jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

turned ssh key assignation into lambda

Browse Source
This commit is contained in:
Danilo Reyes 2024-06-16 16:45:56 -06:00
parent 4fc2c9fdf9
commit 30b56a017b
2 changed files with 15 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
jawz.nix
View File

@ -1,18 +1,17 @@
{ config, ... }: {
sops.secrets = {
sops.secrets = let
keyConfig = file: {
owner = config.users.users.jawz.name;
inherit (config.users.users.jawz) group;
path = "/home/jawz/.ssh/${file}";
};
in {
jawz-password.neededForUsers = true;
"private_keys/age".path = "/home/jawz/.ssh/ed25519_age";
"public_keys/age".path = "/home/jawz/.ssh/ed25519_age.pub";
"private_keys/${config.networking.hostName}" = {
owner = config.users.users.jawz.name;
inherit (config.users.users.jawz) group;
path = "/home/jawz/.ssh/ed25519_${config.networking.hostName}";
};
"git_private_keys/${config.networking.hostName}" = {
owner = config.users.users.jawz.name;
inherit (config.users.users.jawz) group;
path = "/home/jawz/.ssh/ed25519_git";
};
"private_keys/age" = keyConfig "ed25519_age";
"public_keys/age" = keyConfig "ed25519_age.pub";
"private_keys/${config.networking.hostName}" =
keyConfig "ed25519_${config.networking.hostName}";
"git_private_keys/${config.networking.hostName}" = keyConfig "ed25519_git";
};
users.users.jawz = {
isNormalUser = true;

6
secrets/secrets.yaml
View File

@ -15,7 +15,7 @@ git_public_keys:
git_private_keys:
workstation: ENC[AES256_GCM,data:qK3bP6aTsfx5HtvAVITahVMPIqIj0shfUtOq5b9cxoUAf0tEwN3fEpvZ6rj4qrsJzeu6CbrLa9kUxdkDac2WSba8hpi0Pr3rQRy4RVUgZwJ8t1Bscb4s7KeHuR8z8X0rgB9ZKzJJHjKQetKytJF07Qze5jkKlsogmzVCE8D5SdWvLvJ7z4hONXMlPK9HAGesvrUKD54okshhK4WbfmC5uZ03g9SEqc/QMTmgo4NVEmhfBIXbqSBch4zLWk95RGleHfIB68dO3hsEzAy+X63caZ0Vrx5l8YNEGXxm01ZI7RsjEQXYlQpM2siaOgwixVZvn5fr9Zs4fIK3EyVqCM2m31Mtn/u8QJr2bKqredWBNL5q7CqtEGb3JscXm13q/ttqfdPgYREuo2NTPN1dra+tmsVNcJK0KbJJKCoIy1CX7NV0FgmJnj21f9mzbOvGvHfaChLiLBj8at8IDHB78wWVLoiIMf4fIQa51aiyzCx86/1hu4Lpi4q56KLXabwt9vUynuDiGds4Rq33rmfOjNrEkxVNd1Mz1I2qnx08,iv:v8RzxevJBagr0an8o7sUuCuhtyWEAb8B6fyXxfegekI=,tag:kwx6BdejSJmPAqFPa8lEDg==,type:str]
miniserver: ENC[AES256_GCM,data:yXAHB0l2RzCrBqmIr0BSdiKw5e/lPOAp9u9ibdZqUvEcs5tCWFc7823bZ6hFpw+o0UcYojobVBRejUoPqAq34TGciB8RqHlbekvHfg7qXr7XKxYKMesBMPwmaSUsPTtPib2ahLlGGaw9giO+EV7g+g2k+UD1mIUu7LwwTVb96qSiG6ffzOz69EpOgp+v9b/5yww0Mz+Hg9boonhdAMwUbVBPKjwwIPald4MibjtAiL0/JYzw+NpNYwHIxL4oKcyqnM3f03e43fI3smi4Hta76rCTF45hn0TLklZbnuGWtwmP/U9oQJ/+Id8kpzR+U0GJysIKgGKBNeL4bNqsx6L/cknzTeeb1KB28sjGTTL5w16k2PGizwys+NELCZD9suuQLk0hGBlwouwslihwFxne1RjYrsWC9ODgM0Kiqxkvud30FBe9f/C/kKz+hBTLROkNBmm2pMbwIFTmrbdpNDOeySA4VtY4xrXTUfz02KbxNm7xAOY2A3Ux/TIbQ6oBSv8O+ChvI9H/tTJYhpJLO6/FA+sbzEbYkU0d4nbu,iv:Ar4lKLkrfnkueZKvOcajeJjmb8O8hSS0rw8c6xjgL68=,tag:ZEB44TnG98q8baCoUyICKg==,type:str]
jawz-password: ENC[AES256_GCM,data:jLChyJ7xysx3ceNoqS6sRzJ223te9RQFoUSupqSJTsuqcuUc/iR8rKswtFmbeKWBWrpYKEly/hdtlG4BPiYNjuwXB0FG+b34tQ==,iv:5RyglR1c5228FgiLWzdYXbSLk52OzcmYFrnTXL7ofSE=,tag:J1MDLWC1YMYCMwwoYBmhaQ==,type:str]
jawz-password: ENC[AES256_GCM,data:j5qya2z9bDESQopcBpLBktyBvIuplbq3Ql4TovdAF1BIJHcf4CAjFuCStW0axFEOST6bgJwhcZZvK4rWUyoS47eaFDp2lkiQnQ==,iv:GNEA8v0NR+PGe4yvlm4V6tTJD5NmlswRPH7JnQJUyLk=,tag:dpxDK88cAJSk+XdFF2mDww==,type:str]
sops:
kms: []
gcp_kms: []
@ -49,8 +49,8 @@ sops:
ekZxL0IvYWJTbDNtWXVSOGc3QXVjaEkKGNyLUn5dyag4pvN06ekMziyTI3vUpx/j
4ZhNrvDgAY226p5kfka0NpPmNlsIcR+5gbIuHliGvcQ2W5WqghLDow==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-16T22:25:46Z"
mac: ENC[AES256_GCM,data:7UQ5e4cymchYLx5phNz7v6PtjQtvM//0QzYD0zcf+mMOH7Ct9ztEO0+InbFGze72mlcighrUIRafOsyDMJq0qoO1FELuG09cYobomi41l5ZrS4jK3Hd/IoijY1x5HH3Nu7y13yY0Xwe8bWOrayKIhO6O5QkQF5f9tqSC/SJwWfA=,iv:U3XClUOyvF0bSuJzIp8vhj8H14b3p8SkhAq6e1EShJE=,tag:4cmkjC9bFJNfvt7yzB8dZg==,type:str]
lastmodified: "2024-06-18T01:48:26Z"
mac: ENC[AES256_GCM,data:ACewXq1j9xjjxy+t752oWCoDU3yp3A9sKnfPAgdY3iqZBlUjUDdEtL8/vM/jZdsF1p+1BP2miw3TUc6lsnMO51Xg8KEWbnyGL8sDVpCxSQ8jvEB82SoLrEF6FxQTRZLcAyC3wRyf8aeN5sa2PMkiTJQAPIJPd34y0djPhCwNXgk=,iv:S9ujkTx/e4McftTlsHweS3aV68Xy+Dvm8WOoeNjz2MA=,tag:C27mh2qoda9jGFjoSH5VRA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1