palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sops -> pass : add syncoid ssh key

Browse source
This commit is contained in:
Ingolf Wagner 2024-05-31 22:02:52 +02:00
parent 88a791d708
commit 63aa6f5831
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
2 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
flake.nix
View file

@ -206,6 +206,15 @@
_module.args.self = self; _module.args.self = self;
_module.args.inputs = self.inputs; _module.args.inputs = self.inputs;
} }
# ssh keys
({ config, ... }: {
users.users.root.openssh.authorizedKeys.keyFiles = [
# master key
./nixos/assets/ssh/palo_rsa.pub
# backup key
"${config.clanCore.clanDir}/machines/chungus/facts/syncoid.ssh.id_ed25519.pub"
];
})
# configure nix # configure nix
({ pkgs, ... }: ({ pkgs, ... }:
{ {

4
nixos/machines/chungus/sync-syncoid.nix
View file

@ -1,4 +1,4 @@
{ config, ... }: { pkgs, config, ... }:
{ {
clanCore.facts.services.syncoid = { clanCore.facts.services.syncoid = {
@ -7,7 +7,7 @@
generator.path = with pkgs; [ coreutils openssh ]; generator.path = with pkgs; [ coreutils openssh ];
generator.script = '' generator.script = ''
ssh-keygen -t ed25519 -N "" -f $secrets/syncoid.ssh.id_ed25519 ssh-keygen -t ed25519 -N "" -f $secrets/syncoid.ssh.id_ed25519
mv $secrets/ssh.id_ed25519.pub $facts/syncoid.ssh.id_ed25519.pub mv $secrets/syncoid.ssh.id_ed25519.pub $facts/syncoid.ssh.id_ed25519.pub
''; '';
}; };