From a9305590495b5dbcd21fdada07f3a6e5921321cf Mon Sep 17 00:00:00 2001 From: tdpeuter Date: Mon, 11 Sep 2023 13:28:41 +0200 Subject: [PATCH] [Git] Add GitHub-UGent key --- nixos/modules/utils/sops/default.nix | 5 +++++ nixos/modules/utils/ssh/default.nix | 6 ++++++ nixos/secrets/GitHub-UGent.yaml | 31 ++++++++++++++++++++++++++++ 3 files changed, 42 insertions(+) create mode 100644 nixos/secrets/GitHub-UGent.yaml diff --git a/nixos/modules/utils/sops/default.nix b/nixos/modules/utils/sops/default.nix index db4aa6e..0d97a61 100644 --- a/nixos/modules/utils/sops/default.nix +++ b/nixos/modules/utils/sops/default.nix @@ -27,6 +27,11 @@ sopsFile = ../../../secrets/GitHub.yaml; owner = config.users.users.tdpeuter.name; }; + "GitHub-UGent/ssh" = { + format = "yaml"; + sopsFile = ../../../secrets/GitHub-UGent.yaml; + owner = config.users.users.tdpeuter.name; + }; }; }; } diff --git a/nixos/modules/utils/ssh/default.nix b/nixos/modules/utils/ssh/default.nix index f42b8ee..b6505cf 100644 --- a/nixos/modules/utils/ssh/default.nix +++ b/nixos/modules/utils/ssh/default.nix @@ -22,6 +22,12 @@ identityFile = "/run/secrets/GitHub/ssh"; user = "tdpeuter"; }; + "github.ugent.be" = { + hostname = "github.ugent.be"; + identitiesOnly = true; + identityFile = "/run/secrets/GitHub-UGent/ssh"; + user = "tdpeuter"; + }; }; }; }; diff --git a/nixos/secrets/GitHub-UGent.yaml b/nixos/secrets/GitHub-UGent.yaml new file mode 100644 index 0000000..d095f45 --- /dev/null +++ b/nixos/secrets/GitHub-UGent.yaml @@ -0,0 +1,31 @@ +GitHub-UGent: + ssh: ENC[AES256_GCM,data:FPnAyjJpyTJHzRMdN4qcIj/X60VBgejJSRWUQfvuMA/WrRHx7eWto7A0X94lOMwnayLx4DRL+LUOIqsuO9SM/T2aNt798y0Kiz/WbjyrrXTCK8TufcYBGOU6mMfXeeQG1J27Z2qALQQHVzenH5ot8Jet0vnqWGCDVacq/3T2S7hT8Oeyw+qew5NliBW6G980XTECwiWEWYwZbJ9iqZ2aFGgvgTu1qjalP7qWJcZ2tiEYIgW7KSIdru8hJM2xZgUOYoXWurEbWjyOWiTcPjpVEbjmOqgm5C9kwAq+wzRRl/pVCV0e505J7sDo94jsbby4Zub/bhKXHDFHBavnZcPACAjT4ixjTyFlzxeH79iVA9GP4Dp7tTs/FNkYSeYuAWRyul/VFiLc3762VoxvoQuiob9RISXdWPNhZd2rJYpHibGYXlF692gqI+IiJIaK3XXPh3FIMtaZjuhWhgECqBumcwVawO33c817GzP055y4yTk/KGjxkTy0IRz3zp3fBJvU/Y2plNjJNuWPnjlvkkQNHhCGJB5dvFMB8YYJ,iv:3kuM9apx5Ir/WN8loNFcOGXjPdBjpnttNg5LFzQPfqk=,tag:7rFCmJpMnNmSmqYopKLgaA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1fva6s64s884z0q2w7de024sp69ucvqu0pg9shrhhqsn3ewlpjfpsh6md7y + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWWFUdnpERVlkK29TQ09k + SnJMVm5rUEV6S0huSzJ2YjFFQ3pNR0pmZWprClZEVDloeDE2ODNkMVVJTUtqaENz + ZzhwTTA4V2xOeW55WGtPZU5FWElQNDAKLS0tIFh5ZWtmZHRBWTAvM3ZwY3pKQ0R6 + aDNUbFlhWWVoOWpjVlV1VTVJejlSMjQK6wCeCRdHY5oyTX6/R1U5AOGJyp0exi1A + dWPUMfkKBBBkrR+G6ougd8o3FwFf+yfb5RhaTxxqjit6p2RyMjR64w== + -----END AGE ENCRYPTED FILE----- + - recipient: age1d4gvqz3anf082ja6xt03hnkzazfum80um9t45m4rerl4n3va2yuqgnsg03 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6WVcwYVFWbG1ucEtTSTI5 + Y0pxZ1FidjVURlVxZTdTSHdzME05Z0hyblJBCkQ5R2F1a2IyRVIvYjlmY1p3S3VR + OW1zcnp2Z1Zydlpjd2tBU2RHajhoamMKLS0tIG9oMWtHVU1nTHBtcGM3OWxVNFZL + K3NaMitlT2orSVhHVmFRVmhPUXhBSGMKAqVqH9hT9NL5D6Fsovn67GY056B6Ttwg + fr9y+8rkG43LbuehpKktv2I/UP64QKcYgqWDOWOmicHYx8pOXKLHkA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-09-11T11:22:49Z" + mac: ENC[AES256_GCM,data:IYTE5yunfyiGZg2yUaZzas7ebxgqGCamn44BgcHTqF4TKufzsqLyFSSuKtOag0Ll0MTL4YuJKP6RknpxY064EEjf/W2o1AEZ5/NsxThOCHJKq+6Cm9hkzeYF6IW20cBcO5l+NdOAQl6hDln5zBA770SYHy3FArm1YOnTdNi+B1I=,iv:BtRl0YrG+INNjOhSGR3RadDa1IfiXMosfVC8O8Q0i54=,tag:3E6yLsgx+9TbfTMj0jEDnw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3