pim/nixos-laptop
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

add secret for k3s admin private key

Browse source 
manage kubeconfig with home manager for k8s cluster access
This commit is contained in:
Pim Kunis 2023-12-14 21:39:56 +01:00
parent 69cbed2ea9
commit 6f64ae8776
4 changed files with 35 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
home-manager/default.nix
View file

@ -31,7 +31,15 @@
(pkgs.nerdfonts.override { fonts = [ "Hack" ]; }) (pkgs.nerdfonts.override { fonts = [ "Hack" ]; })
virt-manager virt-manager
gnome.gnome-tweaks gnome.gnome-tweaks
impression
poppler_utils # For pdfunite
silicon
]; ];
file.k3s-pim-privkey = {
target = ".kube/config";
source = ./kubeconfig.yml;
};
}; };
programs = { programs = {
@ -105,6 +113,11 @@
source = ../secrets/postgresql_client.key.age; source = ../secrets/postgresql_client.key.age;
symlinks = [ "${config.xdg.configHome}/home/postgresql_client.key" ]; symlinks = [ "${config.xdg.configHome}/home/postgresql_client.key" ];
}; };
file."k3s-pim-privkey" = {
source = ../secrets/k3s-pim-privkey.age;
symlinks = [ "${config.home.homeDirectory}/.kube/k3s-pim-privkey" ];
};
}; };
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;

19
home-manager/kubeconfig.yml Normal file
View file

@ -0,0 +1,19 @@
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTURJMU56UXlOVGt3SGhjTk1qTXhNakUwTVRjeE56TTVXaGNOTXpNeE1qRXhNVGN4TnpNNQpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTURJMU56UXlOVGt3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFUMzdYdlBzUG9DeTk3Nm1zWm9qTHBlUklieVB5NWFPV0NJWXpyZVpUcVYKUlo4cDVyME1RdVViV0crNTJqQ1ZjNCtrZGN3WVkwRXRDaUpkZ21LSU5RcTRvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWx1ZGcvZWd0bUMvWkNiaTZMRkNnClhIaXFtL2t3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUlTbHJ2TmVTc3RtVlFLVWp2STF3UlZPb0RMWEJjWDEKelpZOURUNW9WM214QWlBT2JKRThOaldOSUdSZE1FcWpXZXhUd1M5RUlGbGs2eUEwOXNjS0FmRUNXUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
server: https://jefke.hyp:6443
name: default
contexts:
- context:
cluster: default
user: pim
name: default
current-context: default
kind: Config
preferences: {}
users:
- name: pim
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJWVENCL0tBREFnRUNBaEFWemhyQ3QwZzFQMWJXZW1IUGx2SUZNQW9HQ0NxR1NNNDlCQU1DTUNNeElUQWYKQmdOVkJBTU1HR3N6Y3kxamJHbGxiblF0WTJGQU1UY3dNalUzTkRJMU9UQWVGdzB5TXpFeU1UUXhPVEl3TURCYQpGdzB5TkRFeU1UTXhPVEl3TURCYU1BNHhEREFLQmdOVkJBTVRBM0JwYlRBcU1BVUdBeXRsY0FNaEFDYWxxaUdFCjdvcVo0SFNvLy95RGhqZXJrVVA5WWg4QXdFbHFnMXI4NGpvbG8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXcKRXdZRFZSMGxCQXd3Q2dZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JTZQpkenA2TzVhajU4NGtML2FJM0pvTHhkOUtQakFLQmdncWhrak9QUVFEQWdOSUFEQkZBaUF3eDJISGNOcVd4bkhyCmkvRVg2SmJRVlRZYThmTzhpYTdMOXRYWS84OXlQQUloQVBSanlmMU0waWtCZU95VUVUODVLS1dNaDFhbWRNZVUKSUFBZTM2WDVUSVRDCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
client-key: k3s-pim-privkey

BIN
secrets/k3s-pim-privkey.age Normal file
View file

Binary file not shown.

4
secrets/secrets.nix
View file

@ -5,7 +5,8 @@ let
publicKeysFile = builtins.fetchurl { url = publicKeysURL; }; publicKeysFile = builtins.fetchurl { url = publicKeysURL; };
publicKeys = pkgs.lib.strings.splitString "\n" publicKeys = pkgs.lib.strings.splitString "\n"
(pkgs.lib.strings.fileContents publicKeysFile); (pkgs.lib.strings.fileContents publicKeysFile);
in { in
{
"wg-quick-home-privkey.age".publicKeys = publicKeys; "wg-quick-home-privkey.age".publicKeys = publicKeys;
"wg-quick-home-preshared-key.age".publicKeys = publicKeys; "wg-quick-home-preshared-key.age".publicKeys = publicKeys;
"sue_ed25519.age".publicKeys = publicKeys; "sue_ed25519.age".publicKeys = publicKeys;
@ -18,4 +19,5 @@ in {
"keepassxc.ini.age".publicKeys = "keepassxc.ini.age".publicKeys =
publicKeys; # Secret agent causes private keys in config file. publicKeys; # Secret agent causes private keys in config file.
"postgresql_client.key.age".publicKeys = publicKeys; "postgresql_client.key.age".publicKeys = publicKeys;
"k3s-pim-privkey.age".publicKeys = publicKeys;
} }