Lot of changes, playing with ssh keys

.sops.yaml

@@ -9,3 +9,8 @@ creation_rules:
       - *macintosh
       - *newton
       - *lisa
+  - key_groups: 
+    - age:
+      - *macintosh
+      - *newton
+      - *lisa

machines/lisa/default.nix

@@ -11,6 +11,7 @@
       ./home-julien.nix
     ];
 
+
   luj = {
     mediaserver.enable = true;
     homepage.enable = true;

machines/lisa/home-julien.nix

@@ -1,5 +1,24 @@
 { pkgs, lib, config, ... }:
 {
+
+  sops.secrets.ssh-lisa-pub = {
+    owner = "julien";
+    path = "/home/julien/.ssh/id_ed25519.pub";
+    mode = "0644";
+    format = "binary";
+    sopsFile = ../../secrets/ssh-lisa-pub;
+  };
+
+  sops.secrets.ssh-lisa-priv = {
+    owner = "julien";
+    path = "/home/julien/.ssh/id_ed25519";
+    mode = "0600";
+    format = "binary";
+    sopsFile = ../../secrets/ssh-lisa-priv;
+  };
+
+
+
  luj.hmgr.julien = {
     luj.programs.neovim.enable = true;
     luj.programs.ssh-client.enable = true;

machines/newton/hardware.nix

@@ -21,7 +21,7 @@
       authorizedKeys = lib.splitString "\n" 
     (builtins.readFile (pkgs.fetchurl {
       url = "https://github.com/JulienMalka.keys";
-      sha256 = "sha256-jx0/AAAeq5d6h1ytdUUnF/bMcn4h0UIKQCwzi3S5+YQ=";
+      sha256 = "sha256-nBgn7jOqi/nPHhTy3x/oirL+A4X2gbmwy1NXLZhV99M=";
     }));
 
     };

modules/drone/default.nix

@@ -29,6 +29,22 @@ in
 
     sops.secrets.drone = { };
 
+    sops.secrets.ssh-drone-pub = {
+      owner = drone;
+      path = "/home/drone/.ssh/id_ed25519.pub";
+      mode = "0644";
+      format = "binary";
+      sopsFile = ../../secrets/ssh-drone-pub;
+    };
+
+    sops.secrets.ssh-drone-priv = {
+      owner = drone;
+      path = "/home/drone/.ssh/id_ed25519";
+      mode = "0600";
+      format = "binary";
+      sopsFile = ../../secrets/ssh-drone-priv;
+    };
+
 
     systemd.services.drone-server = {
       wantedBy = [ "multi-user.target" ];

modules/nix/default.nix

@@ -20,6 +20,7 @@ with lib;
         package = pkgs.nixUnstable;
         extraOptions = ''
           experimental-features = nix-command flakes
+          narinfo-cache-negative-ttl = 0
         '';
         nixPath = [
           "nixpkgs=${inputs.nixpkgs}"

users/default.nix

@@ -1,20 +1,19 @@
 { config, pkgs, lib, ... }: {
 
-
   users.mutableUsers = false;
   users.defaultUserShell = pkgs.fish;
   sops.secrets.user-root-password.neededForUsers = true;
 
   programs.fish.enable = true;
 
-users.users.root = {
+  users.users.root = {
-        uid = config.ids.uids.root;
+    uid = config.ids.uids.root;
-        description = "System administrator";
+    description = "System administrator";
-        home = "/root";
+    home = "/root";
-        shell = lib.mkForce config.users.defaultUserShell;
+    shell = lib.mkForce config.users.defaultUserShell;
-        group = "root";
+    group = "root";
-        passwordFile = config.sops.secrets.user-root-password.path;
+    passwordFile = config.sops.secrets.user-root-password.path;
-      };
+  };
 
 
 }

users/julien.nix

@@ -1,23 +1,21 @@
 { config, pkgs, lib, ... }: {
 
-
   sops.secrets.user-julien-password.neededForUsers = true;
 
-
   users.users.julien = {
     isNormalUser = true;
     home = "/home/julien";
-    extraGroups = [ "wheel" "docker" config.users.groups.keys.name]; 
+    extraGroups = [ "wheel" config.users.groups.keys.name]; 
     shell = pkgs.fish;
     passwordFile = config.sops.secrets.user-julien-password.path;
     openssh.authorizedKeys.keyFiles = [
       (pkgs.fetchurl {
         url = "https://github.com/JulienMalka.keys";
-        sha256 = "sha256-jx0/AAAeq5d6h1ytdUUnF/bMcn4h0UIKQCwzi3S5+YQ=";
+        sha256 = "sha256-nBgn7jOqi/nPHhTy3x/oirL+A4X2gbmwy1NXLZhV99M=";
       })
     ];
   };
 
-
   nix.allowedUsers = [ "julien" ];
+
 }