Add SSH

2023-04-11 18:00:21 +02:00 · 2023-04-11 18:00:21 +02:00 · d56ccd257c
commit d56ccd257c
parent 11712b2930
4 changed files with 26 additions and 1 deletions
--- a/nixos/.sops.yaml
+++ b/nixos/.sops.yaml
@ -0,0 +1,9 @@
+keys:
+  - &tdpeuter@Tibo-NixFat age1q2gqur3t4fu8flsuu2zdnule37vdkh6egpt6a2e3ytx433x8gpvsr4hw6l
+
+creation_rules:
+  - path_regex: secrets/[^/]+\.yaml$
+    key_groups:
+    - age:
+      - *tdpeuter@Tibo-NixFat
+
--- a/nixos/flake.nix
+++ b/nixos/flake.nix
@ -19,6 +19,10 @@
        utils.follows = "flake-utils";
      };
    };
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+        inputs.nixpkgs.follows = "nixpkgs";
+    };
    utils = {
      url = "github:gytis-ivaskevicius/flake-utils-plus";
      inputs.flake-utils.follows = "flake-utils";
@ -27,7 +31,7 @@

  outputs = inputs@{
    self, nixpkgs,
-    devshell, flake-utils, home-manager, utils,
+    devshell, flake-utils, home-manager, sops-nix, utils,
    ... }:
    let
      system = "x86_64-linux";
@ -43,6 +47,7 @@
        inherit system;
        modules = [
          home-manager.nixosModule
+          sops-nix.nixosModules.sops
          ./modules
        ];
      };
--- a/nixos/modules/utils/ssh/default.nix
+++ b/nixos/modules/utils/ssh/default.nix
@ -0,0 +1,8 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+  };
+}
--- a/nixos/secrets/sops/age/keys.txt
+++ b/nixos/secrets/sops/age/keys.txt
@ -0,0 +1,3 @@
+# created: 2023-04-11T14:44:53+02:00
+# public key: age1q2gqur3t4fu8flsuu2zdnule37vdkh6egpt6a2e3ytx433x8gpvsr4hw6l
+AGE-SECRET-KEY-10J7MWCWQQY33TVNMQ9AMH4TH5LULSVAZ539P9QG3NA2Z3LTMXAFS2QQ4NG