karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add keys

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2024-12-19 12:35:31 +00:00
parent 211c5b7192
commit 84a7667097
7 changed files with 91 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/common/user/configs/console/gpg-agent/default.nix
View File

@@ -10,6 +10,10 @@
}:
{
home-manager.users.${user} = {
# gpg --full-generate-key
# gpg --list-secret-keys --keyid-format LONG
# gpg --export-secret-keys -a $signature > priv.key
# gpg --export -a $signature > pub.key
programs.gpg = {
enable = true;
homedir = "${home}/.local/share/gnupg";

2
hosts/common/user/configs/console/gpg-agent/import-gpg-keys.sh
View File

@@ -1,6 +1,6 @@
install -d -m 700 "${GNUPGHOME}"
for dir in "${HOME}"/.config/sops-nix/secrets/gpg-agent/*; do
for dir in "${HOME}"/.config/sops-nix/secrets/gpg/*; do
keyfile="${dir}/key"
passfile="${dir}/pass"

24
hosts/common/user/configs/console/ssh/default.nix Normal file
View File

@@ -0,0 +1,24 @@
{
user ? throw "user argument is required",
home ? throw "home argument is required",
}:
{
config,
lib,
pkgs,
...
}:
{
home-manager.users.${user} = {
programs.ssh = {
enable = true;
addKeysToAgent = "yes";
userKnownHostsFile = lib.strings.concatStringsSep " " [
../../../../../eirene/secrets/ssh_host_ed25519_key.pub
../../../../../elara/secrets/ssh_host_ed25519_key.pub
];
};
services.ssh-agent.enable = true;
};
}

21
hosts/eirene/users/nick/default.nix
View File

@@ -29,6 +29,7 @@ in
(import ../../../common/user/configs/console/pipewire { inherit user home; })
(import ../../../common/user/configs/console/ranger { inherit user home; })
(import ../../../common/user/configs/console/sops { inherit user home; })
(import ../../../common/user/configs/console/ssh { inherit user home; })
(import ../../../common/user/configs/console/syncthing { inherit user home; })
(import ../../../common/user/configs/console/tmux { inherit user home; })
(import ../../../common/user/configs/console/tree { inherit user home; })
@@ -105,8 +106,24 @@ in
sopsFile = ../../../../secrets/personal/secrets.yaml;
path = "${home}/.config/git/cookies";
};
"gpg-agent/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml;
"gpg-agent/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
"ssh/personal/git/key" = {
sopsFile = ../../../../secrets/personal/secrets.yaml;
path = "${home}/.ssh/ssh_git_personal_ed25519_key";
};
"ssh/personal/git/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
"gpg/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml;
"gpg/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
};
programs.ssh.matchBlocks = {
"github.com" = {
hostname = "github.com";
user = "git";
identityFile = "${home}/.ssh/ssh_git_personal_ed25519_key";
extraOptions.StrictHostKeyChecking = "accept-new";
};
};
theme.wallpaper = ../../../../static/wallpapers/clouds.png;

42
hosts/elara/users/nikara/default.nix
View File

@@ -27,6 +27,7 @@ in
(import ../../../common/user/configs/console/pipewire { inherit user home; })
(import ../../../common/user/configs/console/ranger { inherit user home; })
(import ../../../common/user/configs/console/sops { inherit user home; })
(import ../../../common/user/configs/console/ssh { inherit user home; })
(import ../../../common/user/configs/console/tmux { inherit user home; })
(import ../../../common/user/configs/console/tree { inherit user home; })
(import ../../../common/user/configs/console/wget { inherit user home; })
@@ -99,14 +100,51 @@ in
sopsFile = ../../../../secrets/personal/secrets.yaml;
path = "${home}/.config/git/cookies";
};
"gpg-agent/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml;
"gpg-agent/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
"ssh/personal/git/key" = {
sopsFile = ../../../../secrets/personal/secrets.yaml;
path = "${home}/.ssh/ssh_git_personal_ed25519_key";
};
"ssh/personal/git/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
"gpg/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml;
"gpg/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
# SAS
"globalprotect/server".sopsFile = ../../../../secrets/sas/secrets.yaml;
"globalprotect/email".sopsFile = ../../../../secrets/sas/secrets.yaml;
"globalprotect/password".sopsFile = ../../../../secrets/sas/secrets.yaml;
"globalprotect/gateway".sopsFile = ../../../../secrets/sas/secrets.yaml;
"ssh/sas/git/key" = {
sopsFile = ../../../../secrets/sas/secrets.yaml;
path = "${home}/.ssh/ssh_git_sas_ed25519_key";
};
"ssh/sas/git/pass".sopsFile = ../../../../secrets/sas/secrets.yaml;
};
programs.ssh.matchBlocks = {
# Personal
"github.com/karaolidis" = {
hostname = "github.com";
user = "git";
identityFile = "${home}/.ssh/ssh_git_personal_ed25519_key";
extraOptions.StrictHostKeyChecking = "accept-new";
};
# SAS
"github.com" = {
hostname = "github.com";
user = "git";
identityFile = "${home}/.ssh/ssh_git_sas_ed25519_key";
extraOptions.StrictHostKeyChecking = "accept-new";
};
"gitlab.sas.com" = {
hostname = "gitlab.sas.com";
user = "git";
identityFile = "${home}/.ssh/ssh_git_sas_ed25519_key";
extraOptions.StrictHostKeyChecking = "accept-new";
};
};
theme.wallpaper = ../../../../static/wallpapers/snow.jpg;

1
scripts/add-host.sh
View File

@@ -23,6 +23,7 @@ for SOPS_FILE in $(find . -type f -name "sops.yaml"); do
done
sed -i "/knownHosts = {/a\ ${HOST}.publicKeyFile = ../../../../${HOST}/secrets/ssh_host_ed25519_key.pub;" ./hosts/common/system/configs/ssh/default.nix
sed -i "/userKnownHostsFile = lib.strings.concatStringsSep " " [/a\ \${../../../../../${HOST}/secrets/ssh_host_ed25519_key.pub}" ./hosts/common/user/configs/console/ssh/default.nix
"$(dirname "$0")/update-keys.sh" "$2"

3
scripts/remove-host.sh
View File

@@ -18,7 +18,8 @@ for SOPS_FILE in $(find . -type f -name "sops.yaml"); do
sed -i "/ - \*${HOST}/d" "${SOPS_FILE}"
done
sed -i "/${HOST}.publicKeyFile/d" ./hosts/common/system/configs/ssh/default.nix
sed -i "/${HOST}/d" ./hosts/common/system/configs/ssh/default.nix
sed -i "/${HOST}/d" ./hosts/common/user/configs/console/ssh/default.nix
"$(dirname "$0")/update-keys.sh" "$2"