From e7299832e0fd385fae334ae07547139d55eee819 Mon Sep 17 00:00:00 2001
From: "RingOfStorms (Joshua Bell)" <ringofstorms@gmail.com>
Date: Fri, 20 Dec 2024 00:38:14 -0600
Subject: [PATCH] add ssh for oren

---
 hosts/configuration.nix                       |  1 +
 hosts/ragenix.nix                             |  9 ++++-
 readme.md                                     |  8 +++-
 secrets/nix2oren.age                          | 38 +++++++++++++++++++
 secrets/secrets.nix                           |  3 ++
 users/_common/home_manager/ssh.nix            |  5 +++
 .../oren/nix_modules/ssh_authorized.nix       |  6 +++
 7 files changed, 68 insertions(+), 2 deletions(-)
 create mode 100644 secrets/nix2oren.age
 create mode 100644 users/josh/by_hosts/oren/nix_modules/ssh_authorized.nix

diff --git a/hosts/configuration.nix b/hosts/configuration.nix
index ad98c1b..f1ed1ce 100644
--- a/hosts/configuration.nix
+++ b/hosts/configuration.nix
@@ -113,4 +113,5 @@ in
 
   # Some basics
   nixpkgs.config.allowUnfree = settings.allowUnfree;
+  nixpkgs.config.allowUnfreePredicate = (pkg: true);
 }
diff --git a/hosts/ragenix.nix b/hosts/ragenix.nix
index 503c43b..3d81fbf 100644
--- a/hosts/ragenix.nix
+++ b/hosts/ragenix.nix
@@ -10,7 +10,10 @@
 # secretsFile = (settings.secretsDir + /secrets.nix);
 {
   imports = [ ragenix.nixosModules.age ];
-  environment.systemPackages = [ ragenix.packages.${settings.system.system}.default pkgs.rage ];
+  environment.systemPackages = [
+    ragenix.packages.${settings.system.system}.default
+    pkgs.rage
+  ];
 
   age = {
     secrets =
@@ -65,6 +68,10 @@
           file = /${settings.secretsDir}/nix2lio.age;
           owner = settings.user.username;
         };
+        nix2oren = {
+          file = /${settings.secretsDir}/nix2oren.age;
+          owner = settings.user.username;
+        };
         github_read_token = {
           file = /${settings.secretsDir}/github_read_token.age;
           owner = settings.user.username;
diff --git a/readme.md b/readme.md
index dd8984e..3b77762 100644
--- a/readme.md
+++ b/readme.md
@@ -48,15 +48,20 @@
 - Setup config as needed
   - top level flake.nix additions
   - add hosts dir and files needed
-- `nixos-rebuild switch --flake ~/.config/nixos-config`
+- `sudo nixos-rebuild switch --flake ~/.config/nixos-config`
 - Update remote, ssh should work now: `cd ~/.config/nixos-config && git remote remove origin && git remote add origin "ssh://git.joshuabell.xyz:3032/dotfiles" && git pull origin master`
 
 ## Local tooling
 
+
+* firefox/1password setup
+  - sign in to firefox
+  - sign into 1 password ext
 - atuin setup
   - if atuin is on enable that mod in configuration.nix, make sure to `atuin login` get key from existing device
   - TODO move key into secrets and mount it to atuin local share
 - stormd onboard to network
+- ssh key access, ssh iden in config in nix config
 
 ## Darwin
 
@@ -83,6 +88,7 @@ efi   /EFI/Microsoft/Boot/bootmgfw.efi
 
 # TODO
 
+- on new cosmic the bar is shown can i have this hidden by default
 - Split config into further flakes, inputs should not affect other systems, like first run without stormd
 - work on secrets pre ragenix, stormd pre install for all the above bootstrapping steps would be ideal
 - reduce home manager, make per user modules support instead
diff --git a/secrets/nix2oren.age b/secrets/nix2oren.age
new file mode 100644
index 0000000..5f3e63e
--- /dev/null
+++ b/secrets/nix2oren.age
@@ -0,0 +1,38 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USA4ejJq
+VHBFbVAxNWhPZnlNY1BZNkJqUXdhdGdHamFYVkVLNlpPQnFOakZZClNObTc2YU5Z
+KzJpMDF3TTVrWmJWdkVsMkJpVkRlOVJleVRoTXoraUY3dTAKLT4gc3NoLWVkMjU1
+MTkgSmh2TCtRIFBwT2tDdFVjMWxhYlB6QmQvdGRjTDhZSzlUNUFvbG0wYytLcitS
+Vk9ha2MKVVRFQ1hMS0Yzd3oxbEZFWHY3ODJSRGhpbS9iVVZsWStZYzZmQmF1Ym5T
+bwotPiBzc2gtZWQyNTUxOSBTcENqQlEgd0g2SmlwQ0RCSnpnaWNOTmx0SmRESUpz
+Q1ZPTis5NHVicFAwRVZlR3F5WQo1eC9xQTNEelJKbUtFMWxSOThQUnpteVY0QmNl
+TzhKVi9NZ1N0eVFQVVFvCi0+IHNzaC1lZDI1NTE5IEJZS0crdyAzYUVNakZzeldL
+MzhoQzY0T09CWnBNYjZQYXVDTFFPS1hqRG9QcFJPQm00ClFJdGtnUkwzbHhQQnJD
+U1pvZUJ6Mjl4cDNyNm9uczdSZG5CKy8vb3czc2MKLT4gc3NoLWVkMjU1MTkgWHpm
+bWFRIHZlT0k3YXhXT012SVBMUEtRYXpaMmh3c3kxbUluNkNGeDBRRkdRcmRnQzgK
+UEhWNGZPSlhXcHB1MnArcUp0Z3Y0amtKV284YU1aZWNUZE1zaDBkVm9wSQotPiBz
+c2gtZWQyNTUxOSBSNSt4ZncgN0YvQlFNUFBheUJURzhoQkg5bEZCUGM3VUVFSDk0
+bDUyMW1RdjRzQklnTQpXTktUOTdvWE5FWEwzNFBKSjZWbTZIcUpIL2dYQkJOVEUr
+YlFudE5PYmlnCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSB5WGtlUURGZ2thMkdOMmdX
+d2drUklkeW1xVlk1eDVSNGc5ZkJEZjVwWEhBCmRiazcrVzRGbktGNnl5c1ZudC90
+b0swK0cwdUQ4S2V0RGV4enFZWFh3WVUKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIGFB
+THloYVM5eE9zSnQ4ejd5T0pSK1UzTmY5T0F5ejFUcWUySHdsaG1BMk0KUGd1Smov
+ZlFkdDhQT1FCNkNaQzU5RmpYSHlFMzNzRGJMeHNRVzZscCs5NAotPiBzc2gtZWQy
+NTUxOSB3ZHJaSkEgSVh5aVFlOFZHb0YxclRUZjJjWnAvMEdGU25zTkNYcUc3djRh
+VFdBZ1RCdwpDTFFYbUtlQ3ZrdXR1d1Q4L0p5ckhvNGlwYzgrRndraHdFMXRlRkIy
+OXdNCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBpNVNOTC9Id3JTMUEyNDM2OEcxcGNu
+NVlJTWQzSVl0U2o5YUl0TjZYa2xNCjd1WDFPbXNuQmo1anM3eFRpU3NJc0NMeFJX
+L2Rsc2xTbXBqSXdaTk50cUUKLT4gc3NoLWVkMjU1MTkgWmUxTXdRICtJbURKL2da
+eEsycSt6TzBvWUIrS1R2L2VKbUJvZVA1ZmtjQXplaWIvd1kKWm5vbzVkQ0dMOW5r
+T1QvOFpoSW5MY21EN3gzRzJDRjRTYVJhVkJjeGt2dwotPiAjTkx0LWdyZWFzZQpq
+d0kKLS0tIFpoamdUTXpvNkQ3N3ZkUlMwQUY3am03UUVLNVNXRmZsUUhlOTZ2MExD
+bWcKi208SBEsgIk4hDTvAT/5xB2pd/vfQVwS/tRT4lOAMwZV5wNb7412LVDek5Ym
+jdwoGkItzbmBYyXgWQn55dTApcDqGTJYK4qy4BT6w9yMsKcm0weF4suO/W8o+38D
+Q0A/N+m9NbTEjTUM2uppr2T0dkpSqyK3ordVvbjOq/B7eBQNCRVm1ShcbyLekfiU
+iwfh98Vlw8uQiCbCPA14IjBN25SvT1kvchkAgGtzozGrNRLVW8kYKv9KgRlVEU1r
+kkS0Rhm9uRe6Kppo4K5+bHCKo8g8q7dcbya9a6Edlx36zdJwGWZ0EXkQtijCBcz1
+Ipgfktovy/yfhiBv9eYPjxJe+njyZUpUJNpydScnHJejGg0OJMkA0tRULNbxs1Uy
+x5bCPl7SvZZlgsIktMwhekxJ9kIUsYgwtHbSEP9xIFFyRxSeaJSVFBx4jKFeFJlf
+4pzuFOHp4RVyylYuhkKvWtuJ/PXYXm5wUptDc72vGeA7NDo5p/6u7KO6CfhVTpQ9
+cRKIdLxFFhqfV6m+BxoJY/TCyA/MONXxabETpQ3skPu9sCZXR4rpEKY=
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index a9664dc..a08ab86 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -64,6 +64,9 @@ in
   "nix2lio.age" = {
     inherit publicKeys;
   };
+  "nix2oren.age" = {
+    inherit publicKeys;
+  };
   "github_read_token.age" = {
     inherit publicKeys;
   };
diff --git a/users/_common/home_manager/ssh.nix b/users/_common/home_manager/ssh.nix
index 8479349..fd9290f 100644
--- a/users/_common/home_manager/ssh.nix
+++ b/users/_common/home_manager/ssh.nix
@@ -26,6 +26,11 @@
         hostname = "10.12.14.116";
         user = "josh";
       };
+      "oren" = {
+        identityFile = age.secrets.nix2oren.path;
+        # hostname = "10.20.40.104";
+        user = "josh";
+      };
       "joe" = {
         identityFile = age.secrets.nix2joe.path;
         hostname = "10.20.40.102";
diff --git a/users/josh/by_hosts/oren/nix_modules/ssh_authorized.nix b/users/josh/by_hosts/oren/nix_modules/ssh_authorized.nix
new file mode 100644
index 0000000..6acf7fe
--- /dev/null
+++ b/users/josh/by_hosts/oren/nix_modules/ssh_authorized.nix
@@ -0,0 +1,6 @@
+{ settings, config, ... }:
+{
+  users.users.${settings.user.username}.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMzgAe4od9K4EsvH2g7xjNU7hGoJiFJlYcvB0BoDCvn nix2oren"
+  ];
+}