luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-07-01 23:27:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Lot of changes, playing with ssh keys

Browse source
This commit is contained in:
Julien Malka 2021-12-28 16:42:30 +01:00
parent 3aab217530
commit 49299dc3b2
8 changed files with 54 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

5
.sops.yaml
View file

@ -9,3 +9,8 @@ creation_rules:
- *macintosh
- *newton
- *lisa
- key_groups:
- age:
- *macintosh
- *newton
- *lisa

1
machines/lisa/default.nix
View file

@ -11,6 +11,7 @@
./home-julien.nix
];
luj = {
mediaserver.enable = true;
homepage.enable = true;

19
machines/lisa/home-julien.nix
View file

@ -1,5 +1,24 @@
{ pkgs, lib, config, ... }:
{
sops.secrets.ssh-lisa-pub = {
owner = "julien";
path = "/home/julien/.ssh/id_ed25519.pub";
mode = "0644";
format = "binary";
sopsFile = ../../secrets/ssh-lisa-pub;
};
sops.secrets.ssh-lisa-priv = {
owner = "julien";
path = "/home/julien/.ssh/id_ed25519";
mode = "0600";
format = "binary";
sopsFile = ../../secrets/ssh-lisa-priv;
};
luj.hmgr.julien = {
luj.programs.neovim.enable = true;
luj.programs.ssh-client.enable = true;

2
machines/newton/hardware.nix
View file

@ -21,7 +21,7 @@
authorizedKeys = lib.splitString "\n"
(builtins.readFile (pkgs.fetchurl {
url = "https://github.com/JulienMalka.keys";
sha256 = "sha256-jx0/AAAeq5d6h1ytdUUnF/bMcn4h0UIKQCwzi3S5+YQ=";
sha256 = "sha256-nBgn7jOqi/nPHhTy3x/oirL+A4X2gbmwy1NXLZhV99M=";
}));
};

16
modules/drone/default.nix
View file

@ -29,6 +29,22 @@ in
sops.secrets.drone = { };
sops.secrets.ssh-drone-pub = {
owner = drone;
path = "/home/drone/.ssh/id_ed25519.pub";
mode = "0644";
format = "binary";
sopsFile = ../../secrets/ssh-drone-pub;
};
sops.secrets.ssh-drone-priv = {
owner = drone;
path = "/home/drone/.ssh/id_ed25519";
mode = "0600";
format = "binary";
sopsFile = ../../secrets/ssh-drone-priv;
};
systemd.services.drone-server = {
wantedBy = [ "multi-user.target" ];

1
modules/nix/default.nix
View file

@ -20,6 +20,7 @@ with lib;
package = pkgs.nixUnstable;
extraOptions = ''
experimental-features = nix-command flakes
narinfo-cache-negative-ttl = 0
'';
nixPath = [
"nixpkgs=${inputs.nixpkgs}"

17
users/default.nix
View file

@ -1,20 +1,19 @@
{ config, pkgs, lib, ... }: {
users.mutableUsers = false;
users.defaultUserShell = pkgs.fish;
sops.secrets.user-root-password.neededForUsers = true;
programs.fish.enable = true;
users.users.root = {
uid = config.ids.uids.root;
description = "System administrator";
home = "/root";
shell = lib.mkForce config.users.defaultUserShell;
group = "root";
passwordFile = config.sops.secrets.user-root-password.path;
};
users.users.root = {
uid = config.ids.uids.root;
description = "System administrator";
home = "/root";
shell = lib.mkForce config.users.defaultUserShell;
group = "root";
passwordFile = config.sops.secrets.user-root-password.path;
};
}

8
users/julien.nix
View file

@ -1,23 +1,21 @@
{ config, pkgs, lib, ... }: {
sops.secrets.user-julien-password.neededForUsers = true;
users.users.julien = {
isNormalUser = true;
home = "/home/julien";
extraGroups = [ "wheel" "docker" config.users.groups.keys.name];
extraGroups = [ "wheel" config.users.groups.keys.name];
shell = pkgs.fish;
passwordFile = config.sops.secrets.user-julien-password.path;
openssh.authorizedKeys.keyFiles = [
(pkgs.fetchurl {
url = "https://github.com/JulienMalka.keys";
sha256 = "sha256-jx0/AAAeq5d6h1ytdUUnF/bMcn4h0UIKQCwzi3S5+YQ=";
sha256 = "sha256-nBgn7jOqi/nPHhTy3x/oirL+A4X2gbmwy1NXLZhV99M=";
})
];
};
nix.allowedUsers = [ "julien" ];
}