # homeage = { - # identityPaths = [ "/home/pim/Downloads/rage/homeage-test/identity.txt" ]; - # installationType = "systemd"; - # file."helloworld" = { - # source = ./homeage-test/source.txt.age; - # symlinks = [ "/home/pim/Downloads/rage/homeage-test/result2.txt" ]; - # }; - # }; + homeage = { + identityPaths = [ "/home/pim/.ssh/age_ed25519" ]; + installationType = "systemd"; + + file."sue_ed25519" = { + source = ../secrets/sue_ed25519.age; + symlinks = [ "${config.home.homeDirectory}/.ssh/sue_ed25519" ]; + }; + + file."sue_azure_rsa" = { + source = ../secrets/sue_azure_rsa.age; + symlinks = [ "${config.home.homeDirectory}/.ssh/sue_azure_rsa" ]; + }; + }; } diff --git a/home/ssh/default.nix b/home/ssh/default.nix index bff9550..b5c52e1 100644 --- a/home/ssh/default.nix +++ b/home/ssh/default.nix @@ -9,7 +9,7 @@ matchBlocks = { gitlab-sue = lib.hm.dag.entryBefore [ "*" ] { hostname = "gitlab.com"; - identityFile = "~/.ssh/sue/id_ed25519"; + identityFile = "~/.ssh/sue_ed25519"; identitiesOnly = true; }; github = lib.hm.dag.entryBefore [ "*" ] { diff --git a/secrets/secrets.nix b/secrets/secrets.nix index fb70817..8a09ab6 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,7 +1,11 @@ let - pim = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILTxn6fDUyEOWhuapt5GptYPZay+3tNH+UeY7aq8KSbh pim@x260"; + publicKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILTxn6fDUyEOWhuapt5GptYPZay+3tNH+UeY7aq8KSbh pim@x260" + ]; in { - "wg-quick-home-privkey.age".publicKeys = [ pim ]; - "wg-quick-home-preshared-key.age".publicKeys = [ pim ]; + "wg-quick-home-privkey.age".publicKeys = publicKeys; + "wg-quick-home-preshared-key.age".publicKeys = publicKeys; + "sue_ed25519.age".publicKeys = publicKeys; + "sue_azure_rsa.age".publicKeys = publicKeys; } diff --git a/secrets/sue_azure_rsa.age b/secrets/sue_azure_rsa.age new file mode 100644 index 0000000000000000000000000000000000000000..4d2567dd0fe9f78d02b1f54f7b9582145a3b776e GIT binary patch literal 2882 zcmV-I3%&GVXJsvAZewzJaCB*JZZ2Mb7Dw(bWTxfT1HSdFlP!_HdR$wHDN|n zI5Ao=RcTT)XEs?cRx)o^Q8PtVXi9NrYgk!EYIiqOZcz#?J|H`GCSyb_LP;%Wa%Ew2 zWeR00VNXVHF+);VWo<-sPG&Z8c|l=uPh&%OLN!_|YF9N$VtGYVW@I;PLU>FsQAk*8 zP+2c^Z*fygT4)L_EiE8(HbOy8GjUBXa#Cq>WMODUGi_udj=(n!4Yb`a}v1Mox?ErL^q{9+a8)uA#31S zj}`6kh%Xrr;3T%>Vy|^5_ZuD~PVK~DJn$StAu&fS3?%1j7f;;8R=cL2IM+(KGLH=FV7| zCp_Zym*tCIa3W#w{Qlkch6a=18P7m{+1_xqVAk*0Kxhv8qlT-mWO`P(UEYV#L6MG1 z$>>o;NW19tI!iy#&$DKtTdh?HmZ!ajD4qau305np`4~3W=K1X zYmf4ji@|`A8`bR%RFcaTcBJqoNFyGkr$ii=nnePnyu8z|UO>98<96lShBO{hv=AGw zk(xX~_E7t?Y@KN7HDJ!}IKEgU@Brc@khyC`ziq8UKMi8KCnh|inL4R4ef`;LsO(bw zWO4}i=Bf0P=qb)%ep5mhCa>QnV+@@X!EpG|*V$jTl>}hZgeBtI{sV=`cOi#P0;RCY z(SYs~wST4!4yXB_r~;|gww|u*8AlzKuk~fSMzpiUF{x*R-VSxW(esnMO7>-I=;(8r zZA2n;1^)CYS2B>CgZ+mt(uNR&DXUe=HvZo(d|>Cmkv3PIuib*?49uyF89VjNGLBB+#bP z5%bUuN)|n2cx4SS=XwXo^v8V^dp8@>B8`k$I8F?hc^ z&IvAY-IeiRtZNxU$A=wYodH<#UnDKjm1j_tY# zONlsKOWaxtwl)jb>@a9Ir6_g{s|2^YEoOAXHTgJ0rI6b9ONdUvF) z=yifCdwIKZD+7JF0aU^vHE)t3DeOirCc`>+{1% zT_pEP`T*K_ct>Qo;hL?=BeJuw2s%%tgc!gZC2y~-fWpl)olLF}6c-oU`YP=>G_IRQ zn5o=n5R(|^%4AZUS;%CHj67=4wV!>X$mBXo6rtldkcGszW8;jFu~7| z0JL>y#Jc1Dq#=OSWt}c~9_q&~ zG6G5We&$P=+Hvs}lzzBypsKbFt~|i_OmjZD;T$@gz0wLllJ-o2@O;G{h}9h*3J@#M z2=X;W!XlDBmQe>eZFz`+=s`YFX1jxvr^KQO(J3@D+SVu872Im9MYG^W)KHuLURlG* zK(GuVl6=kIReg&Nu|31Usc==5!c>5Mw$N0l@x|Z-~0pCQAK(zQopoyU1HyhNS0Py2!ul zK90M!8X}{#=4D|B+CH+DqcR5=xA)qV`o(wDO&SeA5il4E_bg`g%j+>UwZn!j`p^x~ zY1oF9Xl(zqy@fz&_!xh93JmKjTQX}SCg53f+y52oq1c`D=N!(qCG@MKIWZJw=(uki zdvaWBOOe-;e%09i@W(o@D(}%D+bPGL4^HRpLdf*$0*nPz!l0z93~ARa7b^tpB1zF& z984gl{8?lZtrjbn{SR00lF=oP7hYJ2W2rkFxhLfIbE5^x>2AjEo6Ek*afT35Wejzo8K7GS8vvEo_QUqcown|X ze6)oVsqbwiOjrJ(93Tuw`5~LI+L(erjxoRzCriqjGZ&IFBM#0#t)RB6Mb6{itm*gN zQQsYIV5+eb3FJL>`Ivz-ce+MAKU76XT%*-dk<<(B%3OEzj=nDyb{Z_5uH()?U732u z!4j%-?o>oMX+8~<%vL3FB(?v?dZszx|F6OsLF?sW{2qkk{n*-gb3cDtOXhpRNU&BK z`83&ulZ!yIH@`0v-No!|qmvuZD+*ZG=CJPdYe4%$x~Nl5AibICd@Ugn4UJqNDl95o z1K8SITob$HB$yp8%3Ru>Zf)R)O(7ys|C{wCX`lQVxnq`6#?P>6@6V554w>K4`%f@+ z25k!IpDGrtH*>;S8!qXFRsQQFFZ#z=<_Ceu=ZQm71M@Jpfv7-x+vM6OkH0Z>cXEU9b0Y z&X62bu!}{|K2cm4s%x=PM8CqLlR06+qD@v{Z>B?M0rr-s;^#LWd@`ja6|Z4^ahio4 zoL5;`$`YwqT*NNKB?EQ67LKzGqRzbNMs}C0^ob7WaYX=rS0FLEntSanHNbYpFDb!Ba2YA_0SOgC3{D@HIm zNK;v4RYg-WcuPibI7d)zXEsM{Q*vlZL1%4eWJqI9WH<^fJ|H44bzUoHXF)Aza%Ew2 zWgsOXMt&q9TV8PrY->n#Q*dP~PfR&RGgMP|Xl6=yaYRfsT2n+(HC1FwT1q!bNn>wA zL|HTnEiEk|G%!dvGg2>1L}fWbPir%7XlQd}bu?&DNJ3L%a7Zv^HA*XIR(MNSGgB}M z97JKdB%ukzDk6hmBw+pG{G zu;&rgt;~~^FQ#KV&<6X3{2+abFjpR&SIj=D*!mYveW`Qa3|cp-I{>_H++Ru5?4)Y{ zZ!{W+gthLpMgK<;xeN~`8!J|gd;;g+MR?vDiqpbdQ154PSK z(M1rR?{p@0qLxc*i2S7z$?J&oAhNHPMED7VSqGumn=- zr~&0n4aDqR3@|)*@3dVaGQC~_`kpT9OVyP}hMGN3^Cd$*w7%bpNInF%HG`CuQjE|w z!u7QfchG<;%c;$(s7=DzOz>~w4d)dPq*{;QMQXf7Uv$DTQ)De57&f=s`0cfy;$|Di zc_(