ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add ssh for oren

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2024-12-20 00:38:14 -06:00
parent 56cd97436a
commit e7299832e0
7 changed files with 68 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/configuration.nix
View file

@ -113,4 +113,5 @@ in
# Some basics
nixpkgs.config.allowUnfree = settings.allowUnfree;
nixpkgs.config.allowUnfreePredicate = (pkg: true);
}

9
hosts/ragenix.nix
View file

@ -10,7 +10,10 @@
# secretsFile = (settings.secretsDir + /secrets.nix);
{
imports = [ ragenix.nixosModules.age ];
environment.systemPackages = [ ragenix.packages.${settings.system.system}.default pkgs.rage ];
environment.systemPackages = [
ragenix.packages.${settings.system.system}.default
pkgs.rage
];
age = {
secrets =
@ -65,6 +68,10 @@
file = /${settings.secretsDir}/nix2lio.age;
owner = settings.user.username;
};
nix2oren = {
file = /${settings.secretsDir}/nix2oren.age;
owner = settings.user.username;
};
github_read_token = {
file = /${settings.secretsDir}/github_read_token.age;
owner = settings.user.username;

8
readme.md
View file

@ -48,15 +48,20 @@
- Setup config as needed
- top level flake.nix additions
- add hosts dir and files needed
- `nixos-rebuild switch --flake ~/.config/nixos-config`
- `sudo nixos-rebuild switch --flake ~/.config/nixos-config`
- Update remote, ssh should work now: `cd ~/.config/nixos-config && git remote remove origin && git remote add origin "ssh://git.joshuabell.xyz:3032/dotfiles" && git pull origin master`
## Local tooling
* firefox/1password setup
- sign in to firefox
- sign into 1 password ext
- atuin setup
- if atuin is on enable that mod in configuration.nix, make sure to `atuin login` get key from existing device
- TODO move key into secrets and mount it to atuin local share
- stormd onboard to network
- ssh key access, ssh iden in config in nix config
## Darwin
@ -83,6 +88,7 @@ efi /EFI/Microsoft/Boot/bootmgfw.efi
# TODO
- on new cosmic the bar is shown can i have this hidden by default
- Split config into further flakes, inputs should not affect other systems, like first run without stormd
- work on secrets pre ragenix, stormd pre install for all the above bootstrapping steps would be ideal
- reduce home manager, make per user modules support instead

38
secrets/nix2oren.age Normal file
View file

@ -0,0 +1,38 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USA4ejJq
VHBFbVAxNWhPZnlNY1BZNkJqUXdhdGdHamFYVkVLNlpPQnFOakZZClNObTc2YU5Z
KzJpMDF3TTVrWmJWdkVsMkJpVkRlOVJleVRoTXoraUY3dTAKLT4gc3NoLWVkMjU1
MTkgSmh2TCtRIFBwT2tDdFVjMWxhYlB6QmQvdGRjTDhZSzlUNUFvbG0wYytLcitS
Vk9ha2MKVVRFQ1hMS0Yzd3oxbEZFWHY3ODJSRGhpbS9iVVZsWStZYzZmQmF1Ym5T
bwotPiBzc2gtZWQyNTUxOSBTcENqQlEgd0g2SmlwQ0RCSnpnaWNOTmx0SmRESUpz
Q1ZPTis5NHVicFAwRVZlR3F5WQo1eC9xQTNEelJKbUtFMWxSOThQUnpteVY0QmNl
TzhKVi9NZ1N0eVFQVVFvCi0+IHNzaC1lZDI1NTE5IEJZS0crdyAzYUVNakZzeldL
MzhoQzY0T09CWnBNYjZQYXVDTFFPS1hqRG9QcFJPQm00ClFJdGtnUkwzbHhQQnJD
U1pvZUJ6Mjl4cDNyNm9uczdSZG5CKy8vb3czc2MKLT4gc3NoLWVkMjU1MTkgWHpm
bWFRIHZlT0k3YXhXT012SVBMUEtRYXpaMmh3c3kxbUluNkNGeDBRRkdRcmRnQzgK
UEhWNGZPSlhXcHB1MnArcUp0Z3Y0amtKV284YU1aZWNUZE1zaDBkVm9wSQotPiBz
c2gtZWQyNTUxOSBSNSt4ZncgN0YvQlFNUFBheUJURzhoQkg5bEZCUGM3VUVFSDk0
bDUyMW1RdjRzQklnTQpXTktUOTdvWE5FWEwzNFBKSjZWbTZIcUpIL2dYQkJOVEUr
YlFudE5PYmlnCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSB5WGtlUURGZ2thMkdOMmdX
d2drUklkeW1xVlk1eDVSNGc5ZkJEZjVwWEhBCmRiazcrVzRGbktGNnl5c1ZudC90
b0swK0cwdUQ4S2V0RGV4enFZWFh3WVUKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIGFB
THloYVM5eE9zSnQ4ejd5T0pSK1UzTmY5T0F5ejFUcWUySHdsaG1BMk0KUGd1Smov
ZlFkdDhQT1FCNkNaQzU5RmpYSHlFMzNzRGJMeHNRVzZscCs5NAotPiBzc2gtZWQy
NTUxOSB3ZHJaSkEgSVh5aVFlOFZHb0YxclRUZjJjWnAvMEdGU25zTkNYcUc3djRh
VFdBZ1RCdwpDTFFYbUtlQ3ZrdXR1d1Q4L0p5ckhvNGlwYzgrRndraHdFMXRlRkIy
OXdNCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBpNVNOTC9Id3JTMUEyNDM2OEcxcGNu
NVlJTWQzSVl0U2o5YUl0TjZYa2xNCjd1WDFPbXNuQmo1anM3eFRpU3NJc0NMeFJX
L2Rsc2xTbXBqSXdaTk50cUUKLT4gc3NoLWVkMjU1MTkgWmUxTXdRICtJbURKL2da
eEsycSt6TzBvWUIrS1R2L2VKbUJvZVA1ZmtjQXplaWIvd1kKWm5vbzVkQ0dMOW5r
T1QvOFpoSW5MY21EN3gzRzJDRjRTYVJhVkJjeGt2dwotPiAjTkx0LWdyZWFzZQpq
d0kKLS0tIFpoamdUTXpvNkQ3N3ZkUlMwQUY3am03UUVLNVNXRmZsUUhlOTZ2MExD
bWcKi208SBEsgIk4hDTvAT/5xB2pd/vfQVwS/tRT4lOAMwZV5wNb7412LVDek5Ym
jdwoGkItzbmBYyXgWQn55dTApcDqGTJYK4qy4BT6w9yMsKcm0weF4suO/W8o+38D
Q0A/N+m9NbTEjTUM2uppr2T0dkpSqyK3ordVvbjOq/B7eBQNCRVm1ShcbyLekfiU
iwfh98Vlw8uQiCbCPA14IjBN25SvT1kvchkAgGtzozGrNRLVW8kYKv9KgRlVEU1r
kkS0Rhm9uRe6Kppo4K5+bHCKo8g8q7dcbya9a6Edlx36zdJwGWZ0EXkQtijCBcz1
Ipgfktovy/yfhiBv9eYPjxJe+njyZUpUJNpydScnHJejGg0OJMkA0tRULNbxs1Uy
x5bCPl7SvZZlgsIktMwhekxJ9kIUsYgwtHbSEP9xIFFyRxSeaJSVFBx4jKFeFJlf
4pzuFOHp4RVyylYuhkKvWtuJ/PXYXm5wUptDc72vGeA7NDo5p/6u7KO6CfhVTpQ9
cRKIdLxFFhqfV6m+BxoJY/TCyA/MONXxabETpQ3skPu9sCZXR4rpEKY=
-----END AGE ENCRYPTED FILE-----

3
secrets/secrets.nix
View file

@ -64,6 +64,9 @@ in
"nix2lio.age" = {
inherit publicKeys;
};
"nix2oren.age" = {
inherit publicKeys;
};
"github_read_token.age" = {
inherit publicKeys;
};

5
users/_common/home_manager/ssh.nix
View file

@ -26,6 +26,11 @@
hostname = "10.12.14.116";
user = "josh";
};
"oren" = {
identityFile = age.secrets.nix2oren.path;
# hostname = "10.20.40.104";
user = "josh";
};
"joe" = {
identityFile = age.secrets.nix2joe.path;
hostname = "10.20.40.102";

6
users/josh/by_hosts/oren/nix_modules/ssh_authorized.nix Normal file
View file

@ -0,0 +1,6 @@
{ settings, config, ... }:
{
users.users.${settings.user.username}.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMzgAe4od9K4EsvH2g7xjNU7hGoJiFJlYcvB0BoDCvn nix2oren"
];
}