more secrets

2024-05-07 01:02:42 -05:00 · 2024-05-07 01:02:42 -05:00 · 5fd3d3a40a
commit 5fd3d3a40a
parent fa0974cb63
8 changed files with 119 additions and 13 deletions
--- a/users/_common/home_manager/ssh.nix
+++ b/users/_common/home_manager/ssh.nix
@ -9,7 +9,29 @@
      "bitbucket.org" = {
        identityFile = age.secrets.nix2bitbucket.path;
      };
+      "h001" = {
+        identityFile = age.secrets.nix2h001.path;
+        # TODO come back to these 10.12.14.## addrs and change them to intranet IP's instead of local network.
+        hostname = "10.12.14.2";
+        user = "root";
+      };
+      "t" = {
+        identityFile = age.secrets.nix2t.path;
+        hostname = "10.12.14.103";
+        user = "joshua.bell";
+        localForwards = [
+          {
+            bind.port = 3000;
+            host.port = 3000;
+            host.address = "localhost";
+          }
+          {
+            bind.port = 3002;
+            host.port = 3002;
+            host.address = "localhost";
+          }
+        ];
+      };
    };
  };
 }
-
--- a/users/_common/nix_modules/ssh-key.nix
+++ b/users/_common/nix_modules/ssh-key.nix
@ -10,14 +10,14 @@
    };
    script = ''
      #!/run/current-system/sw/bin/bash
-      if [ ! -f /home/${settings.user.username}/.ssh/id_ed25519bbb ]; then
+      if [ ! -f /home/${settings.user.username}/.ssh/id_ed25519]; then
        if [ -v DRY_RUN ]; then
          echo "DRY_RUN is set. Would generate SSH key for ${settings.user.username}."
        else
          echo "Generating SSH key for ${settings.user.username}."
          mkdir -p /home/${settings.user.username}/.ssh
          chmod 700 /home/${settings.user.username}/.ssh
-          /run/current-system/sw/bin/ssh-keygen -t ed25519 -f /home/${settings.user.username}/.ssh/id_ed25519bbb -N ""
+          /run/current-system/sw/bin/ssh-keygen -t ed25519 -f /home/${settings.user.username}/.ssh/id_ed25519-N ""
        fi
      else
        echo "SSH key already exists for ${settings.user.username}."
--- a/users/root/configuration.nix
+++ b/users/root/configuration.nix
@ -1,10 +1,17 @@
-{ config, lib, pkgs, settings, ... } @ args:
+{
+  config,
+  lib,
+  pkgs,
+  settings,
+  ...
+}@args:
 {
  users.users.root = {
    initialPassword = "password1";
  };

  system.activationScripts.sshConfig = {
+    # TODO revisit this, this is stupid and ugly what am I doing here...
    text = ''
      mkdir -p /root/.ssh
      ln -snf ${config.age.secrets.nix2github.path} /root/.ssh/nix2github
@ -12,4 +19,3 @@
    '';
  };
 }
-