[SSH] Add GitHub key

2023-09-11 12:49:47 +02:00 · 2023-09-11 12:49:47 +02:00 · c376b8630e
commit c376b8630e
parent a9e731113a
3 changed files with 43 additions and 1 deletions
--- a/nixos/modules/utils/sops/default.nix
+++ b/nixos/modules/utils/sops/default.nix
@ -14,7 +14,7 @@
      # Use an age key that is expected to already be in the filesystem
      keyFile = "/var/lib/sops-nix/key.txt";
      # Generate new keys if the key specified above does not exist
-      generateKey = true;
+      # generateKey = true;
    };
    secrets = {
      "H4G0/ssh" = {
@ -22,6 +22,11 @@
        sopsFile = ../../../secrets/H4G0.yaml;
        owner = config.users.users.tdpeuter.name;
      };
+      "GitHub/ssh" = {
+        format = "yaml";
+        sopsFile = ../../../secrets/GitHub.yaml;
+        owner = config.users.users.tdpeuter.name;
+      };
    };
  };
 }
--- a/nixos/modules/utils/ssh/default.nix
+++ b/nixos/modules/utils/ssh/default.nix
@ -16,6 +16,12 @@
          identityFile = "/run/secrets/H4G0/ssh";
          user = "admin";
        };
+        "github.com" = {
+          hostname = "github.com";
+          identitiesOnly = true;
+          identityFile = "/run/secrets/GitHub/ssh";
+          user = "tdpeuter";
+        };
      };
    };
  };
--- a/nixos/secrets/GitHub.yaml
+++ b/nixos/secrets/GitHub.yaml
@ -0,0 +1,31 @@
+GitHub:
+    ssh: ENC[AES256_GCM,data:jzRpTgefhZg7Vhm8QvWNsPBko1yw56sM/XehY72lAc7aRz+dx6BGgyYbZiifd7GrGJGUbH6gWfUg8YjgVla6VRsiHCEvSK3bY0ADDwTeSUs+wuybYXQZqhivSCInVtVSNAcp99uI1QwKor289zmxcFtSZEXgU1OCSel/8br+qipAbOkzAKX1v15eigjY4OSQxXL59EuuuHEQ+vjVVv95tDv03jaNAoU9UKr0Atrny/Fn2sQn4Tmec5Q1XdvDErKhSxrAFiACkxXUwPZMHez+BUZrmkksqpzNJjYNIlmsITuOVr7Fyen9wotAwsDf96Fmz5JYLtRX9CAboUgQLdUOKprwX/xgBnFtDTSH1Qr785T1QSAZL6xdE6hNibxZO3vGeeaPC3oGB5g9x5CwTQelMdOUPKdKorCDj226o56cTc/IQxUpsULbeOyi2pMGHiTHbiQBzHpxWyQ/gBktPkF25GOFeaCu3gW+xsspX91jSKudcYdBqWUNmJcdsfHfPxPM4cZtA/sVMyoA+YcehgU7GTu9DAlxDTug/JWo,iv:5shfzmrFFVEuaYmyTkBMAw9BIFFkKz0yl1dyJWxq6Y4=,tag:CX7TBJJXCKuIPSmg9/RpGg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1fva6s64s884z0q2w7de024sp69ucvqu0pg9shrhhqsn3ewlpjfpsh6md7y
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWWFUdnpERVlkK29TQ09k
+            SnJMVm5rUEV6S0huSzJ2YjFFQ3pNR0pmZWprClZEVDloeDE2ODNkMVVJTUtqaENz
+            ZzhwTTA4V2xOeW55WGtPZU5FWElQNDAKLS0tIFh5ZWtmZHRBWTAvM3ZwY3pKQ0R6
+            aDNUbFlhWWVoOWpjVlV1VTVJejlSMjQK6wCeCRdHY5oyTX6/R1U5AOGJyp0exi1A
+            dWPUMfkKBBBkrR+G6ougd8o3FwFf+yfb5RhaTxxqjit6p2RyMjR64w==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1d4gvqz3anf082ja6xt03hnkzazfum80um9t45m4rerl4n3va2yuqgnsg03
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6WVcwYVFWbG1ucEtTSTI5
+            Y0pxZ1FidjVURlVxZTdTSHdzME05Z0hyblJBCkQ5R2F1a2IyRVIvYjlmY1p3S3VR
+            OW1zcnp2Z1Zydlpjd2tBU2RHajhoamMKLS0tIG9oMWtHVU1nTHBtcGM3OWxVNFZL
+            K3NaMitlT2orSVhHVmFRVmhPUXhBSGMKAqVqH9hT9NL5D6Fsovn67GY056B6Ttwg
+            fr9y+8rkG43LbuehpKktv2I/UP64QKcYgqWDOWOmicHYx8pOXKLHkA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-09-11T10:23:48Z"
+    mac: ENC[AES256_GCM,data:3XEbhFY1TlXo6bTctV2u4i6QPzXnJC6iU3F/MUARSQl1z4peOB5x8hZfdiV/hVMR8I+83TxDcEAmKDrcaMf89Tqa+OiD//wBekMUfS7AmBRhpv7X5qfarflfnygacFsAMhf/bdiqowYbGSNvlPjueqHJaFZ+3x/wPrt/jAYNlr8=,iv:ciQmY7bE+Je6kMlmxxtQvp+r3e/ZK942tT4TtXhDX2M=,tag:4+7uZlEm5bcRfZC7pp5Y7Q==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3