mirror of
https://github.com/JulienMalka/snowfield.git
synced 2025-03-25 21:30:52 +01:00
Lot of changes, playing with ssh keys
This commit is contained in:
Julien Malka
parent
920ac9efc4
commit
6096bc5515
13 changed files with 168 additions and 17 deletions
|
|
@ -9,3 +9,8 @@ creation_rules:
|
|||
- *macintosh
|
||||
- *newton
|
||||
- *lisa
|
||||
- key_groups:
|
||||
- age:
|
||||
- *macintosh
|
||||
- *newton
|
||||
- *lisa
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@
|
|||
./home-julien.nix
|
||||
];
|
||||
|
||||
|
||||
luj = {
|
||||
mediaserver.enable = true;
|
||||
homepage.enable = true;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,24 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
{
|
||||
|
||||
sops.secrets.ssh-lisa-pub = {
|
||||
owner = "julien";
|
||||
path = "/home/julien/.ssh/id_ed25519.pub";
|
||||
mode = "0644";
|
||||
format = "binary";
|
||||
sopsFile = ../../secrets/ssh-lisa-pub;
|
||||
};
|
||||
|
||||
sops.secrets.ssh-lisa-priv = {
|
||||
owner = "julien";
|
||||
path = "/home/julien/.ssh/id_ed25519";
|
||||
mode = "0600";
|
||||
format = "binary";
|
||||
sopsFile = ../../secrets/ssh-lisa-priv;
|
||||
};
|
||||
|
||||
|
||||
|
||||
luj.hmgr.julien = {
|
||||
luj.programs.neovim.enable = true;
|
||||
luj.programs.ssh-client.enable = true;
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@
|
|||
authorizedKeys = lib.splitString "\n"
|
||||
(builtins.readFile (pkgs.fetchurl {
|
||||
url = "https://github.com/JulienMalka.keys";
|
||||
sha256 = "sha256-jx0/AAAeq5d6h1ytdUUnF/bMcn4h0UIKQCwzi3S5+YQ=";
|
||||
sha256 = "sha256-nBgn7jOqi/nPHhTy3x/oirL+A4X2gbmwy1NXLZhV99M=";
|
||||
}));
|
||||
|
||||
};
|
||||
|
|
|
|||
|
|
@ -29,6 +29,22 @@ in
|
|||
|
||||
sops.secrets.drone = { };
|
||||
|
||||
sops.secrets.ssh-drone-pub = {
|
||||
owner = drone;
|
||||
path = "/home/drone/.ssh/id_ed25519.pub";
|
||||
mode = "0644";
|
||||
format = "binary";
|
||||
sopsFile = ../../secrets/ssh-drone-pub;
|
||||
};
|
||||
|
||||
sops.secrets.ssh-drone-priv = {
|
||||
owner = drone;
|
||||
path = "/home/drone/.ssh/id_ed25519";
|
||||
mode = "0600";
|
||||
format = "binary";
|
||||
sopsFile = ../../secrets/ssh-drone-priv;
|
||||
};
|
||||
|
||||
|
||||
systemd.services.drone-server = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ with lib;
|
|||
package = pkgs.nixUnstable;
|
||||
extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
narinfo-cache-negative-ttl = 0
|
||||
'';
|
||||
nixPath = [
|
||||
"nixpkgs=${inputs.nixpkgs}"
|
||||
|
|
|
|||
|
|
@ -39,8 +39,8 @@ sops:
|
|||
YlZjaTNZL29VcHlReGxWRENobHcyUDgK1518yGevHiTP1WiaIvqeqYBi8Y9ZhoJZ
|
||||
okemTbpj3Svv/TVIjKp3iO/KHHPYrCZPOQAmvxf/PP14ahOmEv255g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2021-12-26T16:45:06Z"
|
||||
mac: ENC[AES256_GCM,data:gqUzmGJZna83Rfxlv+kkae4kiD5lmQiyYV53AMAvV32zl3p3JVMqRpH+g3VFqdjNJeaMZWRzyqzh3DANenFdmbXVc5i1tv9Ugki2cSVoQfK72wstjvibu9xKbs9zSIGMQ+jMcZss/J/8ucXxhJlMeT++2fevCASn0jGSFIxzOEI=,iv:SpRN1QS+zj1CimaIcEOFubMZa1s05LtujXOjEGuLdHg=,tag:8zOgLnWi2kCONHxbiUVR+A==,type:str]
|
||||
lastmodified: "2021-12-28T15:18:35Z"
|
||||
mac: ENC[AES256_GCM,data:ftj4oUkOL1p6l3pE1LMhGigVm4EeEbQZKVX1zY+W2JW7vBN6jY0D34FmPmo5gzVDiPb3O8qHXITPtddHMKscxL/zt6731102qVVG/4wS3ZnF246/4ZrBTZqZ074xDA2P2WzVkTBL39m1DRMBPt1P7U69S2EM/pQy0m9G/hs3auo=,iv:9Jv586T7K+TigZ/qmx+w47EtQ/RBy6Y/9KqFkINmUgs=,tag:P6VmHtPWwz0UxBdbaZZpGQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.1
|
||||
|
|
|
|||
28
secrets/ssh-drone-priv
Normal file
28
secrets/ssh-drone-priv
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
{
|
||||
"data": "ENC[AES256_GCM,data:ENFmB2kdyTaq3SzF/k35v6xjkjvOo8u1uiqSfZW1euH3QPrRk8cUS9HPgCYooGqIFDObgnLDuuZl7uD1LO+d3TIq0I+B13W78zk1UBIgXgRWh2l7LsOoSt8Qb1LZEOSXbKBBu7eyVIIZN/RNq17dVH9YmQJmUcEJ4gP9n8SWp4rYHsPquporbIOCRW+najqV8TuLBzjZPxBDdP9usArXZE9/vwI8XUqsJTsYeYsIZ3eWwBsWOap3ay7wN1V9FbI9XV4MVQ1WzcbU+BsZIWUQWbQiAXpDC80FZtw1UZsJ2sdTAYALcpBN3RRdJW4x50dAEPeU+nIne/s6LLVVkM0MnkOUPrSPYZMgWjcmqVbg84u2eds8FsvHeRoxyV/pA7f2fF6bXoN65J0HDMZAvtHC9vyz5ARTfEdozppn7Jjs/L7g5rGio6vRHBPwhrdOv3LET5SqbQgwyCrdZlJTrTtvPDRigeu3VzOvtp858Bhvepk1yaARJle6INu8lLkXrHsl/4I9/rn3Vd7ZvVBHYb3S,iv:VmBe+YjG1qGGgLyNTIYuWq5IfdfIfRGfpWxckqNJiII=,tag:vNwU27mJQSqULPBzoB+AsA==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1ac9aek30209ppmxxxpfc65wet344u57pdy3zmk3whjlta38m6q9s9m666g",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBudnFyY0p5azlFWTF5dUdE\nVVRyZzB3cHBKYmU2TnJWcnZNbWYzUnJPdXlNCkhyTjJrWU5PWHR0NzRkWmRaeFZ5\ncWtvSWtpVDE3Z3BKK2tUYmJCMCtnS3cKLS0tIElSLy85dnlJVWVMZzErQTlGWU5h\nOEpsM1EwV1hwalgxdVRUdzg4RWtVV0EKVEIKTvhLEzCXZTZjyXoSgYLvqt2kxdQ0\n3tgWA2+9QcZBqYXvJKqchmkIjX1mOE3aouKNfIifvax8g57GL0tjgg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age162v5365xrnzm9tlxy4w3e6fqds7k3h029qezvl73z6rs5skcn9hs7vml45",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0czEvSE1qWFY5ME1vVHpG\nMnpQMjBJSHZyYW1uYXV1b1JRRzVtV0RmZmhNCjFDUmZwRTVMR3BiTnBJbVhWYlVG\nRWlVVzJWbThTS1JsOUdOUkY5ZUd2VWMKLS0tIEVaL3BLN01XSjBiRlFDald3Qktw\naU8zY1JnOEszekZDN0Ewcm9VUmlVYVUKPAVthML21zg4LlO2vg0+ZLPGPJqgPumu\nLhqA23T4wrJqZ1ppxrHbkYDiWF9z9ZORISQXflanGhFHPlx2CaIZmg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age14shnplzdf2uatzd7wkvnquqw00zjfly3404ak5lqevajanzdw5qqedjw0y",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5aU5ESlMzcEdwckZWN2I3\nbkI0SGVDbDNBUnE3WjFqSW1naE1RSEtUUG5zCmxPM216UnFoa1lQS21ENlZJTzVh\na2loNVgyUkVqU0NHalhhNWJuMDAydjAKLS0tIFRVVnlTYnFZNTdGU1AzWGw0QUFG\nc2c3em5oVmFBWlVjR2RQWlZGdjlrZUkKq7y5PbzcS9IhlEB7WMGE50E5cxgzNWFV\nOcT5WaBJw+l660NQ45aBZ/N7EbexmMYEIVq3fzucvgLTyg5fQ1rurA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2021-12-28T15:07:08Z",
|
||||
"mac": "ENC[AES256_GCM,data:5bPNrKmAVcpk8HB1NwicNVM5bRKC6xHKSXGkN2p+BUmc+Cc89g2LEkls2p4Pjo/5g3JZITKW/RLvYmKxoeLGGuFhWtPiXkqjoRindndTUsivkgHOek6AR0tuPl69ec9u2/+BGRDjUiSiyryNy/0BeVpTW9qtyZpVTDRFY39JRQk=,iv:T5d5ViJRU4qf+pRJl/kr2Ina6trPridfQmi7K8BaVnY=,tag:bEnR5GgK4PiZca/gnipZqQ==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.7.1"
|
||||
}
|
||||
}
|
||||
28
secrets/ssh-drone-pub
Normal file
28
secrets/ssh-drone-pub
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
{
|
||||
"data": "ENC[AES256_GCM,data:lBRY3nMvWa7zyIKavA5v8h0DWU6zQeYxRKlPktWovWvihwOylDP0q9F/bn9TV8PxKXUDbpg9jtGKcdskJze2wEVanZTrOaSJzxK6smi+A2vjgL8zgUCUstDlGvw=,iv:HfAensGs8RqDL/jmnRZm0VEgoo6NaxjXE7studrcL4M=,tag:B76i+AQZYMo3k/VizxjDog==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1ac9aek30209ppmxxxpfc65wet344u57pdy3zmk3whjlta38m6q9s9m666g",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMNm5FSTk1VTRRSWxrb0Fq\nWU0vOW0yRmtGMy9iaUk3UFgya1ZtMXpEd0djCm9rTjUxNVY3Sk5nZzZSdk9pZWhM\nOFpEMUdWcXJudEZBYTVlQWJMc2Y5YlkKLS0tIG5wSUEwU3M0bVYxMUwyWHJ4VU80\nTjFmanVUSGtpT1VVTHJYZkFhcTNwRk0KTMk4JFAfhl3Ipl/dftjQUWit/m8hnvyc\nCw6xv3RXFkqa0uuPTGCKoyMGpN1wWflzD8Fjk/HMHcXv91Dvvyu3Gw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age162v5365xrnzm9tlxy4w3e6fqds7k3h029qezvl73z6rs5skcn9hs7vml45",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWYlphNXY1VXV5Nk8vMWUv\nWUVTKzhRNlJaSUowb3ZBNkJYazJnYkltN2lVCk9IYkU5TitSUXJHTnFvMmZhTjZi\naVB2UlVXbzVYcW56UjBnWTNKRFNZS2cKLS0tIGhheVFDd3VoM05qUXhHZCs3eVRk\nZFNEV09PK3JidnhBWGd0WE1obW8zd2cKN2dHnq6UrVx8twzV7UfEcDA6tacdoHuR\n9oM+TVkmqydf7meE5MEJeeUysEmdgRbm0an1l3F11G2+EBURE4WUzg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age14shnplzdf2uatzd7wkvnquqw00zjfly3404ak5lqevajanzdw5qqedjw0y",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxNyt4cGtzS1hVazlzQnVq\nTVZRaFRzbXhEaDFUcTRXbm1XMnBueUNyMlFNCnlmdzkrVHJqUWI2KzAvbTYrRWlC\nZFRzeUs2Yi82TlNaQ2treTFIZ1V3SEUKLS0tIDBHMUd0dy9MYjY0WDlNOFBkb3Y5\nd2s3bTNXUWcyN09XRGo1YjZXWkpHS1UKfbPhqbPjHQBo0nC+QltSZVX2EwciMpLr\njIz3DWUqqJ8h9hkiSG9U3V3wX4vEJb31GDflXjLxIFpwvnioZ1TMCw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2021-12-28T15:18:55Z",
|
||||
"mac": "ENC[AES256_GCM,data:qq0bD4Eq9FjQJMaPSpR4kktHGRnWOURVOV+T6HyNueU0numi/MT6TAEp4qoSTOTnt7595pwhDvAOzQPRrDdRSGWbGcOY3KWAc4GcUAkn2dXaKs5F8dOaXia0zaeK73/7h4nlbWjYpqqX/NduCDGnozelaHcOmk3X6INNKe0P+lc=,iv:Y76+kSAfjGhl6misdScSS0wDzOyGLXJVvgdoyktejZs=,tag:iimJfOv3L2c5UjTrT8v6VA==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.7.1"
|
||||
}
|
||||
}
|
||||
28
secrets/ssh-lisa-priv
Normal file
28
secrets/ssh-lisa-priv
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
{
|
||||
"data": "ENC[AES256_GCM,data:97qfmxcdkR2w6OeqcJE69z20EyzUXz3Pw7Y7ilS5OSwtPaGBLTbmmodlOvOAWKHxN+YIYRvN8zrmuFQyzkgb1tH9ft1kEpJ8IETIBSFxssWxjqLpncClIPQ9a0gUPXym14GhcxsLuPaDoircZmCnT6/HrTfqi8Fs35akqgqFlPTsIflUtWo9zMAJwEhHgTwxEF5gEEJcY7IxBEO6TwSsvgw1l9ZpdupGb1uPCcWNq+ZOVDuzJwVeOc4dIs9OI9gQfZZohPaqHSmYxBGA8Y4YkVDn4vQPYnrhQ+ZTQ+rhdTad+8iZ5RRXr7MXTSSFEGf/MFRBIoNAYPh8t7nw2kzV3kUFkZWgik5J18Wn8ld/Gt9c/3l4pghS31Ofjgtf7fIkuK18CRnfc3cXMj+gRxij2QWh5tsvInkQcnnQ1CxlRA0upp3cpWibLT96o9oy/NWYG2ebx20KTfzHFBbxQxGmRKALvHeF+z2UCDGg52zDjasCmzHwBB2JAHDXK70RFtuEFhcv1ClmsNUFeOuNt3Z0,iv:2MUNlrn4iVM/mbZy+AmsuG7klrlY305RcvX7JyCSYFM=,tag:sK9HwaoTtHAjGx4W6xiXxg==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1ac9aek30209ppmxxxpfc65wet344u57pdy3zmk3whjlta38m6q9s9m666g",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjbWl0S3lic2ZaTzVBd0wz\naEVNR3VsdDg5RmJCWkswUWlDQXl1L3orTTFVCjNXaEJpb3cvSVUyZE9xaHZqRDdG\nanZMUFl5eER0ZytHSHNuck5BSENOSTQKLS0tIENXUHZCdUppcTRFUDhLZUVmalFG\nWHloUndFZGw2QjJ6T3pKOXByY2xtdDQKfOkf1HLvAP1k+Ilqyy/vcOCE/iV9lYZK\nChSoTuJo8PbgUkhvLtpwSM2SPF+Ewil/B8gRIxsPuq+rMy6Tak3gRA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age162v5365xrnzm9tlxy4w3e6fqds7k3h029qezvl73z6rs5skcn9hs7vml45",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzc2lWcElVVGhPQUNaRnB2\nVzRDNStGcVQrWmU2cHNtL2ZZNi96OUhGR3dFCng4M1dxMko0NzZWcmxxakl0YjBK\nVjVobFVLNGNvbFF6eFp1ZG5DOTk1SEUKLS0tIDEzUnUyRGhwdzZZWnVvbUNFN3dE\nKzNZYnYybzZIQ2dSTFpjbG9ncnJzd3cK+uFUbnfZ4L/XeoQnBTmmQ9kv042REZ92\nqzy4+WPOcmaWuLhBwDZBwIMtA6Fq/XOU5Y0xTJC56XIadgxiTGISOg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age14shnplzdf2uatzd7wkvnquqw00zjfly3404ak5lqevajanzdw5qqedjw0y",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZDltcG5vbEpYYmtrT0gy\nS2JXeWc4SDJxdVo3SFRkckNvOVMyTkVSTkNBCkh6SU5XSzJpYytYS2N4YUZqS3p1\nM211M0VJTGRpc01TRi92Z1V4NDI1RlEKLS0tIFlVVWJpOEZxV0xtLzZOZzRzVmh5\nQXFsKzdILzA2ZkQ1ak9oZkNab2w2bXcKSzuLno7QuIsuM/+PY3By1GSsYsyZf8vH\nNinyQ4ML8srKy2OlcSUqFgH2N9nqkH4yr4xm+6UghX0xqYNvSGj5Pg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2021-12-28T15:30:36Z",
|
||||
"mac": "ENC[AES256_GCM,data:Lo3A4NBDnEsZdoJTZSyOqYzT8VIe254/Nrukm9m1PibnWw1CZIMavnrhLFBBrG1XCOHwXgAtEu4wcuFBxBM3se47wEJbCRzrV/Y6QdS4bP8ag0ASot/CUqDVMJh2N+oYuejYQNEgvq1samHCl/kNisuena5nq6abdqYaJe4VgTs=,iv:0pXKaHw4CcEw8jMM2z/8KKkzI3GndDhfXJlHiEZR5fk=,tag:NGuC5t6fbWWLFUmIw9jQBA==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.7.1"
|
||||
}
|
||||
}
|
||||
28
secrets/ssh-lisa-pub
Normal file
28
secrets/ssh-lisa-pub
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
{
|
||||
"data": "ENC[AES256_GCM,data:7pCZ/RVYSoODGTF17NHk6HewK27KcjSMbHHZEpB3zbvNcCCCvORXi7HOp+GUIn0OjMxOuHEVfPfWrpNKpsbOZX6/SVRtrHOHvvG8zASnBHl5ezxkdOZ3HYxms0iY,iv:wNE3vY1UBdb6ydmIsYk4BDqd+IPAEcTPhHStV2EY9hY=,tag:SFLb6VPF8V5JWSPQQK5cvg==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1ac9aek30209ppmxxxpfc65wet344u57pdy3zmk3whjlta38m6q9s9m666g",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpV3h5YUU1dXBpUXBDREMr\nSlZlRjJzR1BuNEM0aTRVUDB5OVM5TFNrbVNjCnFuMUwzN0wrLzVTbjJVVHhLTDhp\na2RTWlo1N0xjbDJ2ZS9SbW9CR3JYcGsKLS0tIFpxcWduWkhPWkpZNEx3eEtJYnAv\nUEVKOUl6U25oLzYzOVJzcmRIQnd5c2sKFSwbRZvCGSh47Lo7XAPtx/tvGdxgJclE\nWevnMKu2XJd511IjN7d/PVC5IrpMQH+pSuYuYEneHajnjGlZAjg3EQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age162v5365xrnzm9tlxy4w3e6fqds7k3h029qezvl73z6rs5skcn9hs7vml45",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLY0dEQkxVd0hHcHIxRlg3\naHFYMGUranBXM05pR3hleU9FcVVPWnBCa1I0CnloMHpIcFN0OEt1bkZFektNeWRE\nVW84REZVamlGUWNMRGNwd3l2SXRraUUKLS0tIFNvaHc2dXFLdFZ0TFZnaDRuZjlh\nVVhWY0kybXdKdkNFQXRFSUNzeHNETU0KZ1q7P1j9oySm26r3EK+8BNITNhcgHzXc\nUVlqCTrwdjn2GT2UdUqjYyVPNxj0YC7GwIvu63YlIG5Ed4gI9H0rEg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age14shnplzdf2uatzd7wkvnquqw00zjfly3404ak5lqevajanzdw5qqedjw0y",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5UnJpVmVPQlk1SmQxUHRq\nYnJNeXhpZ3RvUzgyTVcrOE9jOFl6Y2l4RkJnCmNFOEFsN3RBVzc1SUVEdzM2cUhS\nZjQ3TXcrdTQ4WW8vQ2duMXVvV0RNM2cKLS0tIHNuVlJ2eDEydlY1MDVMLytaekR4\nUFNVYVNEZzc1YWY2dGVEV0FJeUtmODgKlkqPv4pMzv3sRDEGgdp8MaugoW7x5+qI\nfHu+q5MZtBZx1RUbDCxvl3guPRzz0mEg+3y40Qvf2z2H1E4j8ZR3rA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2021-12-28T15:30:46Z",
|
||||
"mac": "ENC[AES256_GCM,data:Z01edEHQYDgomrO3Rdm6yrBX+LCnW49uqKBlB3et3Gl/u3885XGbeFglfJl5f5+IP1iq1iXghnaTl0b7gpHTySzpTH5+Gv8BG3Tlvziczkl8kPjgwj1h7qdMJH3lxj3OQE5e23o7B2JQV9dsjKuM2gce+E3oQvl9cgX4WSZ//NI=,iv:eeG7JUYT3uI8rbbi+MdOYkSwERf6rvWtQI0MjKYgcAo=,tag:WlChOqnfalo9mq1SkcUlGQ==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.7.1"
|
||||
}
|
||||
}
|
||||
|
|
@ -1,20 +1,19 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
|
||||
|
||||
users.mutableUsers = false;
|
||||
users.defaultUserShell = pkgs.fish;
|
||||
sops.secrets.user-root-password.neededForUsers = true;
|
||||
|
||||
programs.fish.enable = true;
|
||||
|
||||
users.users.root = {
|
||||
uid = config.ids.uids.root;
|
||||
description = "System administrator";
|
||||
home = "/root";
|
||||
shell = lib.mkForce config.users.defaultUserShell;
|
||||
group = "root";
|
||||
passwordFile = config.sops.secrets.user-root-password.path;
|
||||
};
|
||||
users.users.root = {
|
||||
uid = config.ids.uids.root;
|
||||
description = "System administrator";
|
||||
home = "/root";
|
||||
shell = lib.mkForce config.users.defaultUserShell;
|
||||
group = "root";
|
||||
passwordFile = config.sops.secrets.user-root-password.path;
|
||||
};
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,23 +1,21 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
|
||||
|
||||
sops.secrets.user-julien-password.neededForUsers = true;
|
||||
|
||||
|
||||
users.users.julien = {
|
||||
isNormalUser = true;
|
||||
home = "/home/julien";
|
||||
extraGroups = [ "wheel" "docker" config.users.groups.keys.name];
|
||||
extraGroups = [ "wheel" config.users.groups.keys.name];
|
||||
shell = pkgs.fish;
|
||||
passwordFile = config.sops.secrets.user-julien-password.path;
|
||||
openssh.authorizedKeys.keyFiles = [
|
||||
(pkgs.fetchurl {
|
||||
url = "https://github.com/JulienMalka.keys";
|
||||
sha256 = "sha256-jx0/AAAeq5d6h1ytdUUnF/bMcn4h0UIKQCwzi3S5+YQ=";
|
||||
sha256 = "sha256-nBgn7jOqi/nPHhTy3x/oirL+A4X2gbmwy1NXLZhV99M=";
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
|
||||
nix.allowedUsers = [ "julien" ];
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue