Alexander Heldt
2606f1a1c6
The command was hijacking auth for all users, including `gitea`, which broke `git push` over SSH — `gitea`'s `authorized_keys` (with the `gitea serv` command restriction) was being bypassed, and sshd would try to exec the raw `git-receive-pack` instead. Pass `%u` to the command and short-circuit unless the requested user is `alex`, so other users fall back to their own `~/.ssh/authorized_keys`.
config-manager
./config-manager is a module that contains a script to make usage of this flake easier.
To install it
- first add the module to the nixOS system connfiguration
- set
config-manager.flakePath = <path to this flake> - run
nixos-rebuild switch --flake .#<configuration>after thatcmwill be available on$PATH.
Secrets
Secrets are managed by agenix (https://github.com/ryantm/agenix).
Creating new secrets
-
Update
secrets/secrets.nixwith the new secret. -
When inside
./secrets:
EDITOR=vim agenix -e "some-secret.age"
This will create a new secret. To view its content one can do:
EDITOR=vim agenix -d "some-secret.age" -i ~/.ssh/alex.pinwheel
Or use some other SSH key that is has been used to key the secret.
Test VM
Build the test VM with the command:
cm --build-test-vm
and test it with:
cm --run-test-vm