more stuff

2024-09-28 17:22:24 -05:00 · 2024-09-28 17:22:24 -05:00 · d5001107b0
commit d5001107b0
parent 921a59a30e
6 changed files with 51 additions and 2 deletions
--- a/hosts/_common/ragenix.nix
+++ b/hosts/_common/ragenix.nix
@ -31,6 +31,10 @@ in
          file = /${settings.secretsDir}/nix2bitbucket.age;
          owner = settings.user.username;
        };
+        nix2gitjosh = {
+          file = /${settings.secretsDir}/nix2gitjosh.age;
+          owner = settings.user.username;
+        };
        nix2h001 = {
          file = /${settings.secretsDir}/nix2h001.age;
          owner = settings.user.username;
--- a/hosts/joe/configuration.nix
+++ b/hosts/joe/configuration.nix
@ -26,7 +26,7 @@
  # test

  networking.firewall.allowedTCPPorts = [
-    34733 # sshd
+    5173 # test
  ];

  # machine specific configuration
--- a/secrets/nix2gitjosh.age
+++ b/secrets/nix2gitjosh.age
@ -0,0 +1,30 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBqNTlD
+T0xiZkUwRHNuRkVsUjR0UEo4SDljY2Q4V1E3dVRjK05KNS9KbVdFClRsZEh1RTE0
+eFNRZ2p4Y0hsUmw5SWJCTm8zUmwxeDVMTWZpRUNYYXpYK1EKLT4gc3NoLWVkMjU1
+MTkgSmh2TCtRIForNlAxdjhmMTQ4SndkYjU4VXY2NkJRYlZhWlY1am5rakVPNzVY
+STJsVjQKRlEyZTBKMjR0Zm9vK25wQVJZN29DM1BMTzNmczN4b3FTdlhkdTVzbFlU
+cwotPiBzc2gtZWQyNTUxOSBTcENqQlEgbWthZElDWk8vQTdtQXI0WG9JOUllSUw0
+Z1drZXBsdE93UlljSGV3RlRRRQpyMC95ZlordEt3MHczcHExZFgvRmZyUWdYS1d6
+ckpSSGErWXlOdXh2K0JBCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBuKzlJeTBkdk9j
+WVBaUzhtNU85TUVjMm5HaFk5Z05XdG5DT3V3U3l1L2k4Ckc2bTJRVzdQR05LZVhw
+QzJTSHpMRDlYK0Y0dWlUaDNNR1ZKem5ZUnQ2ZkEKLT4gc3NoLWVkMjU1MTkgWHpm
+bWFRIElPWGFFUDJBeFFHTm1XV0cwTml4Ui9BdVpkVWZ5b2xXNnVEeUx6bVVlVDAK
+ZGsxUGxBWjh6UnlBdmd6amx2RStSUmR2QkRmYWVGeDdwRzFCOE5mR3dQWQotPiBz
+c2gtZWQyNTUxOSBSNSt4ZncgSnFOdEpXYyszUExmTmkzQ2k4ek5SUCttRW00QVhr
+bm9NRzFTRXd6MG1URQplb0xOeHNBSk5xS0E5UU5yelprNWJuTGFNQTVqbGlOVFR5
+SHhoRmZLVUpzCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBzZU9raW5BbFVlYnpLYTVS
+ZkMzdEdjcW8yT3JTWHEwQm1nZStRMFdqT0RRCllDMFJFaG1QS1k2WUxBd2thdEYv
+U1VPU2xqS3ZXeFVkUDhEbHk2cUxhdXcKLT4galUuOSotZ3JlYXNlIG17fjUyKiBW
+b2FvcHxOIGxBRHJhRTMKSXlrWgotLS0gVFIyRkgvM2xnT0dzOXp4czVydnBpMUpL
+QkFsNEk2ajJKSFFOWk9jS0lMRQrtEhNnuBfnV9FOAc1MMG98x1PWPR1zpEetfW72
+7DlOXzxYKb6tNr8IWQuXXR/7fIKp+KKR7vTZyDF6VsuBXBnJQ7WVtNr+6SRodUHL
+lBNsnqvzFnTOILj9m5WQ6ufuWcuHc89J6eM/82qc8p3Pk7EkEO/i29q6oiJ5cSI+
+jR8f9sdsqwio0EMXQSF7gypfBhOB0grdcws92VEj5GtDfAyRl632SWqxdw16o6dR
+S+YhRAdH80mJTFlNzGLYqVXKAiqh0IG2FET1hLhwgm87ug0ZQfbNs2yvvErw9/1A
+oWUvEO6RWfTONRpZ5zWTZY9jb3FnFQqtKSB1zt/eAetkDi2gq47oelDroa4jyM3h
+ZOe9X8/YsyDalBATNQwYbTDALac3Ybb1nq+CrQf+rrPEgcL9JFLzy4cU+uSxs7gv
+cMtKukM2luHqkX3JQw+X5mvj27UTcqGCeTYr3D4kXwZWaj0kjPkmMPrnkuIrBesp
+7LlfoXvnpf8EkQjeBRhyk+PNk7GyNqWlGMRekzvSr4060f0CC+bOG//9y6/2Plan
+2kKMvF+Ymwtfa05/GE5uL/E6Pg==
+-----END AGE ENCRYPTED FILE-----
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -18,7 +18,10 @@ let
  ];
 in
 {
-  ## To make a new secret: `ragenix --editor=vi -v -e FILE.age` add file below and in the ragenix.nix file
+  ## To make a new secret: 
+  # - FIRST add file below that you want to create
+  # - cd to the secrets directory here
+  # - `ragenix --editor=vi -v -e FILE.age` add file below and in the ragenix.nix file
  # 
  # TODO come up with a rotate method/encrypt the device keys better. This isn't very secure feeling to me the way I am doing this now. If anyone gains access to any one of my devices, then my secrets are no longer secret. This is not a good model.

@ -29,6 +32,9 @@ in
  "nix2bitbucket.age" = {
    inherit publicKeys;
  };
+  "nix2gitjosh.age" = {
+    inherit publicKeys;
+  };
  # Server keys
  "nix2h001.age" = {
    inherit publicKeys;
--- a/users/_common/home_manager/ssh.nix
+++ b/users/_common/home_manager/ssh.nix
@ -11,6 +11,10 @@
      "bitbucket.org" = {
        identityFile = age.secrets.nix2bitbucket.path;
      };
+      "git.joshuabell.xyz" = {
+        identityFile = age.secrets.nix2gitjosh.path;
+        port = 3032;
+      };
      # PERSONAL DEVICES
      "joe" = {
        identityFile = age.secrets.nix2joe.path;
--- a/users/josh/nix_modules/lua.nix
+++ b/users/josh/nix_modules/lua.nix
@ -0,0 +1,5 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [ lua ];
+}
+