{ssh,home/ssh}: include secret configuration
This commit is contained in:
parent
067a97bfbc
commit
de6e83649e
|
@ -1,7 +1,15 @@
|
||||||
|
{ config, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./home.nix
|
./home.nix
|
||||||
./other.nix
|
./other.nix
|
||||||
./pvv.nix
|
./pvv.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
sops.secrets."ssh/secret-config/home" = {
|
||||||
|
sopsFile = ../../../secrets/common.yaml;
|
||||||
|
mode = "0444";
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.ssh.includes = [ config.sops.secrets."ssh/secret-config/home".path ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,6 +12,11 @@ in {
|
||||||
# "ssh/nix-builders/isvegg/pub" = { };
|
# "ssh/nix-builders/isvegg/pub" = { };
|
||||||
|
|
||||||
"nix/access-tokens" = { sopsFile = ./../secrets/common.yaml; };
|
"nix/access-tokens" = { sopsFile = ./../secrets/common.yaml; };
|
||||||
|
|
||||||
|
"ssh/secret-config/global" = {
|
||||||
|
sopsFile = ./../secrets/common.yaml;
|
||||||
|
mode = "0444";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
|
@ -102,6 +107,8 @@ in {
|
||||||
|
|
||||||
programs.ssh = {
|
programs.ssh = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
Include ${config.sops.secrets."ssh/secret-config/global".path}
|
||||||
|
|
||||||
Host nix-builder-isvegg
|
Host nix-builder-isvegg
|
||||||
HostName isvegg.pvv.ntnu.no
|
HostName isvegg.pvv.ntnu.no
|
||||||
User oysteikt
|
User oysteikt
|
||||||
|
|
|
@ -1,6 +1,9 @@
|
||||||
nix:
|
nix:
|
||||||
access-tokens: ENC[AES256_GCM,data:K1V98nx+w0uoOY9ONDxbaZT9jbEbMqpzyYWaSrQIYfo2bm1HLeTHPqp2rqRFIPu5gD/5SqY2FW4Pak92it4S7o9liiI=,iv:/c6Mr3WQsbW7nBaa5NIG3pzatSyC9UE5zDpKjuD/FG0=,tag:8V344qvOVrgh5XHlinuFyw==,type:str]
|
access-tokens: ENC[AES256_GCM,data:K1V98nx+w0uoOY9ONDxbaZT9jbEbMqpzyYWaSrQIYfo2bm1HLeTHPqp2rqRFIPu5gD/5SqY2FW4Pak92it4S7o9liiI=,iv:/c6Mr3WQsbW7nBaa5NIG3pzatSyC9UE5zDpKjuD/FG0=,tag:8V344qvOVrgh5XHlinuFyw==,type:str]
|
||||||
ssh:
|
ssh:
|
||||||
|
secret-config:
|
||||||
|
home: ENC[AES256_GCM,data:eUfhQb6yYYV3951sdwZpA1f8k+79mm1bMYY4EP+tn1g7DEHXG9XHYKPL3FLJMkaaXSWv5jbBZ3zrGodJPMH9VbcFOjvSdz9u56DnmyeR3S7Pwgj1YbELDn9akeVRpjcB1w2k8hn2vNIY1MV4vg==,iv:LQpS168sxPVegrlPJNZrVZE+GsZAMxRSl4EaHO6FFxg=,tag:w5SNj7LkYd+22SbLVbtsDQ==,type:str]
|
||||||
|
global: ""
|
||||||
nix-builders:
|
nix-builders:
|
||||||
bob:
|
bob:
|
||||||
key: ENC[AES256_GCM,data:CfzF32ELxePyls+JgxLRN3HeIyRGnH5G5MRuL23YGZ5DqBqjIjgoL64zzHB2tIn9D8RjUzmYxU7y70mwoej0V/Vr3qHtUkv2tC+XXw0uN4Be9n5iMo52Ovi+ZE4BVkKE94Y98YZtr0IbbjmgYAj+FS30lfld1KydKfmQUhzijIX8zUchL3spFwdxZSFQv2skXetEu9eIGMYeSTd7CSNk72zVONaW5s0cdKH0iLcO27CyzB3qArdn27gBbgn0rHvoaEvEMJGz4h4RHjk+JIU9+PKEqU8LMZOSYmD2wumX9W4s2L+YC5b5CDUvHaP0+n2bilpYCRuBlWMIzrNgkKyszVeNL+UnDM2nl1pF+ymapyrfyOGALuBoFd61uqE94/cCX21DAEB6E7SZtkQI/inKk1Wm7rvKEmTCjpHRNLf2J5i1IeePeHp1/ODHTfWZogtxh/SjpsR/ioGbt2X5yUvX+Xb6Ks35YwNyxVyXYV5azD60oQF/FSFwqNqRiNX/UE7a+FDwFgDoPleDOvJcv/35QZM6c9xYfWtUioKc,iv:LPQ+eJNeuL0SQRr1crRR2t4nZSanOihNrUK0mtdI3so=,tag:GjTZ+VbxYAqNDVg9m3IDVw==,type:str]
|
key: ENC[AES256_GCM,data:CfzF32ELxePyls+JgxLRN3HeIyRGnH5G5MRuL23YGZ5DqBqjIjgoL64zzHB2tIn9D8RjUzmYxU7y70mwoej0V/Vr3qHtUkv2tC+XXw0uN4Be9n5iMo52Ovi+ZE4BVkKE94Y98YZtr0IbbjmgYAj+FS30lfld1KydKfmQUhzijIX8zUchL3spFwdxZSFQv2skXetEu9eIGMYeSTd7CSNk72zVONaW5s0cdKH0iLcO27CyzB3qArdn27gBbgn0rHvoaEvEMJGz4h4RHjk+JIU9+PKEqU8LMZOSYmD2wumX9W4s2L+YC5b5CDUvHaP0+n2bilpYCRuBlWMIzrNgkKyszVeNL+UnDM2nl1pF+ymapyrfyOGALuBoFd61uqE94/cCX21DAEB6E7SZtkQI/inKk1Wm7rvKEmTCjpHRNLf2J5i1IeePeHp1/ODHTfWZogtxh/SjpsR/ioGbt2X5yUvX+Xb6Ks35YwNyxVyXYV5azD60oQF/FSFwqNqRiNX/UE7a+FDwFgDoPleDOvJcv/35QZM6c9xYfWtUioKc,iv:LPQ+eJNeuL0SQRr1crRR2t4nZSanOihNrUK0mtdI3so=,tag:GjTZ+VbxYAqNDVg9m3IDVw==,type:str]
|
||||||
|
@ -35,8 +38,8 @@ sops:
|
||||||
cElPYm5qK2lkTWZ1UGd6TU1NV2h4OTgK8Ecv58Ybnc6iYMjtSKTT1fYbNf4yyFgX
|
cElPYm5qK2lkTWZ1UGd6TU1NV2h4OTgK8Ecv58Ybnc6iYMjtSKTT1fYbNf4yyFgX
|
||||||
rjQ2sU8Rqc04MqixnAkF2zSDaaJ0vqwf22MvbO3bYhpqOHwiTMbRLg==
|
rjQ2sU8Rqc04MqixnAkF2zSDaaJ0vqwf22MvbO3bYhpqOHwiTMbRLg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-06-25T18:03:45Z"
|
lastmodified: "2024-06-25T18:25:28Z"
|
||||||
mac: ENC[AES256_GCM,data:HLm8tiOhW4QtBbAVMen1g451S7cTYF+bN1/4eHZDd1U8UjkbU1yim7m5EZGgZnGw9o5+YvMt08BUXjVLfpIaW7oX9DbQrUr9pxiLpuUM+qtStzYfohnae8BzLF9naNg3oOMYAo3nOWWpcAtLVUoNBtBaD/VI5bvj3VnCbMWQ6pE=,iv:p1wgOGwcfdmvNgwmcSjKZ2c4zpL8138tZ0CD7lgwtZ4=,tag:QKMd/iUZcBrcW5iOsZ/Lbw==,type:str]
|
mac: ENC[AES256_GCM,data:GGjXTEHVHAWrr0QHc3O4bMpGi1wFge6AbK7XEwRiOqh4W1Zow2CEcfGZxW5TLLayfB9lXemeKtrZWsqBOCXtHkd670KbxxKInE3FvJbjME8ZODAMpknYX4BXBGt6ksC03Tm4ri1JIy1OxDVXG4qb8skNtna4YkIiUf+ErTihakA=,iv:YGKnVl9QCLLTqdQfpiTbv31vEGEoolzMWtyEFvJekYI=,tag:8j+dnOqHfupKTAl1GQ09Mg==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-05-08T00:49:52Z"
|
- created_at: "2023-05-08T00:49:52Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
|
Loading…
Reference in New Issue