From 1543f3efea2a313286aabf5e402b1b806301dd7d Mon Sep 17 00:00:00 2001 From: Your Name Date: Thu, 21 Mar 2024 18:30:02 +0300 Subject: [PATCH] root add openssh intelnuc & add sops --- hosts/intelnuc/configuration.nix | 4 ++++ hosts/intelnuc/sops.nix | 8 ++++---- secrets/intelnuc/main.yaml | 7 +++++-- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/hosts/intelnuc/configuration.nix b/hosts/intelnuc/configuration.nix index d9d6fef..32ac81a 100644 --- a/hosts/intelnuc/configuration.nix +++ b/hosts/intelnuc/configuration.nix @@ -19,6 +19,10 @@ extraGroups = [ "networkmanager" "wheel" "docker"]; }; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGGL2UD0frl9F2OPBiPlSQqxDsuACbAVgwH24F0KT14L delta@dlaptop" + ]; + programs.adb.enable = true; services.udev.packages = [ diff --git a/hosts/intelnuc/sops.nix b/hosts/intelnuc/sops.nix index 32e6484..95acf9f 100644 --- a/hosts/intelnuc/sops.nix +++ b/hosts/intelnuc/sops.nix @@ -7,10 +7,10 @@ defaultSopsFormat = "yaml"; secrets = { - - "nginx/graf1" = { }; - "nginx/graf2" = { }; - "nginx/kibana" = { }; + "myservice/my_subdir/my_secret" = {}; + # "nginx/graf1" = { }; + # "nginx/graf2" = { }; + # "nginx/kibana" = { }; }; }; diff --git a/secrets/intelnuc/main.yaml b/secrets/intelnuc/main.yaml index 958986f..f6655ed 100644 --- a/secrets/intelnuc/main.yaml +++ b/secrets/intelnuc/main.yaml @@ -3,6 +3,9 @@ nginx: graf1: ENC[AES256_GCM,data:FLFAf065Lcu+e64=,iv:W/jQmUEueAVkuWFaElXVILV86n25MjRlcieUOdS73Kw=,tag:UTDfnLXBtI6kSiNkdqMTew==,type:str] graf2: ENC[AES256_GCM,data:mdKFz9IMNpcfX04=,iv:34N491ELjlOlOdwpJEQNAR2mz+nrgGDnzppnyq76jeM=,tag:tLLzgjYlEpNGCISIHWEe2g==,type:str] kibana: ENC[AES256_GCM,data:oiSnQzvaRYDS/44=,iv:3XlfBMd5gAu/FIbSr5nI0fHHCmwJkFHCiPXpoZB8ycw=,tag:lDcYsjdM86Bq7TE0yByAEA==,type:str] +myservice: + my_subdir: + my_secret: ENC[AES256_GCM,data:/9KmKrM0Js5a,iv:n1xlsrjbHsiyynTjNjvPcVSQm/7YJ30S5Is7w33AKFA=,tag:WG50Y5nePaHrtijQ3muXHw==,type:str] sops: kms: [] gcp_kms: [] @@ -27,8 +30,8 @@ sops: ZkFmUUg1R0w3czMvZytud3pEajFxL00KWcIupUeVIcXhf29NAiUGmmsCminokmJM +/82FhbQwvIOCU5GlZOpCLVOFWIsMiwC3OzDv64hMHxzH4TNuiulvg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-21T14:59:29Z" - mac: ENC[AES256_GCM,data:ci8AchnKKTNU+xSb+DEz2Ts1qeLoYtwQDOjhg+A23hR0b8WOyjM3N4YZGCZue9S0VPa6LT6ZYlmWApfq684YnLUfJtS6eJ3w1gigOJNjuz+j+AHY87b4dltG10vZFR35hkfGIUAv7OgPE74L4caDG9PgoWhg/ESAuPhsXzEnnmI=,iv:l4V9f5EOKue+O7tIKgfVHxl0NwPw0D2gxnP8ZJ8ezPU=,tag:lT6BB/Ha/HKfpBPVpl8shg==,type:str] + lastmodified: "2024-03-21T15:21:14Z" + mac: ENC[AES256_GCM,data:l/I2iaLLcj3q83L/eOObxN3z+zzyy8I8cJzi9b2FRzcaMUggot0l1LdPqk6KDaEfzlOPv8N1ZtwO1oYcb1JkO1/5Ga0hqBKs4yuQUrmXYjhZa6VzY7Jd1aKRTVZZtBeW2mbENVha6Co2tSRGOQNPJM64G2oIhUv3g6WdVUSCOb0=,iv:vIcmlAqBD8Z0IWnV5m/2MBXuQIl8MdRXc4c/XvUdi34=,tag:/RT/T5VuHbxrMIcaSKhPnw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1