diff --git a/hosts/tadpole/modules/ssh/default.nix b/hosts/tadpole/modules/ssh/default.nix index 37b4a51..685d238 100644 --- a/hosts/tadpole/modules/ssh/default.nix +++ b/hosts/tadpole/modules/ssh/default.nix @@ -3,6 +3,7 @@ let enabled = config.mod.ssh.enable; authorizedKeysPath = "/home/alex/.ssh/authorized-keys"; + rootSSHKeyPath = "/etc/ssh"; in { options = { @@ -41,7 +42,7 @@ in ports = [ 1122 ]; hostKeys = [{ - path = "/etc/ssh/tadpole"; + path = "${rootSSHKeyPath}/root.tadpole"; type = "ed25519"; }]; @@ -62,6 +63,15 @@ in }; age.secrets = { + "root.tadpole" = { + file = ../../../../secrets/tadpole/root.tadpole.age; + path = "${rootSSHKeyPath}/root.tadpole"; + }; + "root.tadpole.pub" = { + file = ../../../../secrets/tadpole/root.tadpole.pub.age; + path = "${rootSSHKeyPath}/root.tadpole.pub"; + }; + "alex.pinwheel-tadpole.pub" = { file = ../../../../secrets/pinwheel/alex.pinwheel-tadpole.pub.age; path = "${authorizedKeysPath}/alex.pinwheel-tadpole.pub"; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index aa9f70e..55a66d9 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -33,6 +33,8 @@ in { "sombrero/alex.sombrero-codeberg.org.age".publicKeys = [ sombrero alex ]; "sombrero/alex.sombrero-codeberg.org.pub.age".publicKeys = [ sombrero alex ]; + "tadpole/root.tadpole.age".publicKeys = [ tadpole alex ]; + "tadpole/root.tadpole.pub.age".publicKeys = [ tadpole alex ]; "tadpole/alex.tadpole-codeberg.org.age".publicKeys = [ tadpole alex ]; "tadpole/alex.tadpole-codeberg.org.pub.age".publicKeys = [ tadpole alex ]; } diff --git a/secrets/tadpole/root.tadpole.age b/secrets/tadpole/root.tadpole.age new file mode 100644 index 0000000..d43b925 Binary files /dev/null and b/secrets/tadpole/root.tadpole.age differ diff --git a/secrets/tadpole/root.tadpole.pub.age b/secrets/tadpole/root.tadpole.pub.age new file mode 100644 index 0000000..949ac7e Binary files /dev/null and b/secrets/tadpole/root.tadpole.pub.age differ