remove move root passwords to agenix
parent
e12b96cf57
commit
1d9dad78ee
|
@ -1 +0,0 @@
|
||||||
secrets.nix filter=git-crypt diff=git-crypt
|
|
|
@ -1,6 +1,5 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
let ipconf = (import ../../secrets.nix).ipconf.${config.networking.hostName};
|
{
|
||||||
in {
|
|
||||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||||
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
let secrets = import ../secrets.nix;
|
{ config, pkgs, lib, name, inputs, ... }:
|
||||||
in { config, pkgs, lib, name, inputs, ... }:
|
|
||||||
let
|
let
|
||||||
machine = name;
|
machine = name;
|
||||||
vpn = import ../vpn.nix;
|
vpn = import ../vpn.nix;
|
||||||
|
@ -14,6 +13,10 @@ in {
|
||||||
../modules/muflax-blog.nix
|
../modules/muflax-blog.nix
|
||||||
../services
|
../services
|
||||||
];
|
];
|
||||||
|
age.secrets = {
|
||||||
|
root-user-pass.file = ../../secrets/root-user-pass.age;
|
||||||
|
yorick-user-pass.file = ../../secrets/yorick-user-pass.age;
|
||||||
|
};
|
||||||
|
|
||||||
nix.nixPath = [];# "nixpkgs=${pkgs.path}" ];
|
nix.nixPath = [];# "nixpkgs=${pkgs.path}" ];
|
||||||
nix.registry.nixpkgs.flake = inputs.nixpkgs;
|
nix.registry.nixpkgs.flake = inputs.nixpkgs;
|
||||||
|
@ -26,7 +29,7 @@ in {
|
||||||
openssh.authorizedKeys.keys =
|
openssh.authorizedKeys.keys =
|
||||||
config.users.users.yorick.openssh.authorizedKeys.keys;
|
config.users.users.yorick.openssh.authorizedKeys.keys;
|
||||||
# root password is useful from console, ssh has password logins disabled
|
# root password is useful from console, ssh has password logins disabled
|
||||||
hashedPassword = secrets.pennyworth_hashedPassword; # TODO: generate own
|
passwordFile = config.age.secrets.root-user-pass.path; # TODO: generate own
|
||||||
|
|
||||||
};
|
};
|
||||||
services.timesyncd.enable = true;
|
services.timesyncd.enable = true;
|
||||||
|
@ -36,7 +39,7 @@ in {
|
||||||
extraGroups = [ "wheel" ];
|
extraGroups = [ "wheel" ];
|
||||||
group = "users";
|
group = "users";
|
||||||
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); yorick;
|
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); yorick;
|
||||||
hashedPassword = secrets.yorick_hashedPassword;
|
passwordFile = config.age.secrets.yorick-user-pass.path;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Binary file not shown.
|
@ -1,6 +1,7 @@
|
||||||
{ config, pkgs, lib, inputs, ... }:
|
{ config, pkgs, lib, inputs, ... }:
|
||||||
{
|
{
|
||||||
imports = [ inputs.nixos-mailserver.nixosModule ];
|
imports = [ inputs.nixos-mailserver.nixosModule ];
|
||||||
|
age.secrets.yorick-mail-pass.file = ../../secrets/yorick-mail-pass.age;
|
||||||
|
|
||||||
mailserver = rec {
|
mailserver = rec {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -8,7 +9,7 @@
|
||||||
domains = [ "yori.cc" "yorickvanpelt.nl" ];
|
domains = [ "yori.cc" "yorickvanpelt.nl" ];
|
||||||
loginAccounts = {
|
loginAccounts = {
|
||||||
"yorick@yori.cc" = {
|
"yorick@yori.cc" = {
|
||||||
hashedPassword = (import ../secrets.nix).yorick_mailPassword;
|
hashedPasswordFile = config.age.secrets.yorick-mail-pass.path;
|
||||||
catchAll = domains;
|
catchAll = domains;
|
||||||
aliases = [ "@yori.cc" "@yorickvanpelt.nl" ];
|
aliases = [ "@yori.cc" "@yorickvanpelt.nl" ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> X25519 gPpu3IUM4XCFLGCw0g01q4SLCR8Y06X0RUKcxw3qCWY
|
||||||
|
tif176GtYNaHhKRTcA/5mWJtagrXnKjB+aWB3RhkDy4
|
||||||
|
-> ssh-ed25519 4Ui0LA Z8AR/i/rCXoHsgCcA+qJ7OUCIljG9u9s1AvHeosCziI
|
||||||
|
l/kblqmAyuZuofz2csDaLIOjsc9qGDZW4zbC54lgJnE
|
||||||
|
-> ssh-ed25519 ZzuO9Q Ae1zb6275GCkj2y3eZDO/R35OaH/AYGpZN9jY7BCT2o
|
||||||
|
ULdKtq4v4H7C3/h1/GN1ZobLtgiXnepjIRUk/AeQD04
|
||||||
|
-> ssh-ed25519 n7yA6g BRIx6Nvp9S6XLKWOok4UM06LxFSP9aSXDtfyECncYGY
|
||||||
|
lL0sEX9hQ3spt12KA5ubQu1zzbaMrY1XqlWPfB2Sv+s
|
||||||
|
-> ssh-ed25519 dY0yIg oG+tsYKk9TrcMzy0P1571mvS8J8UspfutBo7int0uF0
|
||||||
|
suWCupM+FkKeKVDRd3ptHybUAVqnYMwXch4C0pwCYak
|
||||||
|
-> ssh-ed25519 6AxuSw oWDbYV22o2ygCa5k7KgweCOiPCpAITlz7+1x3nNmwno
|
||||||
|
TDFCdFLEGtyCEJBZnEniwbDQeEr/Vk+MjwYuILFO/OY
|
||||||
|
-> pdIe+-grease s7,&$< 8t"N$R! &y~Q( ?
|
||||||
|
GM8wkE42tIdCNDsc7pnPVhVnXqckaAQE5jF8qM2zug
|
||||||
|
--- 4mXrKFGwxnRIfetWC8pOPEiQEOImCfD2/Mox+Mz7OkU
|
||||||
|
AöÛE<C39B>R¸Ù8è½`Ó«¼0{<7B><¢D÷»4³n<C2B3>È«ß6uí+Â?!ÉŒŠörQî^} ¨ª‡õ
AbÝ<©s•A‚èªäz¸+yÖÁj¹ÕA<C395>Iæ<49>†q|ìÁšë‚û×Xå—#úËuV6cOm]ô_M]ªœê•h”ªÌ?…,
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,18 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> X25519 igjeVk7K5wMss9d8iN2VMGKzfyA8YGbw/ivdRre+mlc
|
||||||
|
PyTIOfIsw/lMTWE7boTfhcU3ptMyc/YEMNC4gc9VXwc
|
||||||
|
-> ssh-ed25519 4Ui0LA tAap3xK2PMYD/l63tSCr8RAuMgEhn27ttvLD6rOwLhk
|
||||||
|
3KHv27a82wBlFkBxjGpoRnSl6AlAVp3l5aigHLzYFv8
|
||||||
|
-> ssh-ed25519 ZzuO9Q P3oDE31Cr5ql9D1qQIL8uJfPVz8Z34nI1WRR+r3eSFs
|
||||||
|
a+vYQu6gia+k5MsVBVhfAXNdK/Pt4IxKmL+sTamq0Ls
|
||||||
|
-> ssh-ed25519 n7yA6g HdhF4DdyYUxRRzRBiafAiDal6WrP7DKlzg3t2IaL8z4
|
||||||
|
6GacnfLEbzlea8kreVbuLT+Tb14gNWhcp1mY6RUvkM4
|
||||||
|
-> ssh-ed25519 dY0yIg 6/yte4riBsTStcfe6dC/rsHDDt9FkYo3dGDXfNTN6mc
|
||||||
|
243hlNW1NMytmUaqIdFxKVbGCE9OE+Z52xmXAY7Gw+c
|
||||||
|
-> ssh-ed25519 6AxuSw sgXEUYw26qprK1UqqmSSCH3d6wSTx36tXchnvHyKsQs
|
||||||
|
kBr7+RpIvcpiLcdu+dev9JIud5fR20TEKH+DsTh+wgY
|
||||||
|
-> esWzRZ6-grease ?.lfCo <`o0)Ty Z]mJ
|
||||||
|
SvD8QrEVlF4Npprb6An3L0QBUOqb8RACypF4EcYFweoHY6JG2Y+aDnl3ua0t+0Ax
|
||||||
|
wFFo3nOCoyXiXckyo/53PNl+jp7JwS3BqHowihtn3TO9ZcLHch9vIbQVpTAezw
|
||||||
|
--- XRCsY00QWQn6g6+wP1QSL8in7DIaks72mgA3awvmPEc
|
||||||
|
¸mntÊ1¨ÒÌD±*_÷Ò,/¢Ã+”Ï«âÜ—t8Åq¯lÝ3˜zïg
I3¼¯WD$uaòŒ’GIR0b ºu<ÒßwJ‚]±«²¨m‘»ó°Ærÿ
¹oCbݳ蘬iMפf (Ô~Ä@Nêð)&·íö‡ŸwÛ<77>¯gç3XN
|
Loading…
Reference in New Issue