ragenix: add initial user secrets

progresses #11
This commit is contained in:
Fiscal Velvet Poet 2023-04-20 13:45:06 +10:00
parent 4a6e51a9a7
commit 27454a11e4
Signed by: fiscalvelvetpoet
GPG key ID: D8EBFD58B023BD47
3 changed files with 15 additions and 9 deletions

View file

@ -23,12 +23,6 @@ in {
inherit (nix.packages."${pkgs.system}") nix; inherit (nix.packages."${pkgs.system}") nix;
inherit (nixpkgsUnstable.legacyPackages."${pkgs.system}") alejandra; inherit (nixpkgsUnstable.legacyPackages."${pkgs.system}") alejandra;
}; };
nixosConfigurations = nixpkgs.lib.nixosSystem {
system = "${pkgs.system}";
modules = [
ragenix.nixosModules.default
];
};
})) }))
// { // {
colmena = { colmena = {
@ -40,7 +34,12 @@ in {
overlays = []; overlays = [];
}; };
}; };
toscano = import ./nixos/hosts/toscano/configuration.nix; toscano = {
imports = [
./nixos/hosts/toscano/configuration.nix
ragenix.nixosModules.default
];
};
# The below lines are in the wrong place # The below lines are in the wrong place
#nixosConfigurations = import ./nixos/configurations.nix (inputs #nixosConfigurations = import ./nixos/configurations.nix (inputs
# // { # // {

View file

@ -4,6 +4,11 @@
pkgs, pkgs,
... ...
}: { }: {
age.secrets = {
root.file = ../secrets/root.age;
fiscalvelvetpoet.file = ../secrets/fiscalvelvetpoet.age;
};
# JFDIC Ops groups: # JFDIC Ops groups:
users.groups.fiscalvelvetpoet.gid = 1000; users.groups.fiscalvelvetpoet.gid = 1000;
@ -14,7 +19,7 @@
group = "fiscalvelvetpoet"; group = "fiscalvelvetpoet";
extraGroups = ["wheel"]; extraGroups = ["wheel"];
# fix this # fix this
#passwordFile = config.age.secrets.fiscalvelvetpoet.path; passwordFile = config.age.secrets.fiscalvelvetpoet.path;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDMAhG6+40YiYy9wqruHK9M2fLwYAqikJSJ/pRjR/so fiscalvelvetpoet@jfdic.org" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDMAhG6+40YiYy9wqruHK9M2fLwYAqikJSJ/pRjR/so fiscalvelvetpoet@jfdic.org"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7qAXTCAnqq+3ks4L8/2f4J8RxmrFaMOCA7m9ImbW2m fiscalvelvetpoet@sealgair" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7qAXTCAnqq+3ks4L8/2f4J8RxmrFaMOCA7m9ImbW2m fiscalvelvetpoet@sealgair"
@ -23,7 +28,7 @@
users.users.root = { users.users.root = {
# fix this # fix this
#passwordFile = config.age.secrets.root.path; passwordFile = config.age.secrets.root.path;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDMAhG6+40YiYy9wqruHK9M2fLwYAqikJSJ/pRjR/so fiscalvelvetpoet@jfdic.org" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDMAhG6+40YiYy9wqruHK9M2fLwYAqikJSJ/pRjR/so fiscalvelvetpoet@jfdic.org"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7qAXTCAnqq+3ks4L8/2f4J8RxmrFaMOCA7m9ImbW2m fiscalvelvetpoet@sealgair" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7qAXTCAnqq+3ks4L8/2f4J8RxmrFaMOCA7m9ImbW2m fiscalvelvetpoet@sealgair"

View file

@ -1,3 +1,5 @@
# Used by ragenix nix only.
# Ensure that $RULES has been set
let let
fiscalvelvetpoet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDMAhG6+40YiYy9wqruHK9M2fLwYAqikJSJ/pRjR/so"; fiscalvelvetpoet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDMAhG6+40YiYy9wqruHK9M2fLwYAqikJSJ/pRjR/so";
ops = [fiscalvelvetpoet]; ops = [fiscalvelvetpoet];