karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add secret detection

Browse Source 
https://docs.gitlab.com/ee/user/application_security/secret_detection/pipeline/index.html

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2024-06-14 23:42:40 +03:00
parent f89bd9e84f
commit 7bd1c06cd8
4 changed files with 15 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitlab-ci.yml
View File

@@ -1,5 +1,6 @@
stages: stages:
- build - build
- test
cache: &global_cache cache: &global_cache
key: key:
@@ -17,3 +18,6 @@ build:
<<: *global_cache <<: *global_cache
script: script:
- nix --experimental-features 'nix-command flakes' flake check - nix --experimental-features 'nix-command flakes' flake check
include:
- template: Jobs/Secret-Detection.gitlab-ci.yml

20
README.md
View File

@@ -25,7 +25,7 @@ The below installation example is for a fresh `eirene-vm` virtual machine.
```sh ```sh
mkdir -p /mnt/persist/etc/ssh mkdir -p /mnt/persist/etc/ssh
ssh-keygen -t ed25519 -f /mnt/persist/etc/ssh/ssh_host_ed25519_key ssh-keygen -t ed25519 -f /mnt/persist/etc/ssh/ssh_host_ed25519_key
cp /mnt/persist/etc/ssh/ssh_host_ed25519_key /host/hosts/eirene/vm/secrets/ssh_host_ed25519_key cp /mnt/persist/etc/ssh/ssh_host_ed25519_key /host/hosts/eirene/secrets/ssh_host_ed25519_key
``` ```
4. Update `sops` Configuration 4. Update `sops` Configuration
@@ -49,18 +49,18 @@ The below installation example is for a fresh `eirene-vm` virtual machine.
- Known Hosts - Known Hosts
```sh ```sh
# Add to hosts/common/default.nix.programs.ssh.knownHosts # Add to hosts/common/default.nix.programs.ssh.knownHosts
cp /mnt/persist/etc/ssh/ssh_host_ed25519_key.pub /host/hosts/eirene/vm/secrets/ssh_host_ed25519_key.pub cp /mnt/persist/etc/ssh/ssh_host_ed25519_key.pub /host/hosts/eirene/secrets/ssh_host_ed25519_key.pub
``` ```
- SSH Keys - SSH Keys
```sh ```sh
# Generate a new SSH key pair for every user in the current system for every existing host that will connect to the new host # Generate a new SSH key pair for every user that will connect to the newly added user@host combinations
# Add to hosts/eirene/vm/default.nix.users.users.nick.openssh.authorizedKeys.keyFiles # Add to hosts/eirene/default.nix.users.users.nick.openssh.authorizedKeys.keyFiles
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_eirene-vm_nick ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_eirene_nick
``` ```
6. Install NixOS 6. Install NixOS

2
hosts/common/default.nix
View File

@@ -68,7 +68,7 @@
libraries = [ ]; libraries = [ ];
}; };
ssh.knownHosts = { ssh.knownHosts = {
eirene-vm.publicKeyFile = ../eirene/vm/secrets/ssh_host_ed25519_key.pub; eirene.publicKeyFile = ../eirene/secrets/ssh_host_ed25519_key.pub;
}; };
}; };

0
hosts/eirene/vm/secrets/ssh_host_ed25519_key.pub → hosts/eirene/secrets/ssh_host_ed25519_key.pub
View File