karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Let's hope WSL is not against company policy

Browse Source 
If you are looking at this, you know who you are

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-08-19 11:55:35 +03:00
parent 2e6cb0a7f4
commit 0029917dfa
25 changed files with 232 additions and 274 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
scripts/add-host.sh
View File

@@ -11,16 +11,16 @@ fi
host="$1"
mkdir -p "./secrets/hosts/$host"
ssh-keygen -t ed25519 -f "./secrets/hosts/$host/ssh_host_ed25519_key" -C "root@$host" -N ""
age_key=$(ssh-to-age < "./secrets/hosts/$host/ssh_host_ed25519_key.pub")
mkdir -p "./submodules/secrets/hosts/$host"
ssh-keygen -t ed25519 -f "./submodules/secrets/hosts/$host/ssh_host_ed25519_key" -C "root@$host" -N ""
age_key=$(ssh-to-age < "./submodules/secrets/hosts/$host/ssh_host_ed25519_key.pub")
cat <<EOF > "./secrets/hosts/$host/sops.yaml"
cat <<EOF > "./submodules/secrets/hosts/$host/sops.yaml"
keys:
- hosts:
- &$host $age_key
- namespaces:
- &personal $(age-keygen -y ./secrets/domains/personal/key.txt | tr -d '\n')
- &personal $(age-keygen -y ./submodules/secrets/domains/personal/key.txt | tr -d '\n')
creation_rules:
- path_regex: .+\.(yaml|yml|json|env|ini|bin)
@@ -46,7 +46,7 @@ done
machine_id=$(uuidgen -r | tr -d -)
cat <<EOF > "./secrets/hosts/$host/.decrypted~secrets.yaml"
cat <<EOF > "./submodules/secrets/hosts/$host/.decrypted~secrets.yaml"
luks: '$luks'
machineId: $machine_id
EOF
@@ -55,11 +55,11 @@ tmp_age_key="$(mktemp)"
echo "$age_key" > "$tmp_age_key"
export SOPS_AGE_KEY_FILE="$tmp_age_key"
sops --config "./secrets/hosts/$host/sops.yaml" --encrypt "./secrets/hosts/$host/.decrypted~secrets.yaml" > "./secrets/hosts/$host/secrets.yaml"
sops --config "./submodules/secrets/hosts/$host/sops.yaml" --encrypt "./submodules/secrets/hosts/$host/.decrypted~secrets.yaml" > "./submodules/secrets/hosts/$host/secrets.yaml"
unset SOPS_AGE_KEY_FILE
rm -f "$tmp_age_key"
rm -f "./secrets/hosts/$host/.decrypted~secrets.yaml"
rm -f "./submodules/secrets/hosts/$host/.decrypted~secrets.yaml"
mkdir -p "./hosts/$host/hardware"

2
scripts/remove-host.sh
View File

@@ -11,7 +11,7 @@ fi
host="$1"
age_key=$(ssh-to-age < "./secrets/hosts/$host/ssh_host_ed25519_key.pub")
age_key=$(ssh-to-age < "./submodules/secrets/hosts/$host/ssh_host_ed25519_key.pub")
find . -type f -name "sops.yaml" | while IFS= read -r sops_file; do
sed -i "/ - &$host $age_key/d" "$sops_file"