From d1379cdf990a106c4941f389210d530b0fd9bffd Mon Sep 17 00:00:00 2001 From: Tibo De Peuter Date: Sat, 19 Oct 2024 14:46:21 +0200 Subject: [PATCH] feat(ssh): Add Nextcloud secrets --- nixos/secrets/HomeLab.yaml | 25 ++++++++++++++++++++ nixos/secrets/Hugo.yaml | 24 ------------------- nixos/secrets/{GitHub.yaml => personal.yaml} | 8 ++++--- nixos/users/tdpeuter/secrets.nix | 23 +++++++++++------- stow/ssh/.ssh/config | 20 ++++++++++------ 5 files changed, 57 insertions(+), 43 deletions(-) create mode 100644 nixos/secrets/HomeLab.yaml delete mode 100644 nixos/secrets/Hugo.yaml rename nixos/secrets/{GitHub.yaml => personal.yaml} (57%) diff --git a/nixos/secrets/HomeLab.yaml b/nixos/secrets/HomeLab.yaml new file mode 100644 index 0000000..9678afb --- /dev/null +++ b/nixos/secrets/HomeLab.yaml @@ -0,0 +1,25 @@ +HomeLab: + Hugo: + ssh: ENC[AES256_GCM,data:Tfuba25e4hJ8Ovl1IdVtDvg0L0sCc9sYTXstRg89IAUzwv/1u8mxdj9ka6ZKaSQr2QUaNWs0BoPV36O4bI2hTwoqhUarhXXZNnJKHtd8xBu/+kfMSOMGa5qD9V9m3L5OFdt+gdwhJxemeQNkvN0Vhsu4DJFPZRPmGflJ2HVRYaRW4AsI+JPqiWSEeKz40f3PQPJ2h26gF+pADmPwtEfcUGZdGnJXUsiYMC0aBEWWxyAgBgj5W+Nbe+OCopEX1qyRcR8qO+LONjuC0b5hcGeOXjWj/d1FnBfxDHeoxRGhNCo8TUk0ap1mpSAttdr55/C51duQfeV09Iow4nzUR2H0jmzojUAjKXXCkBsK6yjIKxW+4+4OKCC9ERz5mDmu5Z+4aFM7CpSquCAnDVFw1Uq9MJqAnSz6AGh29J4LUwMnVNtf+gQwzGyl/C9wE/Svm0UAwP19h6hLcM1rp6bV4xjfSXNDspUkz4Xr3RdPpTI1PemtMZIq8fP64q0FlFZeV62ctl9hCtDVRDo3fG3FUM08fa0OfJpVYjSEAOfC,iv:T8z+P5++cES9Co9d/2tcU0PbxZZM/5x63tcxIjBeQ0I=,tag:AjsulFme64/xEPjgZQFtow==,type:str] + Nextcloud: + ssh: ENC[AES256_GCM,data:aVqa57u9hIOquP367EDj2rlyQWRe3EZv8l5cC+yQQKCri2bN5IFSq8qNemOIcU9ycBnxIyK6gLerJYQQcgzIIARmnfDpbJ9w+EeUL5yvPVJN6FM7oBeaL9mzYRl8aDKr22LhL9YiKAT1nKHESmTb3TZRvuvWJTGzCMRV85ROGxZYVUgG6BjuHEzuTsc4fy3NVPIl7/4ZjPgNNYx+UNsV5xwTejveB/sGblVrHOO74LZXzUWRlQNun5nM3MY3GALzfrPrVIAyGNu37CGachtwxaPOj7vUKZmD/e+XajYVKRJ3v33jrUeI0dDmhuwJj3taoFik6suAyiK3RlDdeWoERR8vqduiyxJnVMs6mNkigzkVtifpwZyQ8vNyG7w1JNPygMYgQzjN43lGVml8cx1lZvcoBzQabjWxcNzhV8gXxoGKvAwUV7ELB6l00rUH+EeI0uU8/IFm9kwmZq42ciM/bRGSGXzo2PYG2OHOiDe5b0nrIlajaRKd+vuuzTtFFU9EwH0GPzERRaoxVK+h9tzcco/REITCE+CVlHSx,iv:bb1X95HK5tT7EJpqqgMOUxw5VO5MuzoYxkPIzR5sEqU=,tag:y2LKHm7czwyuHp7Ea8KiYw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1fva6s64s884z0q2w7de024sp69ucvqu0pg9shrhhqsn3ewlpjfpsh6md7y + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWWFUdnpERVlkK29TQ09k + SnJMVm5rUEV6S0huSzJ2YjFFQ3pNR0pmZWprClZEVDloeDE2ODNkMVVJTUtqaENz + ZzhwTTA4V2xOeW55WGtPZU5FWElQNDAKLS0tIFh5ZWtmZHRBWTAvM3ZwY3pKQ0R6 + aDNUbFlhWWVoOWpjVlV1VTVJejlSMjQK6wCeCRdHY5oyTX6/R1U5AOGJyp0exi1A + dWPUMfkKBBBkrR+G6ougd8o3FwFf+yfb5RhaTxxqjit6p2RyMjR64w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-19T12:24:34Z" + mac: ENC[AES256_GCM,data:Bh/vHdsFCzk+YaRcZe/Eiq4xfLSDX1tSV4Jg8lFgzPqXCBwCgohDREZ8LSZPuQtStIugzyRNyPcnWrZcDwDiaS9klM5sIxjeGIF7ZDS81sQnQVNRyX/m9vl6AgVtP9KHgOpJwGObzuvNBE7XnOZ3q03/ah1LXRowJUn63wB4Qxk=,iv:GVLQUjm0bMHusD0F8gJ5DlZvqdDHPsT0VwxLhHh9ozE=,tag:cffv8wKTQ9UYrCPx+3zTMw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/nixos/secrets/Hugo.yaml b/nixos/secrets/Hugo.yaml deleted file mode 100644 index 6a8d422..0000000 --- a/nixos/secrets/Hugo.yaml +++ /dev/null @@ -1,24 +0,0 @@ -Hugo: - ssh: ENC[AES256_GCM,data:Qi4YEvG64lJqhISMNtuC0mM02TU5KPpzdgs8x2UJwxAxus4+Aa3nIttkbcbKxtobL7ohKcMFGq7bBdj+s4zbctctknHdjiwj1caDoD7+Fm5H0RWLe7yjt5e4IxRywN8cNF59FfINl2tMutuENOzSucjHIXTKSV/ARZzwhcyZkQy//YvlReUSrUNaNkVM1VtjVILOToAXGzQx5w74eX+9JYV9FtZRTbr/spule+UDDtPZaaiFZmFfE5YjULFPaZJo2iUiirKalPodxfIar9eXzoN+bOQbz2Xys1QHNEt2cwWjERruCsojiyA+XeYFreWEWGggSEXizxv7cS5ab1e9XqtWR+u3Gdy/t1/cjoMBVXuLxQ+BwTlAO8NDgRbW0aq8q5yOsPCjShI/N4EVN5qtMUT1+mYZLCiZPPXbLBIiyqIWea/Ru8iIo7+WoF2iDBgshwnw8+uGDFfwlNh3SAwMSQOcGg06+U17PeU56Q/wqID2lEMDgGfHdqObvMlae1q+Qa9cwrp4xDw5S42NlgVaNcovUav5US5kO43r,iv:xvuRv4sqLRGv9npIVjnGV7zDPzIyS58ZKN2T23BmMZs=,tag:iGnBzgRhREEfKjE/ea5Drw==,type:str] - Gitea: - ssh: ENC[AES256_GCM,data:digqDmnEPg/Zn9Xt7+Z/R9lTBs6CeOgHgIhstWxHnvucwshUO7Zu+l80YPyzAck0pO5YIKML8hjAqj30lYqSPRzG1uRpT7likCy15MqyyQ64U+5PGQRNhybo1eYoqVFYd2sYc5xzkve1b8zCDfxj2mbmRYETYSidHZLaDilq6iKtWWSX+mnTXqJ2gIj+J7pfFBOHskWglnrVdj93AOdpG6cmnvzE7ey8SrMt9t0GzmRFAvjP3slio8NTsI97fu3isF0phGoh8q9tGGRnRMDq3E33zzntT3jawtWiib9ZCxuJ8Zhwc1fIF07YfBJ+sZJ7Kau1205NFJtISGbVhVmpD9kQdoFwYQxYJuvPcDYyIYH/K86bYnBmJWRCwbTh7Es7DCCC90VY/yMjRNoYvjupjhuHKGXE8O/Y8weERZ+GuZ8BSxFwU81YK9mcQyw+Z+MdAFsZEhR7cpxRkty2INKxOdX8wJGVw3A1cInwuiBjLiED0ndh39RqJbE8DUQAJgngSbYK52rCadjhs2xf+tPiDatsDMAHU2DpyDcz,iv:Dh9hhr1mp+gXA1eUvsJVb5opbaEtdRMKAd4HQSQlOpc=,tag:k4M96tstNATvyFe6xF2IzQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1fva6s64s884z0q2w7de024sp69ucvqu0pg9shrhhqsn3ewlpjfpsh6md7y - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWWFUdnpERVlkK29TQ09k - SnJMVm5rUEV6S0huSzJ2YjFFQ3pNR0pmZWprClZEVDloeDE2ODNkMVVJTUtqaENz - ZzhwTTA4V2xOeW55WGtPZU5FWElQNDAKLS0tIFh5ZWtmZHRBWTAvM3ZwY3pKQ0R6 - aDNUbFlhWWVoOWpjVlV1VTVJejlSMjQK6wCeCRdHY5oyTX6/R1U5AOGJyp0exi1A - dWPUMfkKBBBkrR+G6ougd8o3FwFf+yfb5RhaTxxqjit6p2RyMjR64w== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-05T19:05:15Z" - mac: ENC[AES256_GCM,data:8xMV6RkmXpt2uY07E+59ZXwTwTL6oqo9j5sFOxejwnFU06MGW9t1h/5HFg+GKpp3Jj1LT6a7uuyip6bDGCMEhI054sTv2uDlOIFd4nbHwOh+keEH/FLa8csTq4yyisROsaXUUCtWxraGXz0MQXT8xlQMT7Pn0x43JssmPhOwrRo=,iv:JKNsroIAxvV5V23at/DsDdud5idVn5IEQHrgeFHR3fQ=,tag:XY0hikk4yvqfynPI8q+GBg==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/nixos/secrets/GitHub.yaml b/nixos/secrets/personal.yaml similarity index 57% rename from nixos/secrets/GitHub.yaml rename to nixos/secrets/personal.yaml index cfc0a97..1e520ab 100644 --- a/nixos/secrets/GitHub.yaml +++ b/nixos/secrets/personal.yaml @@ -1,5 +1,7 @@ GitHub: ssh: ENC[AES256_GCM,data:jzRpTgefhZg7Vhm8QvWNsPBko1yw56sM/XehY72lAc7aRz+dx6BGgyYbZiifd7GrGJGUbH6gWfUg8YjgVla6VRsiHCEvSK3bY0ADDwTeSUs+wuybYXQZqhivSCInVtVSNAcp99uI1QwKor289zmxcFtSZEXgU1OCSel/8br+qipAbOkzAKX1v15eigjY4OSQxXL59EuuuHEQ+vjVVv95tDv03jaNAoU9UKr0Atrny/Fn2sQn4Tmec5Q1XdvDErKhSxrAFiACkxXUwPZMHez+BUZrmkksqpzNJjYNIlmsITuOVr7Fyen9wotAwsDf96Fmz5JYLtRX9CAboUgQLdUOKprwX/xgBnFtDTSH1Qr785T1QSAZL6xdE6hNibxZO3vGeeaPC3oGB5g9x5CwTQelMdOUPKdKorCDj226o56cTc/IQxUpsULbeOyi2pMGHiTHbiQBzHpxWyQ/gBktPkF25GOFeaCu3gW+xsspX91jSKudcYdBqWUNmJcdsfHfPxPM4cZtA/sVMyoA+YcehgU7GTu9DAlxDTug/JWo,iv:5shfzmrFFVEuaYmyTkBMAw9BIFFkKz0yl1dyJWxq6Y4=,tag:CX7TBJJXCKuIPSmg9/RpGg==,type:str] +Gitea: + ssh: ENC[AES256_GCM,data:8eyuycMkBVMHfzaGeGs+0RA4vCpaAUTjCwiplUamypEk9BDYqxe+69O6OjJAGaPnmH4kpsb/WVd5sU6HNUogBuzDQhCrv2B6NadcmnV+fH3MHfAWvDy7R68PUkwcywWVOo65SONckjKVa0Y+8IeeJh9zpr36qCbbs+zPC4XTk+Y5R4vK/ocmSJSmwqVK1SfGGwOjFoJvHVI6jdXh//vgKaITqmyZV7N3OU9EiQp1FmNKwFf/x70w2LGATrNBcexwNy20ZYd6ewiAfJxFHR6Svfc2P5X2nlv99W5t1eU5QEGUcalcslsW/VkmFC3agN3Yry2EMIlfTlm0hm4+ryDGWEvgyUC0dLA8Ao0TLaaqig9HzBRP1h6aORe0lDwzTUg6WltrIu0s7hFwD4YLi1qP5lY99hvrDIRbTEg6AY6X4b32YFlyOXy0YDetv90+QyEcwANWO9MXz2S9hxuQmjOXMCVYMaiMLVUkG+mShbQuxTiFQt/7D83yOBSRLugx/aU318NKvUDlCt7wpZbMI3gBia4nUYLoLcXRKcAZ,iv:uc1ZtGdcolLrpQgS5n5LEAwBt0vMmkj2OuTXcn8sQ7A=,tag:F2ofcj0zEBgxwukMUd7+uw==,type:str] sops: kms: [] gcp_kms: [] @@ -15,8 +17,8 @@ sops: aDNUbFlhWWVoOWpjVlV1VTVJejlSMjQK6wCeCRdHY5oyTX6/R1U5AOGJyp0exi1A dWPUMfkKBBBkrR+G6ougd8o3FwFf+yfb5RhaTxxqjit6p2RyMjR64w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-09-11T10:23:48Z" - mac: ENC[AES256_GCM,data:3XEbhFY1TlXo6bTctV2u4i6QPzXnJC6iU3F/MUARSQl1z4peOB5x8hZfdiV/hVMR8I+83TxDcEAmKDrcaMf89Tqa+OiD//wBekMUfS7AmBRhpv7X5qfarflfnygacFsAMhf/bdiqowYbGSNvlPjueqHJaFZ+3x/wPrt/jAYNlr8=,iv:ciQmY7bE+Je6kMlmxxtQvp+r3e/ZK942tT4TtXhDX2M=,tag:4+7uZlEm5bcRfZC7pp5Y7Q==,type:str] + lastmodified: "2024-10-19T12:24:38Z" + mac: ENC[AES256_GCM,data:g15gV0H0rlzoeN5Z/Zkgh/8ya9GSrWDVP9oqdVz3m4obmquCLDIygsPaYpRXmfOtPSgvX2KzZ08sNLfcBZSh7eH2Ws7xcezWOntOcmAQNz5LvemqP7YuwtivMK/P4qrkME+LQPkSrSUR+rT99Zj+RQXisy91Cq9NbVBj6uQH7+I=,iv:W+oDp5Dun0g35BFprOmgfI0LoPME3HpPuuniCKA32Kc=,tag:CUU74HZuRNedyI3txn9D+g==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 diff --git a/nixos/users/tdpeuter/secrets.nix b/nixos/users/tdpeuter/secrets.nix index f97cdb0..75939f3 100644 --- a/nixos/users/tdpeuter/secrets.nix +++ b/nixos/users/tdpeuter/secrets.nix @@ -7,9 +7,14 @@ in { config = lib.mkIf cfg.enable { sops.secrets = lib.mkIf config.sisyphus.programs.sops.enable ( let - Hugo = { + HomeLab = { format = "yaml"; - sopsFile = ../../secrets/Hugo.yaml; + sopsFile = ../../secrets/HomeLab.yaml; + owner = user; + }; + personal = { + format = "yaml"; + sopsFile = ../../secrets/personal.yaml; owner = user; }; UGent = { @@ -18,17 +23,17 @@ in { owner = user; }; in { - "Hugo/ssh" = Hugo; "UGent/HPC/ssh" = UGent; - "GitHub/ssh" = { - format = "yaml"; - sopsFile = ../../secrets/GitHub.yaml; - owner = user; - }; - "Hugo/Gitea/ssh" = Hugo; + # Git authentication + "Gitea/ssh" = personal; + "GitHub/ssh" = personal; "UGent/GitHub/ssh" = UGent; "UGent/SubGit/ssh" = UGent; + + # HomeLab + "HomeLab/Hugo/ssh" = HomeLab; + "HomeLab/Nextcloud/ssh" = HomeLab; }); }; } diff --git a/stow/ssh/.ssh/config b/stow/ssh/.ssh/config index 74bb449..d3f6834 100644 --- a/stow/ssh/.ssh/config +++ b/stow/ssh/.ssh/config @@ -1,9 +1,3 @@ -Host Hugo - User admin - HostName 192.168.0.11 - IdentitiesOnly yes - IdentityFile /run/secrets/Hugo/ssh - Host HPC User vsc44995 HostName login.hpc.ugent.be @@ -15,7 +9,7 @@ Host git.depeuter.dev User git HostName git.depeuter.dev IdentitiesOnly yes - IdentityFile /run/secrets/Hugo/Gitea/ssh + IdentityFile /run/secrets/Gitea/ssh Host github.com User git @@ -36,3 +30,15 @@ Host subgit.ugent.be IdentityFile /run/secrets/UGent/SubGit/ssh CanonicalizeHostname yes # Ignore capitalization +# HomeLab +Host Hugo + User admin + HostName 192.168.0.11 + IdentitiesOnly yes + IdentityFile /run/secrets/HomeLab/Hugo/ssh + +Host Nextcloud + User administrator + Hostname 192.168.0.14 + IdentitiesOnly yes + IdentityFile /run/secrets/HomeLab/Nextcloud/ssh