sops working for ssh authkeys
This commit is contained in:
Don Harper
parent
52b024181a
commit
be3503019c
2 changed files with 73 additions and 18 deletions
|
|
@ -55,6 +55,60 @@ in {
|
|||
./wine.nix
|
||||
];
|
||||
|
||||
sops = {
|
||||
age.keyFile = "/home/don/.config/sops/age/keys.txt";
|
||||
|
||||
defaultSopsFile = ../../secrets.yaml;
|
||||
# defaultSymlinkPath = "/run/user/1000/secrets";
|
||||
# defaultSecretsMountPoint = "/run/user/1000/secrets.d";
|
||||
|
||||
secrets = {
|
||||
"users/root_password" = {
|
||||
owner = "root";
|
||||
mode = "0400";
|
||||
};
|
||||
"users/root_sshauth" = {
|
||||
owner = "root";
|
||||
mode = "0400";
|
||||
path = "/etc/ssh/authorized_keys.d/root";
|
||||
};
|
||||
"users/don_password" = {
|
||||
owner = "don";
|
||||
mode = "0400";
|
||||
};
|
||||
"users/don_sshauth" = {
|
||||
owner = "don";
|
||||
mode = "0400";
|
||||
path = "/etc/ssh/authorized_keys.d/don";
|
||||
};
|
||||
"users/vicky_password" = {
|
||||
owner = "don";
|
||||
mode = "0400";
|
||||
};
|
||||
"users/vicky_sshauth" = {
|
||||
owner = "don";
|
||||
mode = "0400";
|
||||
path = "/etc/ssh/authorized_keys.d/vicky";
|
||||
};
|
||||
"smtp/smtp_password" = {
|
||||
owner = "root";
|
||||
mode = "0444";
|
||||
};
|
||||
"smtp/smtp_server" = {
|
||||
owner = "root";
|
||||
mode = "0444";
|
||||
};
|
||||
"smtp/smtp_port" = {
|
||||
owner = "root";
|
||||
mode = "0444";
|
||||
};
|
||||
"tailscale/ts_api" = {
|
||||
owner = "root";
|
||||
mode = "0400";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
networkmanager.enable = true;
|
||||
enableIPv6 = true;
|
||||
|
|
@ -159,8 +213,8 @@ in {
|
|||
package = pkgs.mlocate;
|
||||
};
|
||||
logind = {
|
||||
lidSwitchDocked = "ignore";
|
||||
lidSwitchExternalPower = "ignore";
|
||||
# lidSwitchDocked = "ignore";
|
||||
# lidSwitchExternalPower = "ignore";
|
||||
settings = {
|
||||
Login = {
|
||||
HandleLidSwitchDocked = "ignore";
|
||||
|
|
@ -222,9 +276,6 @@ in {
|
|||
users = {
|
||||
root = {
|
||||
initialPassword = "changeme";
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki"
|
||||
];
|
||||
};
|
||||
don = {
|
||||
isNormalUser = true;
|
||||
|
|
@ -239,7 +290,7 @@ in {
|
|||
};
|
||||
|
||||
zramSwap = {
|
||||
enable = true;
|
||||
enable = false;
|
||||
memoryPercent = 25;
|
||||
memoryMax = 2147483648;
|
||||
};
|
||||
|
|
@ -274,6 +325,7 @@ in {
|
|||
environment.systemPackages = with pkgs; [
|
||||
python-with-my-packages
|
||||
acpi
|
||||
age
|
||||
aspell
|
||||
aspellDicts.en
|
||||
base16-schemes
|
||||
|
|
|
|||
27
secrets.yaml
27
secrets.yaml
|
|
@ -1,16 +1,19 @@
|
|||
#ENC[AES256_GCM,data:ZNxS2TSn,iv:29wdug8DNsqXK9gi3+HNSW1eeJGTcMtvccH2nFLk1DY=,tag:S3qAU5HB8Y5595dA6ItCmQ==,type:comment]
|
||||
root_password: ENC[AES256_GCM,data:T4xaN92i7Q==,iv:dBznOslNEYSv2b90PZbR0G84hJyrI2sYR1YzJuLWPK0=,tag:mXT4ir6t4oOeT0X8S3QTSA==,type:str]
|
||||
root_sshauth: ENC[AES256_GCM,data:eSxg81u5yRSSev2clW4YL2b6T4ygfUon636T+q2MTnoBQTbZxaknvJxNJemEGQKJRRNmzFQzP2LVWH7WbcNsALt0FQyo8oRJnSlGxebk+1MIlgrFxqFlY8c=,iv:7jyZ9WrKyX5EbbGYunzN/Ez2ULuKGo+FkVHk7hBtEtY=,tag:Gbr/ylA1S/9ZDfvK4xUvGg==,type:str]
|
||||
don_password: ENC[AES256_GCM,data:LUAJQBmJlQ==,iv:FKmu8y6DuWa/XD0wqb7dxJNxITzrKOZNGZF94pqaaUo=,tag:YZdiWDImCi7AXYoU3uB0vw==,type:str]
|
||||
don_sshauth: ENC[AES256_GCM,data:No8G1fgYWWKhUbaydGoxHe+fGWI5p0fD9cx2qegI+dZ9DV1ENKiACsJzWd004ZHA2G9PGzSeGb/p8Ay/3zVbSLJccWeblNE+P7e/HlGixZRXmv9BcvXm5cE=,iv:Bd3QLGrctTaBfOHMAnmPys8uViQFbBh4D2cxxhEeQJE=,tag:LD2QStSyEJ5yxQMbHOz3WA==,type:str]
|
||||
vicky_password: ENC[AES256_GCM,data:XCKBMoOV,iv:swdBKF0STzMFbzYMBI8/nuNTE5B5DN7STkdNVx0w8Ys=,tag:Lw4SkSm3W0xh80M8loD/BQ==,type:str]
|
||||
vicky_sshauth: ENC[AES256_GCM,data:1ec9IXnH4FSPG+9M2fMuDsDEo2E4PatwZiH8zIAKPCjlLIgvxRlioDO6fd+a9eaoAOoEIRaIwCOyK+VAlAxshrDA72nGH3xT/RmSeX6nVHGNh7gswdYh2Ts=,iv:jyuN5+Yj3Tfzk7h3ASPrNhxaFezJGLE5eWtgKl1SulY=,tag:gsQCp5g1ZpQA/wrWfGODqA==,type:str]
|
||||
users:
|
||||
root_password: ENC[AES256_GCM,data:c38DypOUaA==,iv:wwpjTEgTBMy3J7PzKnLO9IbLnq9HOMgQG/EQD+07U38=,tag:J/U8ddG2gqtRLUADWiJ8Bw==,type:str]
|
||||
root_sshauth: ENC[AES256_GCM,data:1z7lTmMn2QB177S2re4+BIoiQ7XAmx9zKscUlUQKywQLqLDQJdvWJ0PvcKNfi0dyCJf5lWG3V3aZhGvIKMUizrZ0JMIZfRStbbLZKSnh0xsSvBdxo4NSd/k=,iv:iXnrcRN7l0uBboJsx/N1uCPkyqPWwbiR3Cp1RJVCVBU=,tag:h1rKlReNxKJ8uBTWVRAPgA==,type:str]
|
||||
don_password: ENC[AES256_GCM,data:m9Jf4fvpSg==,iv:Z40H6ZSqjRFwvBdak22ijX0s4NVIjqbT1qfRkFnmp6c=,tag:K41k1JQUavKSZ47MkqF6PQ==,type:str]
|
||||
don_sshauth: ENC[AES256_GCM,data:a7m3lzi9cRMfjSTZAUV6BUmSjcJcTTAex5vFmfC/narajIpmeo2So52cJKV9YYOgKaOCXEmMuokH8kXXZ9QL0zx5HhaCWSxCbsqh+wHEFiRdQFxBn1YLzM4=,iv:x2n+KQjbpReHIZDRnlNUd5HIHfowrnMD0dD4FxdDos8=,tag:PwzOCm3YjF/EiEStFpBGtg==,type:str]
|
||||
vicky_password: ENC[AES256_GCM,data:KrTs/5d2,iv:ykzA5NMzD6EZJKLpFdgYm0E8/l+K8C96qsUJVm9qovY=,tag:xFzOmny25ytR/64SX0TPyA==,type:str]
|
||||
vicky_sshauth: ENC[AES256_GCM,data:jFedFDYzaHtHOjKTc3iei3+dw3gpm9mZLncye9henZfx/fK1cbaH6SugnvsEZTtOEt7cjWkBhAKzRxCemhp0WENa2w9cQXrMtnzniIz4k7NsPkKWdBy+n34=,iv:cRPy89hstypZ5RhTlI2dQ28DIsCv9qjGglRdau5A53M=,tag:QosA7AeYaX8Su6wOX7XTVg==,type:str]
|
||||
#ENC[AES256_GCM,data:wPhrf7k=,iv:2HQ4jzpjasLF1gZCfVCGv30xajhBUzhAXsi9s5Cy9JM=,tag:aCM86v27N+TAGVrxbuO5tg==,type:comment]
|
||||
smtp_password: ENC[AES256_GCM,data:UvXraq2vRWejRscrg6ZSTg==,iv:ClAb/8jkLgBQC8FsTfEZNC/D9yzW2jZCCz82ziwF/oM=,tag:XxF4y10Dl7DLhvkCR1hV4A==,type:str]
|
||||
smtp_server: ENC[AES256_GCM,data:WqiUBqsOvkGTFzMevId6Ug==,iv:ESeB2sKoyacK4nEEULIsCOUKF7WfFPdEcn0AfZ+ENfY=,tag:SgPgSz1ljKR1TynXrcD1Ag==,type:str]
|
||||
smtp_port: ENC[AES256_GCM,data:9dtc,iv:M8RhdH1BYBQZ4NqoSKbO6UT22MOtNjmCPaz9AL90nF8=,tag:IUI0z4r+CHTJzwkF/99Ykw==,type:int]
|
||||
smtp:
|
||||
smtp_password: ENC[AES256_GCM,data:YP3NqVQjuWPyCuTgmxBwSw==,iv:1eyDvHplyh9pKfdY795ndJzzl1LLFudYZB2eqkjYmlw=,tag:Jvb9escI5pNorDmIiXuFrw==,type:str]
|
||||
smtp_server: ENC[AES256_GCM,data:Mkya/PLitKQXnUyRBM1N9g==,iv:Q+6Fi32v+8Z4YtrsgLelw9PRsA+WfElfYwYjxnUHfhM=,tag:muCZ/zmoAzLZ1+qWQiXPHg==,type:str]
|
||||
smtp_port: ENC[AES256_GCM,data://oT,iv:6fGj9npq+JsB2o6fG33uWJpVgoihqVxaLeOAGiv51T0=,tag:BVhhmptrJjljKFxQ4J0sXw==,type:str]
|
||||
#ENC[AES256_GCM,data:SFZglQQ16U0jDBTmBuxHH2TGFRt9rOxZTzc=,iv:MnzSRM4bte5WACvlTDSVTqFTBJMFFv8l8e7p1lu/bZE=,tag:v6JKaBu6dl+1jrK0VmpPBg==,type:comment]
|
||||
ts_api: ENC[AES256_GCM,data:IkJ2+er8agfcTwPwWriensoEg8CQeNl3ZXUcadm3rbraXNKyqLY5UO6RNZxLk2CAvAY4MB7/fDRryDGZ3Po=,iv:ml9vhPKmKI2PlYjzFrVoUMjHRrPdI69zSY2qBa71ODU=,tag:TXnXEbN7X51PYwu8O8DfKw==,type:str]
|
||||
tailscale:
|
||||
ts_api: ENC[AES256_GCM,data:mchei6FdVpcn7A2m/1D/e7RbZ8YLdte2lZ1b8M1e6C5NqzzDzRSNS7Wne2bm7szPe6nzeDGVZZ/jp5WR26M=,iv:/DZsAk+W+Ev+ZS7XNvLbNXCARL9YjUgvrae5bUppWBY=,tag:Uj8FT/gCpO4XmMRDykz8ZA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age16a4ywf6pycs9l8rn7y34c6y8pqfz9utmwwkr70d0hapknkzdaafsesn0ff
|
||||
|
|
@ -22,7 +25,7 @@ sops:
|
|||
em9ZMDljK2tXVnVDN1Q2UnYrZWVwblEKE/z1PQsld/r4AEWFyUgt6zNf7QfcLNYh
|
||||
Btn5qGBPYizmYzAwleNOq5PDINUAlfT9fTfU6QBdRYkarbVjqDV6Pg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-11-12T02:13:51Z"
|
||||
mac: ENC[AES256_GCM,data:ntO/fVmW2w04YQab12rvDa6feFmiNO4CQmi7LA/5wWt+J4z3qTyfYdNfb0mKEMFo5Wu3KhZWKIi97HDOAsKJqhIEgsdLOY9RbKuH+KHC81qjfRhbKC/yK84JHU2mc3K2cTpuFqw+xhJaGsbLNQYsWxi+dot7QvZTEPcC11XskFY=,iv:erleqHDriT1TQ86s1U8znD4s4o3g+mmClfELWtNNuss=,tag:McJZcWDdDb3X/emXvckPPg==,type:str]
|
||||
lastmodified: "2025-11-13T00:39:12Z"
|
||||
mac: ENC[AES256_GCM,data:uhMuODBQLyx6Ae18npzmptsX1HzVY7cmx8pZ5cUcYJb7VlVjgYMc6rp4UKozd4y8lGnKtQWaiUvsR8RFiueLsd/vLuNjI48qXmezluBoXFlqkCPuDBzZIFnWfo4omqfY9kZs3fafNfAW7GSrQOE5wP9xNdNO0dUkMs8QF93/SeA=,iv:/+3iBJpCZ2ujvF4kZ0wOIb1FkN9WE8P5ftnfrC7J4t0=,tag:W6JqByfgpxue1LvQAomsrw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue