alex/nixos-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tadpole: Add secrets for ssh machine (root) key

Browse Source
This commit is contained in:
Alexander Heldt
2024-07-29 10:31:48 +02:00
parent 020eb70f1f
commit 7c6f961b1f
4 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
hosts/tadpole/modules/ssh/default.nix
View File

@@ -3,6 +3,7 @@ let
enabled = config.mod.ssh.enable; enabled = config.mod.ssh.enable;
authorizedKeysPath = "/home/alex/.ssh/authorized-keys"; authorizedKeysPath = "/home/alex/.ssh/authorized-keys";
rootSSHKeyPath = "/etc/ssh";
in in
{ {
options = { options = {
@@ -41,7 +42,7 @@ in
ports = [ 1122 ]; ports = [ 1122 ];
hostKeys = [{ hostKeys = [{
path = "/etc/ssh/tadpole"; path = "${rootSSHKeyPath}/root.tadpole";
type = "ed25519"; type = "ed25519";
}]; }];
@@ -62,6 +63,15 @@ in
}; };
age.secrets = { age.secrets = {
"root.tadpole" = {
file = ../../../../secrets/tadpole/root.tadpole.age;
path = "${rootSSHKeyPath}/root.tadpole";
};
"root.tadpole.pub" = {
file = ../../../../secrets/tadpole/root.tadpole.pub.age;
path = "${rootSSHKeyPath}/root.tadpole.pub";
};
"alex.pinwheel-tadpole.pub" = { "alex.pinwheel-tadpole.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-tadpole.pub.age; file = ../../../../secrets/pinwheel/alex.pinwheel-tadpole.pub.age;
path = "${authorizedKeysPath}/alex.pinwheel-tadpole.pub"; path = "${authorizedKeysPath}/alex.pinwheel-tadpole.pub";

2
secrets/secrets.nix
View File

@@ -33,6 +33,8 @@ in {
"sombrero/alex.sombrero-codeberg.org.age".publicKeys = [ sombrero alex ]; "sombrero/alex.sombrero-codeberg.org.age".publicKeys = [ sombrero alex ];
"sombrero/alex.sombrero-codeberg.org.pub.age".publicKeys = [ sombrero alex ]; "sombrero/alex.sombrero-codeberg.org.pub.age".publicKeys = [ sombrero alex ];
"tadpole/root.tadpole.age".publicKeys = [ tadpole alex ];
"tadpole/root.tadpole.pub.age".publicKeys = [ tadpole alex ];
"tadpole/alex.tadpole-codeberg.org.age".publicKeys = [ tadpole alex ]; "tadpole/alex.tadpole-codeberg.org.age".publicKeys = [ tadpole alex ];
"tadpole/alex.tadpole-codeberg.org.pub.age".publicKeys = [ tadpole alex ]; "tadpole/alex.tadpole-codeberg.org.pub.age".publicKeys = [ tadpole alex ];
} }

BIN
secrets/tadpole/root.tadpole.age Normal file
View File

Binary file not shown.

BIN
secrets/tadpole/root.tadpole.pub.age Normal file
View File

Binary file not shown.