From 6096bc5515df6e625194e01e4b3f439401881329 Mon Sep 17 00:00:00 2001
From: Julien Malka <julien.malka@me.com>
Date: Tue, 28 Dec 2021 16:42:30 +0100
Subject: [PATCH] Lot of changes, playing with ssh keys
---
.sops.yaml | 5 +++++
machines/lisa/default.nix | 1 +
machines/lisa/home-julien.nix | 19 +++++++++++++++++++
machines/newton/hardware.nix | 2 +-
modules/drone/default.nix | 16 ++++++++++++++++
modules/nix/default.nix | 1 +
secrets/secrets.yaml | 4 ++--
secrets/ssh-drone-priv | 28 ++++++++++++++++++++++++++++
secrets/ssh-drone-pub | 28 ++++++++++++++++++++++++++++
secrets/ssh-lisa-priv | 28 ++++++++++++++++++++++++++++
secrets/ssh-lisa-pub | 28 ++++++++++++++++++++++++++++
users/default.nix | 17 ++++++++---------
users/julien.nix | 8 +++-----
13 files changed, 168 insertions(+), 17 deletions(-)
create mode 100644 secrets/ssh-drone-priv
create mode 100644 secrets/ssh-drone-pub
create mode 100644 secrets/ssh-lisa-priv
create mode 100644 secrets/ssh-lisa-pub
diff --git a/.sops.yaml b/.sops.yaml
index fa85c2f..27cbfb8 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -9,3 +9,8 @@ creation_rules:
- *macintosh
- *newton
- *lisa
+ - key_groups:
+ - age:
+ - *macintosh
+ - *newton
+ - *lisa
diff --git a/machines/lisa/default.nix b/machines/lisa/default.nix
index 2406acc..c827364 100644
--- a/machines/lisa/default.nix
+++ b/machines/lisa/default.nix
@@ -11,6 +11,7 @@
./home-julien.nix
];
+
luj = {
mediaserver.enable = true;
homepage.enable = true;
diff --git a/machines/lisa/home-julien.nix b/machines/lisa/home-julien.nix
index fe74320..6aba01b 100644
--- a/machines/lisa/home-julien.nix
+++ b/machines/lisa/home-julien.nix
@@ -1,5 +1,24 @@
{ pkgs, lib, config, ... }:
{
+
+ sops.secrets.ssh-lisa-pub = {
+ owner = "julien";
+ path = "/home/julien/.ssh/id_ed25519.pub";
+ mode = "0644";
+ format = "binary";
+ sopsFile = ../../secrets/ssh-lisa-pub;
+ };
+
+ sops.secrets.ssh-lisa-priv = {
+ owner = "julien";
+ path = "/home/julien/.ssh/id_ed25519";
+ mode = "0600";
+ format = "binary";
+ sopsFile = ../../secrets/ssh-lisa-priv;
+ };
+
+
+
luj.hmgr.julien = {
luj.programs.neovim.enable = true;
luj.programs.ssh-client.enable = true;
diff --git a/machines/newton/hardware.nix b/machines/newton/hardware.nix
index 84d37a1..630d69a 100644
--- a/machines/newton/hardware.nix
+++ b/machines/newton/hardware.nix
@@ -21,7 +21,7 @@
authorizedKeys = lib.splitString "\n"
(builtins.readFile (pkgs.fetchurl {
url = "https://github.com/JulienMalka.keys";
- sha256 = "sha256-jx0/AAAeq5d6h1ytdUUnF/bMcn4h0UIKQCwzi3S5+YQ=";
+ sha256 = "sha256-nBgn7jOqi/nPHhTy3x/oirL+A4X2gbmwy1NXLZhV99M=";
}));
};
diff --git a/modules/drone/default.nix b/modules/drone/default.nix
index 6d6475b..967c1e6 100644
--- a/modules/drone/default.nix
+++ b/modules/drone/default.nix
@@ -29,6 +29,22 @@ in
sops.secrets.drone = { };
+ sops.secrets.ssh-drone-pub = {
+ owner = drone;
+ path = "/home/drone/.ssh/id_ed25519.pub";
+ mode = "0644";
+ format = "binary";
+ sopsFile = ../../secrets/ssh-drone-pub;
+ };
+
+ sops.secrets.ssh-drone-priv = {
+ owner = drone;
+ path = "/home/drone/.ssh/id_ed25519";
+ mode = "0600";
+ format = "binary";
+ sopsFile = ../../secrets/ssh-drone-priv;
+ };
+
systemd.services.drone-server = {
wantedBy = [ "multi-user.target" ];
diff --git a/modules/nix/default.nix b/modules/nix/default.nix
index 27eaf3d..ce5e866 100644
--- a/modules/nix/default.nix
+++ b/modules/nix/default.nix
@@ -20,6 +20,7 @@ with lib;
package = pkgs.nixUnstable;
extraOptions = ''
experimental-features = nix-command flakes
+ narinfo-cache-negative-ttl = 0
'';
nixPath = [
"nixpkgs=${inputs.nixpkgs}"
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index 79355a7..3387081 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -39,8 +39,8 @@ sops:
YlZjaTNZL29VcHlReGxWRENobHcyUDgK1518yGevHiTP1WiaIvqeqYBi8Y9ZhoJZ
okemTbpj3Svv/TVIjKp3iO/KHHPYrCZPOQAmvxf/PP14ahOmEv255g==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2021-12-26T16:45:06Z"
- mac: ENC[AES256_GCM,data:gqUzmGJZna83Rfxlv+kkae4kiD5lmQiyYV53AMAvV32zl3p3JVMqRpH+g3VFqdjNJeaMZWRzyqzh3DANenFdmbXVc5i1tv9Ugki2cSVoQfK72wstjvibu9xKbs9zSIGMQ+jMcZss/J/8ucXxhJlMeT++2fevCASn0jGSFIxzOEI=,iv:SpRN1QS+zj1CimaIcEOFubMZa1s05LtujXOjEGuLdHg=,tag:8zOgLnWi2kCONHxbiUVR+A==,type:str]
+ lastmodified: "2021-12-28T15:18:35Z"
+ mac: ENC[AES256_GCM,data:ftj4oUkOL1p6l3pE1LMhGigVm4EeEbQZKVX1zY+W2JW7vBN6jY0D34FmPmo5gzVDiPb3O8qHXITPtddHMKscxL/zt6731102qVVG/4wS3ZnF246/4ZrBTZqZ074xDA2P2WzVkTBL39m1DRMBPt1P7U69S2EM/pQy0m9G/hs3auo=,iv:9Jv586T7K+TigZ/qmx+w47EtQ/RBy6Y/9KqFkINmUgs=,tag:P6VmHtPWwz0UxBdbaZZpGQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.1
diff --git a/secrets/ssh-drone-priv b/secrets/ssh-drone-priv
new file mode 100644
index 0000000..625c27d
--- /dev/null
+++ b/secrets/ssh-drone-priv
@@ -0,0 +1,28 @@
+{
+ "data": "ENC[AES256_GCM,data:ENFmB2kdyTaq3SzF/k35v6xjkjvOo8u1uiqSfZW1euH3QPrRk8cUS9HPgCYooGqIFDObgnLDuuZl7uD1LO+d3TIq0I+B13W78zk1UBIgXgRWh2l7LsOoSt8Qb1LZEOSXbKBBu7eyVIIZN/RNq17dVH9YmQJmUcEJ4gP9n8SWp4rYHsPquporbIOCRW+najqV8TuLBzjZPxBDdP9usArXZE9/vwI8XUqsJTsYeYsIZ3eWwBsWOap3ay7wN1V9FbI9XV4MVQ1WzcbU+BsZIWUQWbQiAXpDC80FZtw1UZsJ2sdTAYALcpBN3RRdJW4x50dAEPeU+nIne/s6LLVVkM0MnkOUPrSPYZMgWjcmqVbg84u2eds8FsvHeRoxyV/pA7f2fF6bXoN65J0HDMZAvtHC9vyz5ARTfEdozppn7Jjs/L7g5rGio6vRHBPwhrdOv3LET5SqbQgwyCrdZlJTrTtvPDRigeu3VzOvtp858Bhvepk1yaARJle6INu8lLkXrHsl/4I9/rn3Vd7ZvVBHYb3S,iv:VmBe+YjG1qGGgLyNTIYuWq5IfdfIfRGfpWxckqNJiII=,tag:vNwU27mJQSqULPBzoB+AsA==,type:str]",
+ "sops": {
+ "kms": null,
+ "gcp_kms": null,
+ "azure_kv": null,
+ "hc_vault": null,
+ "age": [
+ {
+ "recipient": "age1ac9aek30209ppmxxxpfc65wet344u57pdy3zmk3whjlta38m6q9s9m666g",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBudnFyY0p5azlFWTF5dUdE\nVVRyZzB3cHBKYmU2TnJWcnZNbWYzUnJPdXlNCkhyTjJrWU5PWHR0NzRkWmRaeFZ5\ncWtvSWtpVDE3Z3BKK2tUYmJCMCtnS3cKLS0tIElSLy85dnlJVWVMZzErQTlGWU5h\nOEpsM1EwV1hwalgxdVRUdzg4RWtVV0EKVEIKTvhLEzCXZTZjyXoSgYLvqt2kxdQ0\n3tgWA2+9QcZBqYXvJKqchmkIjX1mOE3aouKNfIifvax8g57GL0tjgg==\n-----END AGE ENCRYPTED FILE-----\n"
+ },
+ {
+ "recipient": "age162v5365xrnzm9tlxy4w3e6fqds7k3h029qezvl73z6rs5skcn9hs7vml45",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0czEvSE1qWFY5ME1vVHpG\nMnpQMjBJSHZyYW1uYXV1b1JRRzVtV0RmZmhNCjFDUmZwRTVMR3BiTnBJbVhWYlVG\nRWlVVzJWbThTS1JsOUdOUkY5ZUd2VWMKLS0tIEVaL3BLN01XSjBiRlFDald3Qktw\naU8zY1JnOEszekZDN0Ewcm9VUmlVYVUKPAVthML21zg4LlO2vg0+ZLPGPJqgPumu\nLhqA23T4wrJqZ1ppxrHbkYDiWF9z9ZORISQXflanGhFHPlx2CaIZmg==\n-----END AGE ENCRYPTED FILE-----\n"
+ },
+ {
+ "recipient": "age14shnplzdf2uatzd7wkvnquqw00zjfly3404ak5lqevajanzdw5qqedjw0y",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5aU5ESlMzcEdwckZWN2I3\nbkI0SGVDbDNBUnE3WjFqSW1naE1RSEtUUG5zCmxPM216UnFoa1lQS21ENlZJTzVh\na2loNVgyUkVqU0NHalhhNWJuMDAydjAKLS0tIFRVVnlTYnFZNTdGU1AzWGw0QUFG\nc2c3em5oVmFBWlVjR2RQWlZGdjlrZUkKq7y5PbzcS9IhlEB7WMGE50E5cxgzNWFV\nOcT5WaBJw+l660NQ45aBZ/N7EbexmMYEIVq3fzucvgLTyg5fQ1rurA==\n-----END AGE ENCRYPTED FILE-----\n"
+ }
+ ],
+ "lastmodified": "2021-12-28T15:07:08Z",
+ "mac": "ENC[AES256_GCM,data:5bPNrKmAVcpk8HB1NwicNVM5bRKC6xHKSXGkN2p+BUmc+Cc89g2LEkls2p4Pjo/5g3JZITKW/RLvYmKxoeLGGuFhWtPiXkqjoRindndTUsivkgHOek6AR0tuPl69ec9u2/+BGRDjUiSiyryNy/0BeVpTW9qtyZpVTDRFY39JRQk=,iv:T5d5ViJRU4qf+pRJl/kr2Ina6trPridfQmi7K8BaVnY=,tag:bEnR5GgK4PiZca/gnipZqQ==,type:str]",
+ "pgp": null,
+ "unencrypted_suffix": "_unencrypted",
+ "version": "3.7.1"
+ }
+}
\ No newline at end of file
diff --git a/secrets/ssh-drone-pub b/secrets/ssh-drone-pub
new file mode 100644
index 0000000..7901a8b
--- /dev/null
+++ b/secrets/ssh-drone-pub
@@ -0,0 +1,28 @@
+{
+ "data": "ENC[AES256_GCM,data:lBRY3nMvWa7zyIKavA5v8h0DWU6zQeYxRKlPktWovWvihwOylDP0q9F/bn9TV8PxKXUDbpg9jtGKcdskJze2wEVanZTrOaSJzxK6smi+A2vjgL8zgUCUstDlGvw=,iv:HfAensGs8RqDL/jmnRZm0VEgoo6NaxjXE7studrcL4M=,tag:B76i+AQZYMo3k/VizxjDog==,type:str]",
+ "sops": {
+ "kms": null,
+ "gcp_kms": null,
+ "azure_kv": null,
+ "hc_vault": null,
+ "age": [
+ {
+ "recipient": "age1ac9aek30209ppmxxxpfc65wet344u57pdy3zmk3whjlta38m6q9s9m666g",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMNm5FSTk1VTRRSWxrb0Fq\nWU0vOW0yRmtGMy9iaUk3UFgya1ZtMXpEd0djCm9rTjUxNVY3Sk5nZzZSdk9pZWhM\nOFpEMUdWcXJudEZBYTVlQWJMc2Y5YlkKLS0tIG5wSUEwU3M0bVYxMUwyWHJ4VU80\nTjFmanVUSGtpT1VVTHJYZkFhcTNwRk0KTMk4JFAfhl3Ipl/dftjQUWit/m8hnvyc\nCw6xv3RXFkqa0uuPTGCKoyMGpN1wWflzD8Fjk/HMHcXv91Dvvyu3Gw==\n-----END AGE ENCRYPTED FILE-----\n"
+ },
+ {
+ "recipient": "age162v5365xrnzm9tlxy4w3e6fqds7k3h029qezvl73z6rs5skcn9hs7vml45",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWYlphNXY1VXV5Nk8vMWUv\nWUVTKzhRNlJaSUowb3ZBNkJYazJnYkltN2lVCk9IYkU5TitSUXJHTnFvMmZhTjZi\naVB2UlVXbzVYcW56UjBnWTNKRFNZS2cKLS0tIGhheVFDd3VoM05qUXhHZCs3eVRk\nZFNEV09PK3JidnhBWGd0WE1obW8zd2cKN2dHnq6UrVx8twzV7UfEcDA6tacdoHuR\n9oM+TVkmqydf7meE5MEJeeUysEmdgRbm0an1l3F11G2+EBURE4WUzg==\n-----END AGE ENCRYPTED FILE-----\n"
+ },
+ {
+ "recipient": "age14shnplzdf2uatzd7wkvnquqw00zjfly3404ak5lqevajanzdw5qqedjw0y",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxNyt4cGtzS1hVazlzQnVq\nTVZRaFRzbXhEaDFUcTRXbm1XMnBueUNyMlFNCnlmdzkrVHJqUWI2KzAvbTYrRWlC\nZFRzeUs2Yi82TlNaQ2treTFIZ1V3SEUKLS0tIDBHMUd0dy9MYjY0WDlNOFBkb3Y5\nd2s3bTNXUWcyN09XRGo1YjZXWkpHS1UKfbPhqbPjHQBo0nC+QltSZVX2EwciMpLr\njIz3DWUqqJ8h9hkiSG9U3V3wX4vEJb31GDflXjLxIFpwvnioZ1TMCw==\n-----END AGE ENCRYPTED FILE-----\n"
+ }
+ ],
+ "lastmodified": "2021-12-28T15:18:55Z",
+ "mac": "ENC[AES256_GCM,data:qq0bD4Eq9FjQJMaPSpR4kktHGRnWOURVOV+T6HyNueU0numi/MT6TAEp4qoSTOTnt7595pwhDvAOzQPRrDdRSGWbGcOY3KWAc4GcUAkn2dXaKs5F8dOaXia0zaeK73/7h4nlbWjYpqqX/NduCDGnozelaHcOmk3X6INNKe0P+lc=,iv:Y76+kSAfjGhl6misdScSS0wDzOyGLXJVvgdoyktejZs=,tag:iimJfOv3L2c5UjTrT8v6VA==,type:str]",
+ "pgp": null,
+ "unencrypted_suffix": "_unencrypted",
+ "version": "3.7.1"
+ }
+}
\ No newline at end of file
diff --git a/secrets/ssh-lisa-priv b/secrets/ssh-lisa-priv
new file mode 100644
index 0000000..587b097
--- /dev/null
+++ b/secrets/ssh-lisa-priv
@@ -0,0 +1,28 @@
+{
+ "data": "ENC[AES256_GCM,data:97qfmxcdkR2w6OeqcJE69z20EyzUXz3Pw7Y7ilS5OSwtPaGBLTbmmodlOvOAWKHxN+YIYRvN8zrmuFQyzkgb1tH9ft1kEpJ8IETIBSFxssWxjqLpncClIPQ9a0gUPXym14GhcxsLuPaDoircZmCnT6/HrTfqi8Fs35akqgqFlPTsIflUtWo9zMAJwEhHgTwxEF5gEEJcY7IxBEO6TwSsvgw1l9ZpdupGb1uPCcWNq+ZOVDuzJwVeOc4dIs9OI9gQfZZohPaqHSmYxBGA8Y4YkVDn4vQPYnrhQ+ZTQ+rhdTad+8iZ5RRXr7MXTSSFEGf/MFRBIoNAYPh8t7nw2kzV3kUFkZWgik5J18Wn8ld/Gt9c/3l4pghS31Ofjgtf7fIkuK18CRnfc3cXMj+gRxij2QWh5tsvInkQcnnQ1CxlRA0upp3cpWibLT96o9oy/NWYG2ebx20KTfzHFBbxQxGmRKALvHeF+z2UCDGg52zDjasCmzHwBB2JAHDXK70RFtuEFhcv1ClmsNUFeOuNt3Z0,iv:2MUNlrn4iVM/mbZy+AmsuG7klrlY305RcvX7JyCSYFM=,tag:sK9HwaoTtHAjGx4W6xiXxg==,type:str]",
+ "sops": {
+ "kms": null,
+ "gcp_kms": null,
+ "azure_kv": null,
+ "hc_vault": null,
+ "age": [
+ {
+ "recipient": "age1ac9aek30209ppmxxxpfc65wet344u57pdy3zmk3whjlta38m6q9s9m666g",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjbWl0S3lic2ZaTzVBd0wz\naEVNR3VsdDg5RmJCWkswUWlDQXl1L3orTTFVCjNXaEJpb3cvSVUyZE9xaHZqRDdG\nanZMUFl5eER0ZytHSHNuck5BSENOSTQKLS0tIENXUHZCdUppcTRFUDhLZUVmalFG\nWHloUndFZGw2QjJ6T3pKOXByY2xtdDQKfOkf1HLvAP1k+Ilqyy/vcOCE/iV9lYZK\nChSoTuJo8PbgUkhvLtpwSM2SPF+Ewil/B8gRIxsPuq+rMy6Tak3gRA==\n-----END AGE ENCRYPTED FILE-----\n"
+ },
+ {
+ "recipient": "age162v5365xrnzm9tlxy4w3e6fqds7k3h029qezvl73z6rs5skcn9hs7vml45",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzc2lWcElVVGhPQUNaRnB2\nVzRDNStGcVQrWmU2cHNtL2ZZNi96OUhGR3dFCng4M1dxMko0NzZWcmxxakl0YjBK\nVjVobFVLNGNvbFF6eFp1ZG5DOTk1SEUKLS0tIDEzUnUyRGhwdzZZWnVvbUNFN3dE\nKzNZYnYybzZIQ2dSTFpjbG9ncnJzd3cK+uFUbnfZ4L/XeoQnBTmmQ9kv042REZ92\nqzy4+WPOcmaWuLhBwDZBwIMtA6Fq/XOU5Y0xTJC56XIadgxiTGISOg==\n-----END AGE ENCRYPTED FILE-----\n"
+ },
+ {
+ "recipient": "age14shnplzdf2uatzd7wkvnquqw00zjfly3404ak5lqevajanzdw5qqedjw0y",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZDltcG5vbEpYYmtrT0gy\nS2JXeWc4SDJxdVo3SFRkckNvOVMyTkVSTkNBCkh6SU5XSzJpYytYS2N4YUZqS3p1\nM211M0VJTGRpc01TRi92Z1V4NDI1RlEKLS0tIFlVVWJpOEZxV0xtLzZOZzRzVmh5\nQXFsKzdILzA2ZkQ1ak9oZkNab2w2bXcKSzuLno7QuIsuM/+PY3By1GSsYsyZf8vH\nNinyQ4ML8srKy2OlcSUqFgH2N9nqkH4yr4xm+6UghX0xqYNvSGj5Pg==\n-----END AGE ENCRYPTED FILE-----\n"
+ }
+ ],
+ "lastmodified": "2021-12-28T15:30:36Z",
+ "mac": "ENC[AES256_GCM,data:Lo3A4NBDnEsZdoJTZSyOqYzT8VIe254/Nrukm9m1PibnWw1CZIMavnrhLFBBrG1XCOHwXgAtEu4wcuFBxBM3se47wEJbCRzrV/Y6QdS4bP8ag0ASot/CUqDVMJh2N+oYuejYQNEgvq1samHCl/kNisuena5nq6abdqYaJe4VgTs=,iv:0pXKaHw4CcEw8jMM2z/8KKkzI3GndDhfXJlHiEZR5fk=,tag:NGuC5t6fbWWLFUmIw9jQBA==,type:str]",
+ "pgp": null,
+ "unencrypted_suffix": "_unencrypted",
+ "version": "3.7.1"
+ }
+}
\ No newline at end of file
diff --git a/secrets/ssh-lisa-pub b/secrets/ssh-lisa-pub
new file mode 100644
index 0000000..4e636f1
--- /dev/null
+++ b/secrets/ssh-lisa-pub
@@ -0,0 +1,28 @@
+{
+ "data": "ENC[AES256_GCM,data:7pCZ/RVYSoODGTF17NHk6HewK27KcjSMbHHZEpB3zbvNcCCCvORXi7HOp+GUIn0OjMxOuHEVfPfWrpNKpsbOZX6/SVRtrHOHvvG8zASnBHl5ezxkdOZ3HYxms0iY,iv:wNE3vY1UBdb6ydmIsYk4BDqd+IPAEcTPhHStV2EY9hY=,tag:SFLb6VPF8V5JWSPQQK5cvg==,type:str]",
+ "sops": {
+ "kms": null,
+ "gcp_kms": null,
+ "azure_kv": null,
+ "hc_vault": null,
+ "age": [
+ {
+ "recipient": "age1ac9aek30209ppmxxxpfc65wet344u57pdy3zmk3whjlta38m6q9s9m666g",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpV3h5YUU1dXBpUXBDREMr\nSlZlRjJzR1BuNEM0aTRVUDB5OVM5TFNrbVNjCnFuMUwzN0wrLzVTbjJVVHhLTDhp\na2RTWlo1N0xjbDJ2ZS9SbW9CR3JYcGsKLS0tIFpxcWduWkhPWkpZNEx3eEtJYnAv\nUEVKOUl6U25oLzYzOVJzcmRIQnd5c2sKFSwbRZvCGSh47Lo7XAPtx/tvGdxgJclE\nWevnMKu2XJd511IjN7d/PVC5IrpMQH+pSuYuYEneHajnjGlZAjg3EQ==\n-----END AGE ENCRYPTED FILE-----\n"
+ },
+ {
+ "recipient": "age162v5365xrnzm9tlxy4w3e6fqds7k3h029qezvl73z6rs5skcn9hs7vml45",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLY0dEQkxVd0hHcHIxRlg3\naHFYMGUranBXM05pR3hleU9FcVVPWnBCa1I0CnloMHpIcFN0OEt1bkZFektNeWRE\nVW84REZVamlGUWNMRGNwd3l2SXRraUUKLS0tIFNvaHc2dXFLdFZ0TFZnaDRuZjlh\nVVhWY0kybXdKdkNFQXRFSUNzeHNETU0KZ1q7P1j9oySm26r3EK+8BNITNhcgHzXc\nUVlqCTrwdjn2GT2UdUqjYyVPNxj0YC7GwIvu63YlIG5Ed4gI9H0rEg==\n-----END AGE ENCRYPTED FILE-----\n"
+ },
+ {
+ "recipient": "age14shnplzdf2uatzd7wkvnquqw00zjfly3404ak5lqevajanzdw5qqedjw0y",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5UnJpVmVPQlk1SmQxUHRq\nYnJNeXhpZ3RvUzgyTVcrOE9jOFl6Y2l4RkJnCmNFOEFsN3RBVzc1SUVEdzM2cUhS\nZjQ3TXcrdTQ4WW8vQ2duMXVvV0RNM2cKLS0tIHNuVlJ2eDEydlY1MDVMLytaekR4\nUFNVYVNEZzc1YWY2dGVEV0FJeUtmODgKlkqPv4pMzv3sRDEGgdp8MaugoW7x5+qI\nfHu+q5MZtBZx1RUbDCxvl3guPRzz0mEg+3y40Qvf2z2H1E4j8ZR3rA==\n-----END AGE ENCRYPTED FILE-----\n"
+ }
+ ],
+ "lastmodified": "2021-12-28T15:30:46Z",
+ "mac": "ENC[AES256_GCM,data:Z01edEHQYDgomrO3Rdm6yrBX+LCnW49uqKBlB3et3Gl/u3885XGbeFglfJl5f5+IP1iq1iXghnaTl0b7gpHTySzpTH5+Gv8BG3Tlvziczkl8kPjgwj1h7qdMJH3lxj3OQE5e23o7B2JQV9dsjKuM2gce+E3oQvl9cgX4WSZ//NI=,iv:eeG7JUYT3uI8rbbi+MdOYkSwERf6rvWtQI0MjKYgcAo=,tag:WlChOqnfalo9mq1SkcUlGQ==,type:str]",
+ "pgp": null,
+ "unencrypted_suffix": "_unencrypted",
+ "version": "3.7.1"
+ }
+}
\ No newline at end of file
diff --git a/users/default.nix b/users/default.nix
index 8a97653..a506d02 100644
--- a/users/default.nix
+++ b/users/default.nix
@@ -1,20 +1,19 @@
{ config, pkgs, lib, ... }: {
-
users.mutableUsers = false;
users.defaultUserShell = pkgs.fish;
sops.secrets.user-root-password.neededForUsers = true;
programs.fish.enable = true;
-users.users.root = {
- uid = config.ids.uids.root;
- description = "System administrator";
- home = "/root";
- shell = lib.mkForce config.users.defaultUserShell;
- group = "root";
- passwordFile = config.sops.secrets.user-root-password.path;
- };
+ users.users.root = {
+ uid = config.ids.uids.root;
+ description = "System administrator";
+ home = "/root";
+ shell = lib.mkForce config.users.defaultUserShell;
+ group = "root";
+ passwordFile = config.sops.secrets.user-root-password.path;
+ };
}
diff --git a/users/julien.nix b/users/julien.nix
index 3ced7eb..6f3d3ba 100644
--- a/users/julien.nix
+++ b/users/julien.nix
@@ -1,23 +1,21 @@
{ config, pkgs, lib, ... }: {
-
sops.secrets.user-julien-password.neededForUsers = true;
-
users.users.julien = {
isNormalUser = true;
home = "/home/julien";
- extraGroups = [ "wheel" "docker" config.users.groups.keys.name];
+ extraGroups = [ "wheel" config.users.groups.keys.name];
shell = pkgs.fish;
passwordFile = config.sops.secrets.user-julien-password.path;
openssh.authorizedKeys.keyFiles = [
(pkgs.fetchurl {
url = "https://github.com/JulienMalka.keys";
- sha256 = "sha256-jx0/AAAeq5d6h1ytdUUnF/bMcn4h0UIKQCwzi3S5+YQ=";
+ sha256 = "sha256-nBgn7jOqi/nPHhTy3x/oirL+A4X2gbmwy1NXLZhV99M=";
})
];
};
-
nix.allowedUsers = [ "julien" ];
+
}