From 1b33524ccb066ce4201fdc3bb3e6280aa2add384 Mon Sep 17 00:00:00 2001 From: tdpeuter Date: Tue, 11 Apr 2023 18:00:21 +0200 Subject: [PATCH] Add SSH --- nixos/.sops.yaml | 9 +++++++++ nixos/flake.nix | 7 ++++++- nixos/modules/utils/ssh/default.nix | 8 ++++++++ nixos/secrets/sops/age/keys.txt | 3 +++ 4 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 nixos/.sops.yaml create mode 100644 nixos/modules/utils/ssh/default.nix create mode 100644 nixos/secrets/sops/age/keys.txt diff --git a/nixos/.sops.yaml b/nixos/.sops.yaml new file mode 100644 index 0000000..e5fd393 --- /dev/null +++ b/nixos/.sops.yaml @@ -0,0 +1,9 @@ +keys: + - &tdpeuter@Tibo-NixFat age1q2gqur3t4fu8flsuu2zdnule37vdkh6egpt6a2e3ytx433x8gpvsr4hw6l + +creation_rules: + - path_regex: secrets/[^/]+\.yaml$ + key_groups: + - age: + - *tdpeuter@Tibo-NixFat + diff --git a/nixos/flake.nix b/nixos/flake.nix index a37f49b..19a77d5 100644 --- a/nixos/flake.nix +++ b/nixos/flake.nix @@ -19,6 +19,10 @@ utils.follows = "flake-utils"; }; }; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; utils = { url = "github:gytis-ivaskevicius/flake-utils-plus"; inputs.flake-utils.follows = "flake-utils"; @@ -27,7 +31,7 @@ outputs = inputs@{ self, nixpkgs, - devshell, flake-utils, home-manager, utils, + devshell, flake-utils, home-manager, sops-nix, utils, ... }: let system = "x86_64-linux"; @@ -43,6 +47,7 @@ inherit system; modules = [ home-manager.nixosModule + sops-nix.nixosModules.sops ./modules ]; }; diff --git a/nixos/modules/utils/ssh/default.nix b/nixos/modules/utils/ssh/default.nix new file mode 100644 index 0000000..07b2810 --- /dev/null +++ b/nixos/modules/utils/ssh/default.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +{ + services.openssh = { + enable = true; + passwordAuthentication = false; + }; +} diff --git a/nixos/secrets/sops/age/keys.txt b/nixos/secrets/sops/age/keys.txt new file mode 100644 index 0000000..b21c58f --- /dev/null +++ b/nixos/secrets/sops/age/keys.txt @@ -0,0 +1,3 @@ +# created: 2023-04-11T14:44:53+02:00 +# public key: age1q2gqur3t4fu8flsuu2zdnule37vdkh6egpt6a2e3ytx433x8gpvsr4hw6l +AGE-SECRET-KEY-10J7MWCWQQY33TVNMQ9AMH4TH5LULSVAZ539P9QG3NA2Z3LTMXAFS2QQ4NG