diff --git a/.sops.yaml b/.sops.yaml index fa85c2f..27cbfb8 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,3 +9,8 @@ creation_rules: - *macintosh - *newton - *lisa + - key_groups: + - age: + - *macintosh + - *newton + - *lisa diff --git a/machines/lisa/default.nix b/machines/lisa/default.nix index 2406acc..c827364 100644 --- a/machines/lisa/default.nix +++ b/machines/lisa/default.nix @@ -11,6 +11,7 @@ ./home-julien.nix ]; + luj = { mediaserver.enable = true; homepage.enable = true; diff --git a/machines/lisa/home-julien.nix b/machines/lisa/home-julien.nix index fe74320..6aba01b 100644 --- a/machines/lisa/home-julien.nix +++ b/machines/lisa/home-julien.nix @@ -1,5 +1,24 @@ { pkgs, lib, config, ... }: { + + sops.secrets.ssh-lisa-pub = { + owner = "julien"; + path = "/home/julien/.ssh/id_ed25519.pub"; + mode = "0644"; + format = "binary"; + sopsFile = ../../secrets/ssh-lisa-pub; + }; + + sops.secrets.ssh-lisa-priv = { + owner = "julien"; + path = "/home/julien/.ssh/id_ed25519"; + mode = "0600"; + format = "binary"; + sopsFile = ../../secrets/ssh-lisa-priv; + }; + + + luj.hmgr.julien = { luj.programs.neovim.enable = true; luj.programs.ssh-client.enable = true; diff --git a/machines/newton/hardware.nix b/machines/newton/hardware.nix index 84d37a1..630d69a 100644 --- a/machines/newton/hardware.nix +++ b/machines/newton/hardware.nix @@ -21,7 +21,7 @@ authorizedKeys = lib.splitString "\n" (builtins.readFile (pkgs.fetchurl { url = "https://github.com/JulienMalka.keys"; - sha256 = "sha256-jx0/AAAeq5d6h1ytdUUnF/bMcn4h0UIKQCwzi3S5+YQ="; + sha256 = "sha256-nBgn7jOqi/nPHhTy3x/oirL+A4X2gbmwy1NXLZhV99M="; })); }; diff --git a/modules/drone/default.nix b/modules/drone/default.nix index 6d6475b..967c1e6 100644 --- a/modules/drone/default.nix +++ b/modules/drone/default.nix @@ -29,6 +29,22 @@ in sops.secrets.drone = { }; + sops.secrets.ssh-drone-pub = { + owner = drone; + path = "/home/drone/.ssh/id_ed25519.pub"; + mode = "0644"; + format = "binary"; + sopsFile = ../../secrets/ssh-drone-pub; + }; + + sops.secrets.ssh-drone-priv = { + owner = drone; + path = "/home/drone/.ssh/id_ed25519"; + mode = "0600"; + format = "binary"; + sopsFile = ../../secrets/ssh-drone-priv; + }; + systemd.services.drone-server = { wantedBy = [ "multi-user.target" ]; diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 27eaf3d..ce5e866 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -20,6 +20,7 @@ with lib; package = pkgs.nixUnstable; extraOptions = '' experimental-features = nix-command flakes + narinfo-cache-negative-ttl = 0 ''; nixPath = [ "nixpkgs=${inputs.nixpkgs}" diff --git a/users/default.nix b/users/default.nix index 8a97653..a506d02 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,20 +1,19 @@ { config, pkgs, lib, ... }: { - users.mutableUsers = false; users.defaultUserShell = pkgs.fish; sops.secrets.user-root-password.neededForUsers = true; programs.fish.enable = true; -users.users.root = { - uid = config.ids.uids.root; - description = "System administrator"; - home = "/root"; - shell = lib.mkForce config.users.defaultUserShell; - group = "root"; - passwordFile = config.sops.secrets.user-root-password.path; - }; + users.users.root = { + uid = config.ids.uids.root; + description = "System administrator"; + home = "/root"; + shell = lib.mkForce config.users.defaultUserShell; + group = "root"; + passwordFile = config.sops.secrets.user-root-password.path; + }; } diff --git a/users/julien.nix b/users/julien.nix index 3ced7eb..6f3d3ba 100644 --- a/users/julien.nix +++ b/users/julien.nix @@ -1,23 +1,21 @@ { config, pkgs, lib, ... }: { - sops.secrets.user-julien-password.neededForUsers = true; - users.users.julien = { isNormalUser = true; home = "/home/julien"; - extraGroups = [ "wheel" "docker" config.users.groups.keys.name]; + extraGroups = [ "wheel" config.users.groups.keys.name]; shell = pkgs.fish; passwordFile = config.sops.secrets.user-julien-password.path; openssh.authorizedKeys.keyFiles = [ (pkgs.fetchurl { url = "https://github.com/JulienMalka.keys"; - sha256 = "sha256-jx0/AAAeq5d6h1ytdUUnF/bMcn4h0UIKQCwzi3S5+YQ="; + sha256 = "sha256-nBgn7jOqi/nPHhTy3x/oirL+A4X2gbmwy1NXLZhV99M="; }) ]; }; - nix.allowedUsers = [ "julien" ]; + }