[SSH] Add H4Git key

This commit is contained in:
Tibo De Peuter 2023-09-21 16:53:34 +02:00 committed by Tibo De Peuter
parent 2bdf81e6be
commit 25f78907ea
3 changed files with 53 additions and 13 deletions

View file

@ -16,21 +16,29 @@
# Generate new keys if the key specified above does not exist # Generate new keys if the key specified above does not exist
# generateKey = true; # generateKey = true;
}; };
secrets = { secrets =
"H4G0/ssh" = { let
format = "yaml"; user = config.users.users.tdpeuter.name;
sopsFile = ../../../secrets/H4G0.yaml; in {
owner = config.users.users.tdpeuter.name;
};
"GitHub/ssh" = { "GitHub/ssh" = {
format = "yaml"; format = "yaml";
sopsFile = ../../../secrets/GitHub.yaml; sopsFile = ../../../secrets/GitHub.yaml;
owner = config.users.users.tdpeuter.name; owner = user;
}; };
"GitHub-UGent/ssh" = { "GitHub-UGent/ssh" = {
format = "yaml"; format = "yaml";
sopsFile = ../../../secrets/GitHub-UGent.yaml; sopsFile = ../../../secrets/GitHub-UGent.yaml;
owner = config.users.users.tdpeuter.name; owner = user;
};
"H4G0/ssh" = {
format = "yaml";
sopsFile = ../../../secrets/H4G0.yaml;
owner = user;
};
"H4Git/ssh" = {
format = "yaml";
sopsFile = ../../../secrets/H4Git.yaml;
owner = user;
}; };
}; };
}; };

View file

@ -1,11 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
home-manager.users.tdpeuter = { home-manager.users.tdpeuter = {
programs.ssh = { programs.ssh = {
enable = true; enable = true;
@ -28,6 +23,12 @@
identityFile = "/run/secrets/GitHub-UGent/ssh"; identityFile = "/run/secrets/GitHub-UGent/ssh";
user = "tdpeuter"; user = "tdpeuter";
}; };
"git.depeuter.dev" = {
hostname = "git.depeuter.dev";
identitiesOnly = true;
identityFile = "/run/secrets/H4Git/ssh";
user = "tdpeuter";
};
}; };
}; };
}; };

31
nixos/secrets/H4Git.yaml Normal file
View file

@ -0,0 +1,31 @@
H4Git:
ssh: ENC[AES256_GCM,data:AXt6YNzRkRpMynMkNvMiYas3LpGm34hQFqlaG32+XzhBdrS1wtLaNQp1iy/+G0yXBkwwmRVPoih8ssz7bEkQd+vORP5jSKnARbr9ZZvWoe7XjMDlyyfqMdWE+nr7hACCVmQmTt5VuX33xTuvgAP0hYAzUXMDt5Jl7ZWjfoYegqWUbQLLy6QpSo8hqxZpy7ec3s6mWQgb+nBwIjyIFq866Or56cyT72+b6iOjaehjPzZez1pMO1yCkt7CA5wt+gP76F6wG34PTMn6FtP0aRzGc2MohKLMssU1biqcADsdJmz1tBQZFh7x2X4toCbX9svt3cbGnVOmKbXluKjlS1+6haZgBzdHnob9ZobU2uV9GVyKo4IX3mhXRSeTCusLh9sE4V59FHFyRnVTWzkEBdQcuQ3EzhLFwK74gxTqtdsUbcFSHPwloPBZCfmmHVzqnBwR9FSURBK/olQl7VKr3PKXemzBAlB0COQh+feuH2hp/liWVkHPP5WAaoKpPnKtRduYYSEH4lp2Mk7X3lM/lUp6oIVYtpQby4p2pSU4,iv:n0M5re8pOQXCBcaxkp3n82vdHBcSFHZ8RymnwXaLvIM=,tag:rooT43fOYVWpcnQ8EDV8Qw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1fva6s64s884z0q2w7de024sp69ucvqu0pg9shrhhqsn3ewlpjfpsh6md7y
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZWnBUQXJKb2JWeGhjQURI
QUZLb1RncWRBMkJsVzFmUGFKL2Y4S0pQaVdFCldDSEZIVUJ3N01abmZUeGxPVHZT
ZWtKNTdycDlUTmx2UnpzajQvZG9INUEKLS0tIFBYOW8zZjZ4bThBMTBlb3NYOXlw
RnR4NEJ6M044dVhLelkyc2ViRU96bTgKfspxNwByG+nLPdfLEvn21BSjjbW5fGuZ
77X/olzob2sR8UjYYYfTYUvw+kHfuiC8Mkg2b+Jy7Q6nSQ+4zuq4/A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1d4gvqz3anf082ja6xt03hnkzazfum80um9t45m4rerl4n3va2yuqgnsg03
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cUxVekFVdWtsQTNTcm9x
YUFOTzdDSU1JeTdDbU0vcUZ4bEp5VGtkcjJRCmVuRUJYR0NnQXVGbnYyZ3FWZXNx
TUY3TlVMSTZPSUtUUnJhU2QvSWgyUUEKLS0tIGZaUUNSSkdxQW1zakZDbi9iZThS
Z2hKRHVDYUlsa1psaFU3ZUxnZitPbEkKm1sBknoqVcArgLGDD6Twi1/E3TDlAw4d
xhzeYNrS9LVCDKco8TGIv9OQV0u0MkGR4/fvuLopn2eyiDlJOqqVNg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-21T13:16:04Z"
mac: ENC[AES256_GCM,data:69g9CpSo6Cg19CG4/vWeh9xT3EATwyxtMQ6xOmqF9kjCu8l9b5ZfFCfgX6RFDwSxFY0u2oFgxbNfbiudcKLwxCoXDSm+xhjpk9SSBSzwAJ+UWWQE/pKJVFbk1QG3iw/VGQJYVUK9SKk6TsTEphHYPS00Go/k38cPxVuyEKcpWkQ=,iv:YVqQmwHgw2Z/AqIJZaxrfotXuuHGx/Vw8p6y3FXbCqg=,tag:0l3f5BX0uzTGB6IBnpqpdg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3