karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add secret detection

Browse Source 
https://docs.gitlab.com/ee/user/application_security/secret_detection/pipeline/index.html

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2024-06-14 23:42:40 +03:00
parent f89bd9e84f
commit 7bd1c06cd8
4 changed files with 15 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitlab-ci.yml
View File

@@ -1,5 +1,6 @@
stages:
- build
- test
cache: &global_cache
key:
@@ -17,3 +18,6 @@ build:
<<: *global_cache
script:
- nix --experimental-features 'nix-command flakes' flake check
include:
- template: Jobs/Secret-Detection.gitlab-ci.yml

20
README.md
View File

@@ -25,7 +25,7 @@ The below installation example is for a fresh `eirene-vm` virtual machine.
```sh
mkdir -p /mnt/persist/etc/ssh
ssh-keygen -t ed25519 -f /mnt/persist/etc/ssh/ssh_host_ed25519_key
cp /mnt/persist/etc/ssh/ssh_host_ed25519_key /host/hosts/eirene/vm/secrets/ssh_host_ed25519_key
cp /mnt/persist/etc/ssh/ssh_host_ed25519_key /host/hosts/eirene/secrets/ssh_host_ed25519_key
```
4. Update `sops` Configuration
@@ -49,18 +49,18 @@ The below installation example is for a fresh `eirene-vm` virtual machine.
- Known Hosts
```sh
# Add to hosts/common/default.nix.programs.ssh.knownHosts
cp /mnt/persist/etc/ssh/ssh_host_ed25519_key.pub /host/hosts/eirene/vm/secrets/ssh_host_ed25519_key.pub
```
```sh
# Add to hosts/common/default.nix.programs.ssh.knownHosts
cp /mnt/persist/etc/ssh/ssh_host_ed25519_key.pub /host/hosts/eirene/secrets/ssh_host_ed25519_key.pub
```
- SSH Keys
```sh
# Generate a new SSH key pair for every user in the current system for every existing host that will connect to the new host
# Add to hosts/eirene/vm/default.nix.users.users.nick.openssh.authorizedKeys.keyFiles
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_eirene-vm_nick
```
```sh
# Generate a new SSH key pair for every user that will connect to the newly added user@host combinations
# Add to hosts/eirene/default.nix.users.users.nick.openssh.authorizedKeys.keyFiles
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_eirene_nick
```
6. Install NixOS

2
hosts/common/default.nix
View File

@@ -68,7 +68,7 @@
libraries = [ ];
};
ssh.knownHosts = {
eirene-vm.publicKeyFile = ../eirene/vm/secrets/ssh_host_ed25519_key.pub;
eirene.publicKeyFile = ../eirene/secrets/ssh_host_ed25519_key.pub;
};
};

0
hosts/eirene/vm/secrets/ssh_host_ed25519_key.pub → hosts/eirene/secrets/ssh_host_ed25519_key.pub
View File