From 30b56a017b1b7e57b2f8b1e6c2da585e0c9db913 Mon Sep 17 00:00:00 2001 From: Danilo Reyes Date: Sun, 16 Jun 2024 16:45:56 -0600 Subject: [PATCH] turned ssh key assignation into lambda --- jawz.nix | 25 ++++++++++++------------- secrets/secrets.yaml | 6 +++--- 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/jawz.nix b/jawz.nix index 7687e60..2c19b77 100644 --- a/jawz.nix +++ b/jawz.nix @@ -1,18 +1,17 @@ { config, ... }: { - sops.secrets = { + sops.secrets = let + keyConfig = file: { + owner = config.users.users.jawz.name; + inherit (config.users.users.jawz) group; + path = "/home/jawz/.ssh/${file}"; + }; + in { jawz-password.neededForUsers = true; - "private_keys/age".path = "/home/jawz/.ssh/ed25519_age"; - "public_keys/age".path = "/home/jawz/.ssh/ed25519_age.pub"; - "private_keys/${config.networking.hostName}" = { - owner = config.users.users.jawz.name; - inherit (config.users.users.jawz) group; - path = "/home/jawz/.ssh/ed25519_${config.networking.hostName}"; - }; - "git_private_keys/${config.networking.hostName}" = { - owner = config.users.users.jawz.name; - inherit (config.users.users.jawz) group; - path = "/home/jawz/.ssh/ed25519_git"; - }; + "private_keys/age" = keyConfig "ed25519_age"; + "public_keys/age" = keyConfig "ed25519_age.pub"; + "private_keys/${config.networking.hostName}" = + keyConfig "ed25519_${config.networking.hostName}"; + "git_private_keys/${config.networking.hostName}" = keyConfig "ed25519_git"; }; users.users.jawz = { isNormalUser = true; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index f090ddb..4493378 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -15,7 +15,7 @@ git_public_keys: git_private_keys: workstation: ENC[AES256_GCM,data:qK3bP6aTsfx5HtvAVITahVMPIqIj0shfUtOq5b9cxoUAf0tEwN3fEpvZ6rj4qrsJzeu6CbrLa9kUxdkDac2WSba8hpi0Pr3rQRy4RVUgZwJ8t1Bscb4s7KeHuR8z8X0rgB9ZKzJJHjKQetKytJF07Qze5jkKlsogmzVCE8D5SdWvLvJ7z4hONXMlPK9HAGesvrUKD54okshhK4WbfmC5uZ03g9SEqc/QMTmgo4NVEmhfBIXbqSBch4zLWk95RGleHfIB68dO3hsEzAy+X63caZ0Vrx5l8YNEGXxm01ZI7RsjEQXYlQpM2siaOgwixVZvn5fr9Zs4fIK3EyVqCM2m31Mtn/u8QJr2bKqredWBNL5q7CqtEGb3JscXm13q/ttqfdPgYREuo2NTPN1dra+tmsVNcJK0KbJJKCoIy1CX7NV0FgmJnj21f9mzbOvGvHfaChLiLBj8at8IDHB78wWVLoiIMf4fIQa51aiyzCx86/1hu4Lpi4q56KLXabwt9vUynuDiGds4Rq33rmfOjNrEkxVNd1Mz1I2qnx08,iv:v8RzxevJBagr0an8o7sUuCuhtyWEAb8B6fyXxfegekI=,tag:kwx6BdejSJmPAqFPa8lEDg==,type:str] miniserver: ENC[AES256_GCM,data:yXAHB0l2RzCrBqmIr0BSdiKw5e/lPOAp9u9ibdZqUvEcs5tCWFc7823bZ6hFpw+o0UcYojobVBRejUoPqAq34TGciB8RqHlbekvHfg7qXr7XKxYKMesBMPwmaSUsPTtPib2ahLlGGaw9giO+EV7g+g2k+UD1mIUu7LwwTVb96qSiG6ffzOz69EpOgp+v9b/5yww0Mz+Hg9boonhdAMwUbVBPKjwwIPald4MibjtAiL0/JYzw+NpNYwHIxL4oKcyqnM3f03e43fI3smi4Hta76rCTF45hn0TLklZbnuGWtwmP/U9oQJ/+Id8kpzR+U0GJysIKgGKBNeL4bNqsx6L/cknzTeeb1KB28sjGTTL5w16k2PGizwys+NELCZD9suuQLk0hGBlwouwslihwFxne1RjYrsWC9ODgM0Kiqxkvud30FBe9f/C/kKz+hBTLROkNBmm2pMbwIFTmrbdpNDOeySA4VtY4xrXTUfz02KbxNm7xAOY2A3Ux/TIbQ6oBSv8O+ChvI9H/tTJYhpJLO6/FA+sbzEbYkU0d4nbu,iv:Ar4lKLkrfnkueZKvOcajeJjmb8O8hSS0rw8c6xjgL68=,tag:ZEB44TnG98q8baCoUyICKg==,type:str] -jawz-password: ENC[AES256_GCM,data:jLChyJ7xysx3ceNoqS6sRzJ223te9RQFoUSupqSJTsuqcuUc/iR8rKswtFmbeKWBWrpYKEly/hdtlG4BPiYNjuwXB0FG+b34tQ==,iv:5RyglR1c5228FgiLWzdYXbSLk52OzcmYFrnTXL7ofSE=,tag:J1MDLWC1YMYCMwwoYBmhaQ==,type:str] +jawz-password: ENC[AES256_GCM,data:j5qya2z9bDESQopcBpLBktyBvIuplbq3Ql4TovdAF1BIJHcf4CAjFuCStW0axFEOST6bgJwhcZZvK4rWUyoS47eaFDp2lkiQnQ==,iv:GNEA8v0NR+PGe4yvlm4V6tTJD5NmlswRPH7JnQJUyLk=,tag:dpxDK88cAJSk+XdFF2mDww==,type:str] sops: kms: [] gcp_kms: [] @@ -49,8 +49,8 @@ sops: ekZxL0IvYWJTbDNtWXVSOGc3QXVjaEkKGNyLUn5dyag4pvN06ekMziyTI3vUpx/j 4ZhNrvDgAY226p5kfka0NpPmNlsIcR+5gbIuHliGvcQ2W5WqghLDow== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-16T22:25:46Z" - mac: ENC[AES256_GCM,data:7UQ5e4cymchYLx5phNz7v6PtjQtvM//0QzYD0zcf+mMOH7Ct9ztEO0+InbFGze72mlcighrUIRafOsyDMJq0qoO1FELuG09cYobomi41l5ZrS4jK3Hd/IoijY1x5HH3Nu7y13yY0Xwe8bWOrayKIhO6O5QkQF5f9tqSC/SJwWfA=,iv:U3XClUOyvF0bSuJzIp8vhj8H14b3p8SkhAq6e1EShJE=,tag:4cmkjC9bFJNfvt7yzB8dZg==,type:str] + lastmodified: "2024-06-18T01:48:26Z" + mac: ENC[AES256_GCM,data:ACewXq1j9xjjxy+t752oWCoDU3yp3A9sKnfPAgdY3iqZBlUjUDdEtL8/vM/jZdsF1p+1BP2miw3TUc6lsnMO51Xg8KEWbnyGL8sDVpCxSQ8jvEB82SoLrEF6FxQTRZLcAyC3wRyf8aeN5sa2PMkiTJQAPIJPd34y0djPhCwNXgk=,iv:S9ujkTx/e4McftTlsHweS3aV68Xy+Dvm8WOoeNjz2MA=,tag:C27mh2qoda9jGFjoSH5VRA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1