feat(agenix-rekey)!: first try
Cannot `agenix rekey` / `deploy` `agenix rekey` rekeys separate keys successfully but canot build the derivation that contains them
This commit is contained in:
parent
9eb47f44b9
commit
8feb5245ea
16 changed files with 138 additions and 109 deletions
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -1,2 +1,3 @@
|
||||||
/.direnv/
|
/.direnv/
|
||||||
/secrets/key
|
/secrets/*key*
|
||||||
|
!/secrets/*.age
|
||||||
|
|
27
flake.nix
27
flake.nix
|
@ -55,19 +55,15 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
agenix-rekey = {
|
||||||
|
url = "github:oddlama/agenix-rekey";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
|
||||||
ragenix = {
|
ragenix = {
|
||||||
url = "github:yaxitech/ragenix";
|
url = "github:yaxitech/ragenix";
|
||||||
};
|
};
|
||||||
|
|
||||||
# sops-nix = {
|
|
||||||
# url = "github:Mic92/sops-nix";
|
|
||||||
# inputs = {
|
|
||||||
# nixpkgs.follows = "nixpkgs";
|
|
||||||
# darwin.follows = "nix-darwin";
|
|
||||||
# home-manager.follows = "home-manager";
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
|
|
||||||
# Nix User Repository
|
# Nix User Repository
|
||||||
nur = {
|
nur = {
|
||||||
url = "github:nix-community/NUR";
|
url = "github:nix-community/NUR";
|
||||||
|
@ -117,6 +113,7 @@
|
||||||
, disko
|
, disko
|
||||||
, deploy-rs
|
, deploy-rs
|
||||||
, agenix
|
, agenix
|
||||||
|
, agenix-rekey
|
||||||
, ragenix
|
, ragenix
|
||||||
, nur
|
, nur
|
||||||
, spicetify-nix
|
, spicetify-nix
|
||||||
|
@ -132,7 +129,9 @@
|
||||||
inherit (self) outputs;
|
inherit (self) outputs;
|
||||||
util = import ./util { inherit inputs outputs; };
|
util = import ./util { inherit inputs outputs; };
|
||||||
in
|
in
|
||||||
rec {
|
{
|
||||||
|
inherit self;
|
||||||
|
|
||||||
# Packages (`nix build`)
|
# Packages (`nix build`)
|
||||||
packages = util.forEachPkgs (pkgs:
|
packages = util.forEachPkgs (pkgs:
|
||||||
import ./pkgs { inherit pkgs; }
|
import ./pkgs { inherit pkgs; }
|
||||||
|
@ -184,6 +183,14 @@
|
||||||
darwinConfigurations = util.autoDarwinConfigurations;
|
darwinConfigurations = util.autoDarwinConfigurations;
|
||||||
homeConfigurations = util.autoHomeConfigurations;
|
homeConfigurations = util.autoHomeConfigurations;
|
||||||
|
|
||||||
|
# Secrets
|
||||||
|
agenix-rekey = agenix-rekey.configure {
|
||||||
|
userFlake = self;
|
||||||
|
nodes = {
|
||||||
|
inherit (self.nixosConfigurations) jeeves;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# Deploy.rs nodes
|
# Deploy.rs nodes
|
||||||
deploy.nodes = util.deploy.autoNodes;
|
deploy.nodes = util.deploy.autoNodes;
|
||||||
checks = util.autoChecks;
|
checks = util.autoChecks;
|
||||||
|
|
|
@ -3,14 +3,23 @@
|
||||||
imports = [
|
imports = [
|
||||||
inputs.hardware.nixosModules.common-cpu-amd
|
inputs.hardware.nixosModules.common-cpu-amd
|
||||||
inputs.hardware.nixosModules.common-gpu-amd
|
inputs.hardware.nixosModules.common-gpu-amd
|
||||||
(import ./disko.nix { inherit inputs outputs; })
|
./disko.nix
|
||||||
inputs.agenix.nixosModules.default
|
inputs.agenix.nixosModules.default
|
||||||
|
# FIXME: agenix-rekey
|
||||||
|
inputs.agenix-rekey.nixosModules.default
|
||||||
./network.nix
|
./network.nix
|
||||||
./wireguard.nix
|
./wireguard.nix
|
||||||
./jellyfin.nix
|
./jellyfin.nix
|
||||||
./mindustry.nix
|
./mindustry.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# FIXME: agenix-rekey
|
||||||
|
age.rekey = {
|
||||||
|
hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPopSTZ81UyKp9JSljCLp+Syk51zacjh9fLteqxQ6/aB";
|
||||||
|
masterIdentities = [ "${inputs.self}/secrets/privkey.age" ];
|
||||||
|
# forceRekeyOnSystem = "aarch64-darwin";
|
||||||
|
};
|
||||||
|
|
||||||
nixpkgs = {
|
nixpkgs = {
|
||||||
hostPlatform = "x86_64-linux";
|
hostPlatform = "x86_64-linux";
|
||||||
config = {
|
config = {
|
||||||
|
@ -61,7 +70,15 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
# NOTE: made with `mkpasswd -m sha-516`
|
# NOTE: made with `mkpasswd -m sha-516`
|
||||||
age.secrets."jeeves_password".file = ../../../../secrets/home/jeeves_password.age;
|
age.secrets."jeeves.user.password" = {
|
||||||
|
# file = ../../../../secrets/home/jeeves/user/password.age;
|
||||||
|
# file = "${inputs.self}/secrets/home/jeeves/user/password.age";
|
||||||
|
# FIXME: agenix-rekey
|
||||||
|
rekeyFile = "${inputs.self}/secrets/home/jeeves/user/password.age";
|
||||||
|
# generator = {pkgs, ...}: ''
|
||||||
|
# ${pkgs.mkpasswd}/bin/mkpasswd -m sha-516
|
||||||
|
# '';
|
||||||
|
};
|
||||||
|
|
||||||
users = {
|
users = {
|
||||||
mutableUsers = true;
|
mutableUsers = true;
|
||||||
|
@ -69,7 +86,7 @@
|
||||||
jeeves = {
|
jeeves = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
hashedPasswordFile = config.age.secrets."jeeves_password".path;
|
hashedPasswordFile = config.age.secrets."jeeves.user.password".path;
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBj8ZGcvI80WrJWV+dNy1a3L973ydSNqtwcVHzurDUaW (none)"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBj8ZGcvI80WrJWV+dNy1a3L973ydSNqtwcVHzurDUaW (none)"
|
||||||
];
|
];
|
||||||
|
@ -98,19 +115,26 @@
|
||||||
# ];
|
# ];
|
||||||
# };
|
# };
|
||||||
|
|
||||||
security.sudo.extraRules= [
|
# security.sudo-rs = {
|
||||||
{
|
# enable = !config.security.sudo.enable;
|
||||||
users = [
|
# inherit (config.security.sudo) extraRules;
|
||||||
"jeeves"
|
# };
|
||||||
];
|
security.sudo = {
|
||||||
commands = [
|
enable = true;
|
||||||
|
extraRules= [
|
||||||
|
{
|
||||||
|
users = [
|
||||||
|
"jeeves"
|
||||||
|
];
|
||||||
|
commands = [
|
||||||
{
|
{
|
||||||
command = "ALL" ;
|
command = "ALL" ;
|
||||||
options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
|
options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
};
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
{ inputs, outputs, ... }:
|
{ inputs, outputs, lib, pkgs, config, ... }:
|
||||||
{ lib, pkgs, config, ... }:
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
inputs.disko.nixosModules.disko
|
inputs.disko.nixosModules.disko
|
||||||
|
|
|
@ -1,12 +1,17 @@
|
||||||
{ lib, pkgs, config, ... }:
|
{ inputs, outputs, lib, pkgs, config, ... }:
|
||||||
{
|
{
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
];
|
];
|
||||||
|
|
||||||
age.secrets."home/wifi.env".file = ../../../../secrets/home/wifi.env.age;
|
age.secrets."home.wifi.env" = {
|
||||||
|
# file = ../../../../secrets/home/wifi/env.age;
|
||||||
|
# file = "${inputs.self}/secrets/home/wifi/env.age";
|
||||||
|
# FIXME: agenix-rekey
|
||||||
|
rekeyFile = "${inputs.self}/secrets/home/wifi/env.age";
|
||||||
|
};
|
||||||
networking.wireless = {
|
networking.wireless = {
|
||||||
iwd.enable = true;
|
iwd.enable = true;
|
||||||
environmentFile = config.age.secrets."home/wifi.env".path;
|
environmentFile = config.age.secrets."home.wifi.env".path;
|
||||||
networks = {
|
networks = {
|
||||||
home = {
|
home = {
|
||||||
ssid = "@HOME_WIFI_SSID@";
|
ssid = "@HOME_WIFI_SSID@";
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ lib, pkgs, config, ... }:
|
{ inputs, outputs, lib, pkgs, config, ... }:
|
||||||
{
|
{
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
wireguard-tools
|
wireguard-tools
|
||||||
|
@ -10,12 +10,17 @@
|
||||||
# wg pubkey < private > public
|
# wg pubkey < private > public
|
||||||
|
|
||||||
# Server
|
# Server
|
||||||
age.secrets."wireguard/server.private" = {
|
age.secrets."wireguard.private" = {
|
||||||
file = ../../../../secrets/home/wireguard/server.private.age;
|
# file = ../../../../secrets/home/jeeves/wireguard/private.age;
|
||||||
|
# file = "${inputs.self}/secrets/home/jeeves/wireguard/private.age";
|
||||||
mode = "077";
|
mode = "077";
|
||||||
};
|
# FIXME: agenix-rekey
|
||||||
age.secrets."wireguard/server.public" = {
|
rekeyFile = "${inputs.self}/secrets/home/jeeves/wireguard/private.age";
|
||||||
file = ../../../../secrets/home/wireguard/server.public.age;
|
# generator = {lib, pkgs, file, ...}: ''
|
||||||
|
# priv=$(${pkgs.wireguard-tools}/bin/wg genkey)
|
||||||
|
# ${pkgs.wireguard-tools}/bin/wg pubkey <<< "$priv" > ${lib.escapeShellArg (lib.removeSuffix ".age" file + ".pub")}
|
||||||
|
# echo "$priv"
|
||||||
|
# '';
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.allowedUDPPorts = [51820];
|
networking.firewall.allowedUDPPorts = [51820];
|
||||||
|
@ -28,7 +33,7 @@
|
||||||
MTUBytes = "1300";
|
MTUBytes = "1300";
|
||||||
};
|
};
|
||||||
wireguardConfig = {
|
wireguardConfig = {
|
||||||
PrivateKeyFile = config.age.secrets."wireguard/server.private".path;
|
PrivateKeyFile = config.age.secrets."wireguard.private".path;
|
||||||
ListenPort = 51820;
|
ListenPort = 51820;
|
||||||
};
|
};
|
||||||
wireguardPeers = [
|
wireguardPeers = [
|
||||||
|
|
17
secrets/home/jeeves/user/password.age
Normal file
17
secrets/home/jeeves/user/password.age
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IElkcVZ1USB5eUlZ
|
||||||
|
S2dzQkNtM3pPY1I2aUcwdVpndk9WWThJWktDdTBQeVZPcytqWWpnClkxTjl6L3RH
|
||||||
|
S0ZyeDQzbkdFNzVvK2ErZFpENjlXcjk0RUk5SmtrN1I3U0kKLT4gc3NoLWVkMjU1
|
||||||
|
MTkgV2Y4dmp3IHA4eGpVaUR3VE1ySU1TZ0tjcGx4SDJ5L3d6RDZvZmFjTmVTTTdx
|
||||||
|
ZUh5V2sKMjhRU0dwMmZ3NUhwTDZrMnI1bDFHYTJjckFlaVRUSUQ4bFd6bWlkQ1VD
|
||||||
|
MAotPiBYMjU1MTkgWTRabUNqVi9Tbjk4TGJZYUFHWWdEUjJYMUtES0JVdGxrbloz
|
||||||
|
a1pHN0VsRQpLc3BoRlRORHFySGFnRTBuWkpTaUJraEpzemg0L29leVFVQTZKMjBP
|
||||||
|
NUxFCi0+IHNzaC1lZDI1NTE5IHZNbmJsZyBUM1M1bURRQXFWVUNhdkxuUC9naXhm
|
||||||
|
Wk55MlJCWXB3NnovV3ZrOXBVdG53CmVOYldGRG92UHNPcG9HVjFFcmwxVCtKT0tw
|
||||||
|
MkYrYWQzMzNua3NvQ0lHS0kKLT4gX2UhLWdyZWFzZSBNZmRAaVkwIHFoUi5VXGEK
|
||||||
|
ZUJ2dnJDeUNsc1gzdFNnZi9OTSthZ3Vnd0hTQytSM0xnNDhQUEJoL3RyMzg0aGd1
|
||||||
|
Y0NTYQotLS0gK1ZpUUpKbE4yMW1nc2ZtaFRVa0QwS21kU2VYb1JtNDBzQWxWWHpP
|
||||||
|
YnM2ZwoTk7csNBcZB21Y46f15I1CatS5N4In3UhXIA1CdLNoHiJ6ocurMxVhzBQ4
|
||||||
|
VCSfib+Eq7FiEuMCG3l0fcgBLN2PSg79+BCiI1O9KYt9Qhl6g5fjRGvCCDtjos33
|
||||||
|
aEBE2F46v92wpFX24Pw2MfCfSnSeghq3Nh2DQJvFyXsTDu6DAd4a9ubU6K5BMJS+
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
16
secrets/home/jeeves/wireguard/private.age
Normal file
16
secrets/home/jeeves/wireguard/private.age
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IElkcVZ1USBMb3Bt
|
||||||
|
NTRMcXpEeGxkdkFaQmdnMjdsd0hHVXlWR1RZckthVVFzNmRRZDFNCnRvZlErOGFn
|
||||||
|
NW9TQlJvblVuZ1RsNWJvVWhSWE1VeEVuTmpWMUxMZnM1SkkKLT4gc3NoLWVkMjU1
|
||||||
|
MTkgV2Y4dmp3IHVPNThxVnRnNlRkNTU0WDAxRVFIZk16WUlySDJqRFovSTAzVTJP
|
||||||
|
Wk1HVlEKZnZJMUJrR01uY01YTzM3dXY3VVJ2ZFFXaENGa3g5ZHlNSitYRU9uMUZE
|
||||||
|
TQotPiBYMjU1MTkgQURJZE9ma091Zis4MDYyUUJHdjc0MTYyRC9IK1BDMmZpNGx4
|
||||||
|
MXBaaGxEMAp5dnFsSzVncjRDWDBQV1R2ckt4MzRtYTRyZERoejBvbWFabXM4K2NZ
|
||||||
|
L3ZRCi0+IHNzaC1lZDI1NTE5IHZNbmJsZyA2OGI2eS8yQk1yNjdXNlY2VmlZUTVF
|
||||||
|
QkJ6eVZhYW56NU5xcG5jMG5oc1g4Ci8zM3p5ZmR3ZTBtRGpYZERUa0dBSldqRnRj
|
||||||
|
Ulhzc3RNU2lBR3pyZnpjYkkKLT4gdGt7TF8tZ3JlYXNlIGFJfHpCfSBDZC1UIC9e
|
||||||
|
PgpVVU9XUmdTM0RmSWF0SGdZV1VXOThPOUZRdHFnU2RTUkV2bzZmY3VJQzZjMUhG
|
||||||
|
WXMyNmJ0ZWcxQVVPVQotLS0gWEY2akF3UVp1VTVoSGNNMGs2enR0bXI1bU1uTzBP
|
||||||
|
RjMzejZxN1JLWUhjYwon/0IkLsAhX2rUfpHDmWq++0t7vppgTdZfSjRlqrW7/t8t
|
||||||
|
dj0pU/R1NDuPuJ90STxHoKZinAbX/LC18ieNCwdWvkNw566lY3ERV1egyg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
|
@ -1,17 +0,0 @@
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IElkcVZ1USB3bzVT
|
|
||||||
c3M0RC9vYThYQUpoN0FKU2hpSDdOUk10cUI2Si9vNVA5UjMrOEZZClF2RytISG40
|
|
||||||
S2tqUVo5R2RwbVhweXg5dlNlSlJXdHVMQ1NyOGY5VHNKRlUKLT4gc3NoLWVkMjU1
|
|
||||||
MTkgV2Y4dmp3IHpLQXBabTNzaWsrQWZHSEJxdDJjOXRYZ1JJNG90RFg1L1B1dUxG
|
|
||||||
SjFDakUKRkptYmQ4azV4VWdqSzZBTHloM203UXp5VDNKY0N1TDJTZ0FnYlBOWDlF
|
|
||||||
awotPiBYMjU1MTkgSy9pVStZRjJKbHVJZDIwOUM1MHFoVTd0eTNmSXlyRmxJTnBr
|
|
||||||
a2h2akJBOApic1VkdnZGUnVLZm9HbE5tZ1lzbGJSNGsxendyL0s2d3lVdnIreG42
|
|
||||||
R1FBCi0+IHNzaC1lZDI1NTE5IHZNbmJsZyBiR0dQVlFFV3grWXJQOEF4ajhtK2Yy
|
|
||||||
akExVEpwZ1lqcW1VN1JnODJFcFQwCnhRME5iWnZnc3NUL1ZwQ1ZyakJjZWVFb3VV
|
|
||||||
cmNpY0QyMitFNHZuakpxTmsKLT4gJHEsIixCbmwtZ3JlYXNlCmFrL1k5RTFsdndS
|
|
||||||
N1FwTytvQQotLS0gTTlJUlJMR09lSzY2RmpSWmk4MGtJamtRdnVZM1JobUMrRUJw
|
|
||||||
ZDgxRG9HVQo577U9ehKYysiNh7Z9o4X/xoP1eB7Igs5jQ/PFLFA0ST48NZ4GwJ1t
|
|
||||||
0Hbm4xdx5qaI5BIlxmyDspQCtBU2MmtYYT4v0rWZcmVQdm9GLDmCFuUeiAG+X7MT
|
|
||||||
wEqyX56oAr+ULxPO5EWoznIqv2wXantXsAGTvOKRqJuxWOleiXfAK50j4dM7jhzN
|
|
||||||
rw2k
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
|
@ -1,18 +0,0 @@
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IElkcVZ1USBKNjdl
|
|
||||||
alVqNE5WY21yS2QxWndJOE9vSzRiWlhjSWNtR2dMdFA2ZE5kWUNvCjkrQVppSzdw
|
|
||||||
ZXo1cEVEUXZ6WVBVcTYwVWRhRFBxUUxqS0dnVlZGUWtmYjQKLT4gc3NoLWVkMjU1
|
|
||||||
MTkgV2Y4dmp3IGQzeDZGTUFGeFhoYVpEeDZZT1hLUjhkak90cnhTeThkcnlQMFU1
|
|
||||||
RUxEbVkKNy8zQmpUdE1NVnNCYTYyRmZ6bmhMRUttS0RNU3UxOU5RT0swRmpTeGpX
|
|
||||||
SQotPiBYMjU1MTkgcC9hMHpEMWl0WndmQzM2dm9MWG9reWpxVE5DeXRUcjRwQmp1
|
|
||||||
RG5jeHBpMAptK3dXcStRcnBaMWRGZytQMDJQNFNiOU5ZVzZKczNwWEp5ZWVDbmdw
|
|
||||||
QS9RCi0+IHNzaC1lZDI1NTE5IHZNbmJsZyBNMHN6Z0V5YWJzMnJ6RklpbFBpVUVw
|
|
||||||
OGdPRTl6Smo4RGxuZWtBelhrNW1rCnBFWjRlQWpjOW9TNHFSVFBSVStSalpTcUt4
|
|
||||||
T3kxVmZxZkc0VzQ2ZlN2WHMKLT4gc3NoLWVkMjU1MTkgQjdiZXhBIG00eEhHSlhi
|
|
||||||
bWMxOG02aFVBZEZGQnJxSFdRNmduRWVnN0lKQzlJMUVBVXcKbC9RYW1qS0p2Nld5
|
|
||||||
UnVUb0xYTTYrVmxXQ2lMUG5rK3owOXJxMkR1MkZORQotPiA7emJcOi8tZ3JlYXNl
|
|
||||||
CjJlQXdqdVpsc3NIZmxlcU1YOXZmM2xsSHE0Vm1qK3ovcThaTlBYREgKLS0tIENr
|
|
||||||
TFN1MGlRbVM4NWZ4YWFJc0tWR3prUVZaVGkveW5taFdGWjZqZkZJS0kKSaZHvA62
|
|
||||||
8AclIn54Dic5oyFpzGBIm321rTRsVWPmdTPkWiFpTEYdIFBJXAkpl3zC/exGPrZe
|
|
||||||
ZRUAUT0rxIfx/9OlF3NkrcwAI4crdeDd9HQzMnQFAw8CXVs=
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
18
secrets/home/wifi/env.age
Normal file
18
secrets/home/wifi/env.age
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IElkcVZ1USAxUzBy
|
||||||
|
a2JEcmZtQ01mcCsvWFdJVVdHNUtpcmtza05RY0dqcFl4VjFuY2dvCmZGRkxTK2ZK
|
||||||
|
ZFZpVEVvODB5d0dTTWx6aGtkTTBQMDJ6c3g0VkFSTzIyaEEKLT4gc3NoLWVkMjU1
|
||||||
|
MTkgV2Y4dmp3IFZoY0tZY2hVK3RGQmpNNzA4aDk3dElUY3FoMUhtMXEyMUxsUWFG
|
||||||
|
Um1XR1UKMGVCdzZzM0Z1YitMeml5VVZlNGpGODNORFpuNEg5Vkk0WGppa1Zndkw4
|
||||||
|
NAotPiBYMjU1MTkgQVFWT0I1QjRudzFJM2g3azg3YmQ4K0l2VEZ5aVNuRHlqS0Uy
|
||||||
|
OG9qL0pUUQpqcldkUUE0WWZvM1dxb1kzTU5LTlc1YmFISlJ3cm56N1RzSFhFdHlO
|
||||||
|
RnZVCi0+IHNzaC1lZDI1NTE5IHZNbmJsZyBxMGpXTVJNNGFMMGYyS2tLa2Rob1c1
|
||||||
|
NnkvMExEa0ZJMjN6NlhtVGF5TXhFCk8xUTIrS2tWSUxrMlQwZS9aQnMxQmdXWGZa
|
||||||
|
T08zekxsV0U4VERpN3lid00KLT4gc3NoLWVkMjU1MTkgQjdiZXhBIEExMW9yRzVH
|
||||||
|
aUp1bk1tc1NnOHZhVitLUTZ0Q2xUZEZLc3U2Q1ZjYVJSRjQKQlBzN2gweU9wMWJ1
|
||||||
|
KzRKakxELzhtVGFNclNkM3dsYVhoc0NGOGtXWU02MAotPiB6Y3FwYH5gNi1ncmVh
|
||||||
|
c2UgPzdlfGYgTgpNQQotLS0gMlZwNnFtbHo5TktOS0VaQ1UreHE1UkdaVzZwU0Ix
|
||||||
|
ZzdaNWtIZXdQYTgrZwppSUDjMQFsi8Lr6oOWFCbh8+FXBy+APg1LdcbJdRFowx0Z
|
||||||
|
MvSRLkiZw91J+1qQLZOoeKAzp5JE42aGU9dJTfxCixsU2QY9oX3Y/QE3JUWAj1ms
|
||||||
|
0GOUg9U4hg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
|
@ -1,16 +0,0 @@
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IElkcVZ1USByZnZh
|
|
||||||
NFhQSEZqSFdsNnRHT2Y0VEtrWUkyVG54aUNwUEQxNk5VYmU1S21vCngxeUFLVTVx
|
|
||||||
QXR2U2paQmE3SERyWjViOENrNnRyaUxQS2dKSHg2NVdIRUkKLT4gc3NoLWVkMjU1
|
|
||||||
MTkgV2Y4dmp3IEdKbWNLRnJ5aWZvamJNY2hnTENvUUExQnIxMzVrejNua3Mvc3Zp
|
|
||||||
c2plV2MKZVJuNW5UOVIxZUlUOUc1dmFKbHJSaWhRYTQwNXkzdkp5WWwwWVhxbjNR
|
|
||||||
SQotPiBYMjU1MTkgOXB3Wk83ZGtRNWpCUFZlQXBDb09ycXlnbjNmNXRjYWF6Q21V
|
|
||||||
dG5MOThDZwp0RTFZRk9uZnFqakQvSU94cGlPSHd4WTBkQS9GODJIRWV6OWdTclpP
|
|
||||||
UFpFCi0+IHNzaC1lZDI1NTE5IHZNbmJsZyBkdG5qU2g5SUFrMUhtRW50blZ1eThx
|
|
||||||
eTRVNFUyTHVtMlpFQkR3YllkZkRRCmdhb3h6Q1hKdFJXR0duQ2xLbXZ1alZxOWZV
|
|
||||||
dzA0aXgwdnlZbzdqR0p2dmsKLT4gQFpANy8hLWdyZWFzZQpQc1p5SU1hZ0l1TzdC
|
|
||||||
TDlWSW5HbFZvNHRTNVh2U2xZcHVzMmxaWG5jZ200Vy94elZKVkd1cTYzeTgvRWp3
|
|
||||||
N0w5ClRDSQotLS0gRUtqVXJ2d0VGT2srQUx2SmJxckRXbWZMZlhZbU9ZcVNhVFJE
|
|
||||||
SjZpYTNzSQqogzeEZyuK0GpIxT5ZRkfzuPaoXYL5ayljbXoPCtwZNdCLX6a0Yrna
|
|
||||||
2XX9IQF4oKf5Zb5hALG0KznFrtnF0+QmbOO1sp93TDSaiexQ1A==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
|
@ -1,17 +0,0 @@
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IElkcVZ1USBVNHMv
|
|
||||||
MncvRmNpUjVRT2k2d0ZPbWVPOTdjWlJkMDMwYjQrUWxVRGpyWTNjClBLMnk4MTZp
|
|
||||||
YXlVR1A0ajhIV3NDTEFRNkVPZmo1WWs0VWk2ZFRTS0QxWWcKLT4gc3NoLWVkMjU1
|
|
||||||
MTkgV2Y4dmp3IHArZ1ZmNlFTRjBJV1JjWFlhMUg4UkdqcTBqTHJsYXV2dmJ5eWNZ
|
|
||||||
Z2hHSDQKOWdyZFdTSXozSndhK1pkaE81VVl2QncwdnlteUtla1RrUXlRNW90TDZl
|
|
||||||
dwotPiBYMjU1MTkgK2gzb2FseHNwQ010a2x0QzBEcWx5VUs3TWcyYWQ2MHB6WGs2
|
|
||||||
Zzl2Nm1qVQo2TTdWMllsenM2MnRQZk5YWE9kSEY3YVFvd0FYbnlNdncxcDZhUkNY
|
|
||||||
OU1NCi0+IHNzaC1lZDI1NTE5IHZNbmJsZyBNaFpKK1YzTzdZbUpmUTJ0V0NjeUo4
|
|
||||||
eThYSzFZTFhCSEtYWGFUbmgvakI4CkdNMmp5WnZOMmpWQy9JQjBJU21DbTFHUTJ2
|
|
||||||
b2NoTlRpR21BR3B1MlhiMmcKLT4gKS1ncmVhc2UgVgphcDJYdjZWNnArVEJGUExF
|
|
||||||
dnRob2UxTE1hTXQ5Y0lmSXBwQTNRYjF5WTkrWjZEZnhuVDFTWkNkOUpWZTUyVzRv
|
|
||||||
CktaNmp1elI2TEN4ZmdubEU1em5hRDUvdi9BcWRHVmhWZWdXWG5PaisKLS0tIGxZ
|
|
||||||
aVlXbmFLK3QyRHBsUVhVdEQvalpOeTFTcWJCNVd6QnhtdW9YWFA3c00KwrHWxx7T
|
|
||||||
O9MvLcn3YRXtyeoW+x8V3rOP2kHBXgMZql14lhrMqHy1x2znW6nuOw6KLcBI9ZM9
|
|
||||||
KmbyPo8m8uL+b9/J7HirLjG0CgTfCdM=
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
5
secrets/privkey.age
Normal file
5
secrets/privkey.age
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> scrypt th81mkn70Q70CNNhfmD7xA 18
|
||||||
|
NhPSSlSyViXXKmHCTuXhdMl9sJfSsdIxuLg4g6UNx8M
|
||||||
|
--- AEH6wKJ8ta2Ww/hGziO+nQY5Hjb+sm2Iaqub/JY4gGo
|
||||||
|
W¤Œ¸€ùàÚ›TªzdýêPë÷å•QÄ…‘ì6<C3AC>˜!ï¡™7¹N¿6Û'Eî:±ãLO™)òÓ‚ó@ñ÷f’>/•p¿Ø28™dQ^•¯›Tø¡ª)t”¯_r˜ATpK„2ûðtêa„Jî;y#2êbG{·ªöW™,|£<7F> +phz©Ñò] w\ìĘ·}¦ÎD哈Xñ‹Â©Py~K>°’it>yç¾òú(wGèÑ+(êNôjÔ4¼<34>ˆ<1uó–g›D<E280BA>ád£L!0
|
|
@ -21,8 +21,7 @@ let
|
||||||
systems = [ jeeves_system limonka_system ];
|
systems = [ jeeves_system limonka_system ];
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
"home/wifi.env.age".publicKeys = users ++ systems;
|
"home/wifi/env.age".publicKeys = users ++ systems;
|
||||||
"home/jeeves_password.age".publicKeys = users ++ [ jeeves_system ];
|
"home/jeeves/user/password.age".publicKeys = users ++ [ jeeves_system ];
|
||||||
"home/wireguard/server.private.age".publicKeys = users ++ [ jeeves_system ];
|
"home/jeeves/wireguard/private.age".publicKeys = users ++ [ jeeves_system ];
|
||||||
"home/wireguard/server.public.age".publicKeys = users ++ [ jeeves_system ];
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,10 +11,11 @@
|
||||||
nix
|
nix
|
||||||
home-manager
|
home-manager
|
||||||
git
|
git
|
||||||
|
wireguard-tools
|
||||||
deploy-rs
|
deploy-rs
|
||||||
# inputs.agenix.packages.${pkgs.system}.agenix
|
# inputs.agenix.packages.${pkgs.system}.agenix
|
||||||
inputs.ragenix.packages.${pkgs.system}.ragenix
|
# inputs.ragenix.packages.${pkgs.system}.ragenix
|
||||||
wireguard-tools
|
|
||||||
rage
|
rage
|
||||||
|
inputs.agenix-rekey.packages.${pkgs.system}.agenix-rekey
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue