From c19a16176423772dc727017b00204e8b8dbe9e88 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Josh)" Date: Mon, 13 May 2024 12:53:03 -0500 Subject: [PATCH] more ssh secrets --- hosts/_common/ragenix.nix | 8 +++++ secrets/nix2gpdPocket3.age | 32 +++++++++++++++++++ secrets/nix2joe.age | 32 +++++++++++++++++++ secrets/secrets.nix | 6 ++++ users/_common/home_manager/ssh.nix | 10 ++++++ users/_common/readme.md | 0 .../gpdPocket3/nix_modules/ssh_authorized.nix | 6 ++++ users/josh/by_hosts/gpdPocket3/readme.md | 0 .../joe/nix_modules/ssh_authorized.nix | 6 ++++ users/josh/by_hosts/joe/readme.md | 0 users/josh/by_hosts/readme.md | 0 11 files changed, 100 insertions(+) create mode 100644 secrets/nix2gpdPocket3.age create mode 100644 secrets/nix2joe.age delete mode 100644 users/_common/readme.md create mode 100644 users/josh/by_hosts/gpdPocket3/nix_modules/ssh_authorized.nix delete mode 100644 users/josh/by_hosts/gpdPocket3/readme.md create mode 100644 users/josh/by_hosts/joe/nix_modules/ssh_authorized.nix delete mode 100644 users/josh/by_hosts/joe/readme.md delete mode 100644 users/josh/by_hosts/readme.md diff --git a/hosts/_common/ragenix.nix b/hosts/_common/ragenix.nix index ea37d16..07b5ff7 100644 --- a/hosts/_common/ragenix.nix +++ b/hosts/_common/ragenix.nix @@ -39,6 +39,14 @@ in file = /${settings.secretsDir}/nix2h002.age; owner = settings.user.username; }; + nix2joe = { + file = /${settings.secretsDir}/nix2joe.age; + owner = settings.user.username; + }; + nix2gpdPocket3 = { + file = /${settings.secretsDir}/nix2gpdPocket3.age; + owner = settings.user.username; + }; nix2t = { file = /${settings.secretsDir}/nix2t.age; owner = settings.user.username; diff --git a/secrets/nix2gpdPocket3.age b/secrets/nix2gpdPocket3.age new file mode 100644 index 0000000..a016921 --- /dev/null +++ b/secrets/nix2gpdPocket3.age @@ -0,0 +1,32 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBXSngw +MlBYbUFrUlBiWGxtandtRTU2WjZSNzNkcVFRU05GNzNad2FHTnpvCmJ6VFlPUlVl +akNVcVl1WXZxdDNxM0x5T1UzMXFtZG5rcXlZeTh4UTF2VEUKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIG1pd0RHVmNwSWRtTzIwQzcyMDFLTWEwUUtHNmtwTnUrVElKQlFL +RGxxbGcKT0xpQnlnODRmNit3MFRyYkV5OEllTXdTbm5LREdtaG9OQTBFT0ZEbXo2 +OAotPiBzc2gtZWQyNTUxOSBTcENqQlEgVEhVOTB3SE90VVpxcWk1RVNpL2RaWVN0 +QVB3dXc2QjhIa3BJRHl0ZGVCVQp1cTRuQjEvSTlHZi84c2hPK3JuU0ZaQ2FxZCtU +L0NJb1J5aisrOUFTc1hjCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBJczVTTkovMk5O +aTdsaHp3YmwxTVNad0xWdjhycnBlWEhkQWtOMytzUEJBCmhReHpCVmZOSk9heEVh +TU05enZQZGxDNXR2QWRRYklFYURYSE5pWlkyT28KLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIDNYYmw1S2s3cmlxbEhnd1VqZlR0WCs2SVI4a0lxbFNOLzU3cjVuVk8yM2sK +WGdMN2U5NmJSeVBRdlg0OHdyLzlYU0FENnIzQlEzL0ZlMDVXZWxpZDNLQQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgUGVIQ3BGdStMdHkzRjlnell1SnIrMTR5THU2azhI +V2FwelhMMk9tTzh4UQpUMW1JMTBMTGFaUXcvN0xXN1BsYkFRRGZGWjVTTU9KVlJN +RVg5V0szbWpNCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBaYzFGVm8xa1lqSHlneXEw +V1kvS3VkcDdReEVjc2EzU0FtdVlibFlCeXhVCldwSytjcFRMVHpyOHVoWlNITGdG +Zkh0Nzl4VG9KY0NpeGt5enVaR1I1Tk0KLT4gelQ/KC1ncmVhc2UgN08gPWwKc2I5 +RzJwWjUwYWorT2kxeXI0UGhhd2V0Nkp1dmQyWDVlbHVEN3lJdmQ5VkNBZFppcnhR +cklYWXpJdEdLY3I1bAo3WVpMNWd2dytVaWY2U25KeWZJY3k3WjlzdVpPNTVFWm1Y +aWtkc21KZTFzMzFnCi0tLSBYOUtFekRHaVlWaDZKNmsrWXZTenIycjBhSDdoSHhs +TzNvT2FGNlorK3dnCuJFaPMf50Fe1jLwdyMwk8C6FZ1ANB0yJmbGKqcZ9chbhfQA +L+A43cdIBIo2wiisCzfskAfmHJmYFrY5nJw7S6A8YsI9I2cFax4qmHRlBtggqwpM +2q7wgE3C5h9KQR57QkPHDA9KF3iVZv/d1LvaP2Z1lK/BUd422RmC2N9B95LLZ4Wd +qCfkTJoOoEDEuEFMhqOqJG6kUCzNYpdO784wWTZz+0REXjoXRLq2SuYXB8i0beFg +Flp9gTEnAAKqfego+1639wVnjtlGPj6AvjCOr5Db3U2m1SZf9wpuxdOqCnCq7JT/ +JW+k6UZOtxEQMXdME9knhOdQ6EIKnyPgqU0NPYVv6GFRDKwoGgYA8LG/1hJrdLlm +U/ZJlJfWXle81100HFjj/xyHNxFP2okgwgYCDRSuo4qaDn/MoO3eVgqU/yHC5jT1 +ZJpnYB2s8m5Nx0xdS5LDJ6MbDucX80m7ThVn/G7tyEBM4RwON0+Sgpwa3YS57iU/ +mgDzKen93wTYcV7oN1/C1N3M8venmwQfy3dTFHeBZbvRPxa0E7ZvcwMk92F/kzwo +cd/ftl+GEfMp/QfAQXXrhAzPSajYrtVd +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/nix2joe.age b/secrets/nix2joe.age new file mode 100644 index 0000000..4dc2866 --- /dev/null +++ b/secrets/nix2joe.age @@ -0,0 +1,32 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBOQUxm +NWdoVXRmNnFnU1NHdHZFS0VMMk1UKzJhTjRyQmhXUlFETnNzcWxZClBId1poL2o4 +bVNXTk9lSk5Zc0lJZFhZZmlCdDNhb0VWdVhkUjZ1QzFBREkKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIHpFa1pNdWQyUHljamNranZQMzFlNHBDY1pVUDNBY2Fma0hRVXJo +bHVZRVUKVGFvTzBpazUwbHBZVUhkOGJiVkNLRjA1MUxZam1YSFFhSHcrOUJsbmo4 +bwotPiBzc2gtZWQyNTUxOSBTcENqQlEgWjJvZVhBbEFPWXNHUTlldTcxbU1lR09n +a0FVdlA4K2lYOVhZNkQ0dUJGbwp3cFNWNUhOTTFadU1XRlJETSt1KzdsdTRrTElj +c3ZqM3JGUGlqY2Z2ZUdFCi0+IHNzaC1lZDI1NTE5IEJZS0crdyB2Q0tPdFVVaGZV +WVgwcGpQcmRSMnkzTUpRU244REExa0FJS2s0UEd0VkYwCkUxVEdTRGpSSVlRRitz +QnpaWnpvMy9VeE1saHlUc0dVc0hSbllGdjNvNHMKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIGZIU0EwY3FJTFJMZENGc0E3c2JYUzE2VnM4WWc3cEFlUk1SbjdIa2V5UUkK +ZkRaRXNESlRabkk4WW05dDh0ZkFJaVlyeUt0eGlEV2NNN1d6aCsrbzFMSQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgT2FlTDROUmRTRTFTajVXa0lmclVHV2crelFrZkpv +NDA0VlIvYzRDSG9GVQpCc3JxaWRsK2N4dDJvMGdvL0lOcERRYW5WTkd4SUwwbGdZ +ck83N1d6dHVnCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBsaEVrc3cwd2U0NmZrc3pz +MFhqTUlEejF6ZTlmaTdVRzFlaFlzV3ZPQWtnCnkvUmEvNHlPdnlGUHZKTlFmVzZq +ZDlZQWsxUTBzOFlEVVlsbHFhMjZmWDQKLT4gKyFjN0E2LWdyZWFzZSBDPiApbEEg +JE8KTTA2L2lBdUQrM2M5VlVibTRNK0RsRHVuMXBRc21ZREovZ3lEV0FiOVBZYnBn +Ty8rTm1zdVQxd254ekFYNjQ1dQp4SHo0TEN4WXlnejNWRi9JbWczRUZMQ0wrL0x5 +V29NeC9xbTArL2VGCi0tLSB0eVBIZnltbVFGV2h6VVNUNG02cFVtV0U3ZytnUE8y +OUlEd2Z5b1lPQTNBCmqVNCWUsekJ4zv9Hao6Hjr+ITZa4LVqakugY5RiA0OsBlZE +lRweAIO/+gehHMc2VHmDNC1AzJafPZTWqP92HvZ8e6RQcrH0uka+iMaC048uptXS +/L3hUcXMj3rl4WPZB2NdCz8rg4AEUeydw6PZQvbq/YbYLX2tzritFcNkDwJ15tg7 +f+q4+YZatsxHssJWHbeWOgWysegUbneGR63AKn9vxAFCBtsmDfLjmZZliPgshLhS +s3vKIWLgguRqZffME9le/CriucRH6iv5xkUM8/EXPsSvfLwcI+7tM0dCVvDnKsgL +ohx7785qv4BJewAOuYC4VxctDL9njuoPH48ndLjlCB/PZO8+YxYTRhN8oV8592Zt +T6HlCyNUCmtTCTAmNuj1jqYdxByyjnaoplTpe4pE/XL4HH8QM24bAAYCic8N96gu +2HHGI74kODcWMst2i/2i7WOd0VxOGsphgKqqtF6im7muV8je7zfw/74nstdfXGaG +to0mkayMsJm6R594zLY5z4K+1bnKEc1AHK3p7+qMqVe99lpmy9GMnCP1ao4RP0VY +sLNii4ELpcuhqFlR +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d99f7fe..0f43a98 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -36,6 +36,12 @@ in "nix2h002.age" = { inherit publicKeys; }; + "nix2joe.age" = { + inherit publicKeys; + }; + "nix2gpdPocket3.age" = { + inherit publicKeys; + }; "nix2t.age" = { inherit publicKeys; }; diff --git a/users/_common/home_manager/ssh.nix b/users/_common/home_manager/ssh.nix index d2d00ad..33684f9 100644 --- a/users/_common/home_manager/ssh.nix +++ b/users/_common/home_manager/ssh.nix @@ -21,6 +21,16 @@ hostname = "10.20.40.12"; user = "luser"; }; + "joe" = { + identityFile = age.secrets.nix2joe.path; + hostname = "10.20.40.2"; + user = "josh"; + }; + "gpdPocket3" = { + identityFile = age.secrets.nix2gpdPocket3.path; + hostname = "10.20.40.22"; # TODO onboard ot nebula network + user = "josh"; + }; "t" = { identityFile = age.secrets.nix2t.path; hostname = "10.20.40.4"; # TODO get these from flake.nix hosts? diff --git a/users/_common/readme.md b/users/_common/readme.md deleted file mode 100644 index e69de29..0000000 diff --git a/users/josh/by_hosts/gpdPocket3/nix_modules/ssh_authorized.nix b/users/josh/by_hosts/gpdPocket3/nix_modules/ssh_authorized.nix new file mode 100644 index 0000000..23c200a --- /dev/null +++ b/users/josh/by_hosts/gpdPocket3/nix_modules/ssh_authorized.nix @@ -0,0 +1,6 @@ +{ settings, ... }: +{ + users.user.${settings.user.username}.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDa0MUnXwRzHPTDakjzLTmye2GTFbRno+KVs0DSeIPb7 nix2gpdpocket3" + ]; +} diff --git a/users/josh/by_hosts/gpdPocket3/readme.md b/users/josh/by_hosts/gpdPocket3/readme.md deleted file mode 100644 index e69de29..0000000 diff --git a/users/josh/by_hosts/joe/nix_modules/ssh_authorized.nix b/users/josh/by_hosts/joe/nix_modules/ssh_authorized.nix new file mode 100644 index 0000000..05c2096 --- /dev/null +++ b/users/josh/by_hosts/joe/nix_modules/ssh_authorized.nix @@ -0,0 +1,6 @@ +{ settings, ... }: +{ + users.user.${settings.user.username}.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINoBKfj+2SAlTxgdK1jYMFYoTTthX9jvfC+gko1Wlr4L nix2joe" + ]; +} diff --git a/users/josh/by_hosts/joe/readme.md b/users/josh/by_hosts/joe/readme.md deleted file mode 100644 index e69de29..0000000 diff --git a/users/josh/by_hosts/readme.md b/users/josh/by_hosts/readme.md deleted file mode 100644 index e69de29..0000000