crans
/
nixos
mirror of https://gitlab.crans.org/nounous/nixos
19
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

aeltheos age keys and devshells

cephiroth-v2
aeltheos 2025-02-13 18:00:49 +01:00
parent 041b9fc029
commit 7f69cd5a0a
3 changed files with 14 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
devshells/default.nix
View File

@ -1,10 +1,11 @@
{ pkgs }: { pkgs, agenix }:
pkgs.mkShell { pkgs.mkShell {
name = "nix"; name = "nix";
packages = with pkgs; [ packages = with pkgs; [
agenix agenix.packages.x86_64-linux.default
age-plugin-yubikey
nil nil
nixpkgs-fmt nixpkgs-fmt
ssh-to-age ssh-to-age

6
flake.nix
View File

@ -27,9 +27,7 @@
... ...
}: }:
flake-parts.lib.mkFlake { inherit inputs; } { flake-parts.lib.mkFlake { inherit inputs; } {
imports = [ imports = [ inputs.treefmt-nix.flakeModule ];
inputs.treefmt-nix.flakeModule
];
systems = [ "x86_64-linux" ]; systems = [ "x86_64-linux" ];
@ -85,7 +83,7 @@
}; };
devShells = { devShells = {
default = pkgs.callPackage ./devshells/default.nix { }; default = pkgs.callPackage ./devshells/default.nix { inherit (inputs) agenix; };
}; };
}; };
}; };

26
secrets.nix
View File

@ -4,6 +4,8 @@ let
korenstin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIh26Ejn/syhvReixauY8i85+XD8P9RRJrPQGEyAQ07l klin@nixos"; korenstin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIh26Ejn/syhvReixauY8i85+XD8P9RRJrPQGEyAQ07l klin@nixos";
lzebulon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJRSBsRgd/ITK2An7q1VXoeDPbcydR3FkQjHoO+1tAAO lzebulon@archframe"; lzebulon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJRSBsRgd/ITK2An7q1VXoeDPbcydR3FkQjHoO+1tAAO lzebulon@archframe";
pigeonmoelleux = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHa+ptSTNG4mnGUEGSkHTNDzyUGeiMnaWS2nDvJwrYTp ratcornu@skryre"; pigeonmoelleux = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHa+ptSTNG4mnGUEGSkHTNDzyUGeiMnaWS2nDvJwrYTp ratcornu@skryre";
aeltheos_0 = "age1yubikey1qvn7t9hplvnr2w8nsfezfqudz8gq3v8sq99dkdpzmm4a74rng5qgz4v6wzt";
aeltheos_1 = "age1yubikey1qwmt8heph3jg9sfva3yygphfw0nqed9hs8ndjsfw8yp86kwllearq9fylz2";
nounous = [ nounous = [
korenstin korenstin
@ -65,13 +67,9 @@ let
# Secrets # Secrets
commonSecrets = [ commonSecrets = [ "restic/client_env" ];
"restic/client_env"
];
acmeSecrets = [ acmeSecrets = [ "acme/env" ];
"acme/env"
];
# Fonctions utilitaires # Fonctions utilitaires
@ -80,11 +78,7 @@ let
genAttrs = genAttrs =
paths: groups: paths: groups:
builtins.foldl' ( builtins.foldl' (
acc: secret: acc: secret: acc // { "secrets/${secret}.age".publicKeys = groups ++ nounous; }
acc
// {
"secrets/${secret}.age".publicKeys = groups ++ nounous;
}
) { } paths; ) { } paths;
in in
@ -98,12 +92,10 @@ in
let let
key = hosts.${name}; key = hosts.${name};
in in
genAttrs genAttrs [
[ "restic/${name}/base-repo"
"restic/${name}/base-repo" "restic/${name}/base-password"
"restic/${name}/base-password" ] [ key ]
]
[ key ]
) )
) { } (remove "thot" hostnames) ) { } (remove "thot" hostnames)
// builtins.mapAttrs (name: value: { publicKeys = value.publicKeys ++ nounous; }) { // builtins.mapAttrs (name: value: { publicKeys = value.publicKeys ++ nounous; }) {