tdpeuter/bos55-nix-config-cicd
1
Fork 0
forked from Bos55/nix-config
Code Pull requests 1 Releases Packages Activity Actions

feat(security): implement metadata redaction and sops-nix migration
Some checks failed
Build / Determining hosts to build (push) Failing after 12m41s
Details
Build / build (Development) (push) Has been cancelled
Details
Build / build (Testing) (push) Has been cancelled
Details

Browse source 
Migrated authorized SSH keys and personal metadata (emails, tokens) to sops-nix to prevent infrastructure fingerprinting. Introduced centralized secrets module with placeholder fallbacks.
This commit is contained in:
Tibo De Peuter 2026-03-17 19:41:31 +01:00
parent 731abd1d6f
commit 1c437333f3
Signed by: tdpeuter
GPG key ID: 38297DE43F75FFE2
11 changed files with 67 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

5
users/backup/default.nix
View file

@ -12,9 +12,8 @@ in {
extraGroups = [
"docker" # Allow access to the docker socket.
];
openssh.authorizedKeys.keys = [
# Hugo
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICms6vjhE9kOlqV5GBPGInwUHAfCSVHLI2Gtzee0VXPh"
openssh.authorizedKeys.keyFiles = [
config.sops.secrets.user_keys_backup.path
];
};
};