add ssh for oren

2024-12-20 00:38:14 -06:00 · 2024-12-20 00:38:14 -06:00 · e7299832e0
commit e7299832e0
parent 56cd97436a
7 changed files with 68 additions and 2 deletions
--- a/hosts/configuration.nix
+++ b/hosts/configuration.nix
@ -113,4 +113,5 @@ in
  # Some basics
  nixpkgs.config.allowUnfree = settings.allowUnfree;
  nixpkgs.config.allowUnfreePredicate = (pkg: true);
 }
--- a/hosts/ragenix.nix
+++ b/hosts/ragenix.nix
@ -10,7 +10,10 @@
 # secretsFile = (settings.secretsDir + /secrets.nix);
 {
  imports = [ ragenix.nixosModules.age ];
-  environment.systemPackages = [ ragenix.packages.${settings.system.system}.default pkgs.rage ];
+  environment.systemPackages = [
    ragenix.packages.${settings.system.system}.default
    pkgs.rage
  ];
  age = {
    secrets =
@ -65,6 +68,10 @@
          file = /${settings.secretsDir}/nix2lio.age;
          owner = settings.user.username;
        };
        nix2oren = {
          file = /${settings.secretsDir}/nix2oren.age;
          owner = settings.user.username;
        };
        github_read_token = {
          file = /${settings.secretsDir}/github_read_token.age;
          owner = settings.user.username;
--- a/readme.md
+++ b/readme.md
@ -48,15 +48,20 @@
 - Setup config as needed
  - top level flake.nix additions
  - add hosts dir and files needed
- `nixos-rebuild switch --flake ~/.config/nixos-config`
+- `sudo nixos-rebuild switch --flake ~/.config/nixos-config`
 - Update remote, ssh should work now: `cd ~/.config/nixos-config && git remote remove origin && git remote add origin "ssh://git.joshuabell.xyz:3032/dotfiles" && git pull origin master`
 ## Local tooling
 * firefox/1password setup
  - sign in to firefox
  - sign into 1 password ext
 - atuin setup
  - if atuin is on enable that mod in configuration.nix, make sure to `atuin login` get key from existing device
  - TODO move key into secrets and mount it to atuin local share
 - stormd onboard to network
 - ssh key access, ssh iden in config in nix config
 ## Darwin
@ -83,6 +88,7 @@ efi   /EFI/Microsoft/Boot/bootmgfw.efi
 # TODO
 - on new cosmic the bar is shown can i have this hidden by default
 - Split config into further flakes, inputs should not affect other systems, like first run without stormd
 - work on secrets pre ragenix, stormd pre install for all the above bootstrapping steps would be ideal
 - reduce home manager, make per user modules support instead
--- a/secrets/nix2oren.age
+++ b/secrets/nix2oren.age
@ -0,0 +1,38 @@
 -----BEGIN AGE ENCRYPTED FILE-----
 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USA4ejJq
 VHBFbVAxNWhPZnlNY1BZNkJqUXdhdGdHamFYVkVLNlpPQnFOakZZClNObTc2YU5Z
 KzJpMDF3TTVrWmJWdkVsMkJpVkRlOVJleVRoTXoraUY3dTAKLT4gc3NoLWVkMjU1
 MTkgSmh2TCtRIFBwT2tDdFVjMWxhYlB6QmQvdGRjTDhZSzlUNUFvbG0wYytLcitS
 Vk9ha2MKVVRFQ1hMS0Yzd3oxbEZFWHY3ODJSRGhpbS9iVVZsWStZYzZmQmF1Ym5T
 bwotPiBzc2gtZWQyNTUxOSBTcENqQlEgd0g2SmlwQ0RCSnpnaWNOTmx0SmRESUpz
 Q1ZPTis5NHVicFAwRVZlR3F5WQo1eC9xQTNEelJKbUtFMWxSOThQUnpteVY0QmNl
 TzhKVi9NZ1N0eVFQVVFvCi0+IHNzaC1lZDI1NTE5IEJZS0crdyAzYUVNakZzeldL
 MzhoQzY0T09CWnBNYjZQYXVDTFFPS1hqRG9QcFJPQm00ClFJdGtnUkwzbHhQQnJD
 U1pvZUJ6Mjl4cDNyNm9uczdSZG5CKy8vb3czc2MKLT4gc3NoLWVkMjU1MTkgWHpm
 bWFRIHZlT0k3YXhXT012SVBMUEtRYXpaMmh3c3kxbUluNkNGeDBRRkdRcmRnQzgK
 UEhWNGZPSlhXcHB1MnArcUp0Z3Y0amtKV284YU1aZWNUZE1zaDBkVm9wSQotPiBz
 c2gtZWQyNTUxOSBSNSt4ZncgN0YvQlFNUFBheUJURzhoQkg5bEZCUGM3VUVFSDk0
 bDUyMW1RdjRzQklnTQpXTktUOTdvWE5FWEwzNFBKSjZWbTZIcUpIL2dYQkJOVEUr
 YlFudE5PYmlnCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSB5WGtlUURGZ2thMkdOMmdX
 d2drUklkeW1xVlk1eDVSNGc5ZkJEZjVwWEhBCmRiazcrVzRGbktGNnl5c1ZudC90
 b0swK0cwdUQ4S2V0RGV4enFZWFh3WVUKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIGFB
 THloYVM5eE9zSnQ4ejd5T0pSK1UzTmY5T0F5ejFUcWUySHdsaG1BMk0KUGd1Smov
 ZlFkdDhQT1FCNkNaQzU5RmpYSHlFMzNzRGJMeHNRVzZscCs5NAotPiBzc2gtZWQy
 NTUxOSB3ZHJaSkEgSVh5aVFlOFZHb0YxclRUZjJjWnAvMEdGU25zTkNYcUc3djRh
 VFdBZ1RCdwpDTFFYbUtlQ3ZrdXR1d1Q4L0p5ckhvNGlwYzgrRndraHdFMXRlRkIy
 OXdNCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBpNVNOTC9Id3JTMUEyNDM2OEcxcGNu
 NVlJTWQzSVl0U2o5YUl0TjZYa2xNCjd1WDFPbXNuQmo1anM3eFRpU3NJc0NMeFJX
 L2Rsc2xTbXBqSXdaTk50cUUKLT4gc3NoLWVkMjU1MTkgWmUxTXdRICtJbURKL2da
 eEsycSt6TzBvWUIrS1R2L2VKbUJvZVA1ZmtjQXplaWIvd1kKWm5vbzVkQ0dMOW5r
 T1QvOFpoSW5MY21EN3gzRzJDRjRTYVJhVkJjeGt2dwotPiAjTkx0LWdyZWFzZQpq
 d0kKLS0tIFpoamdUTXpvNkQ3N3ZkUlMwQUY3am03UUVLNVNXRmZsUUhlOTZ2MExD
 bWcKi208SBEsgIk4hDTvAT/5xB2pd/vfQVwS/tRT4lOAMwZV5wNb7412LVDek5Ym
 jdwoGkItzbmBYyXgWQn55dTApcDqGTJYK4qy4BT6w9yMsKcm0weF4suO/W8o+38D
 Q0A/N+m9NbTEjTUM2uppr2T0dkpSqyK3ordVvbjOq/B7eBQNCRVm1ShcbyLekfiU
 iwfh98Vlw8uQiCbCPA14IjBN25SvT1kvchkAgGtzozGrNRLVW8kYKv9KgRlVEU1r
 kkS0Rhm9uRe6Kppo4K5+bHCKo8g8q7dcbya9a6Edlx36zdJwGWZ0EXkQtijCBcz1
 Ipgfktovy/yfhiBv9eYPjxJe+njyZUpUJNpydScnHJejGg0OJMkA0tRULNbxs1Uy
 x5bCPl7SvZZlgsIktMwhekxJ9kIUsYgwtHbSEP9xIFFyRxSeaJSVFBx4jKFeFJlf
 4pzuFOHp4RVyylYuhkKvWtuJ/PXYXm5wUptDc72vGeA7NDo5p/6u7KO6CfhVTpQ9
 cRKIdLxFFhqfV6m+BxoJY/TCyA/MONXxabETpQ3skPu9sCZXR4rpEKY=
 -----END AGE ENCRYPTED FILE-----
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -64,6 +64,9 @@ in
  "nix2lio.age" = {
    inherit publicKeys;
  };
  "nix2oren.age" = {
    inherit publicKeys;
  };
  "github_read_token.age" = {
    inherit publicKeys;
  };
--- a/users/_common/home_manager/ssh.nix
+++ b/users/_common/home_manager/ssh.nix
@ -26,6 +26,11 @@
        hostname = "10.12.14.116";
        user = "josh";
      };
      "oren" = {
        identityFile = age.secrets.nix2oren.path;
        # hostname = "10.20.40.104";
        user = "josh";
      };
      "joe" = {
        identityFile = age.secrets.nix2joe.path;
        hostname = "10.20.40.102";
--- a/users/josh/by_hosts/oren/nix_modules/ssh_authorized.nix
+++ b/users/josh/by_hosts/oren/nix_modules/ssh_authorized.nix
@ -0,0 +1,6 @@
 { settings, config, ... }:
 {
  users.users.${settings.user.username}.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMzgAe4od9K4EsvH2g7xjNU7hGoJiFJlYcvB0BoDCvn nix2oren"
  ];
 }