From fd3efa36a62913d86d5c6d063b153c6d30442805 Mon Sep 17 00:00:00 2001 From: uku Date: Wed, 22 Nov 2023 15:38:47 +0100 Subject: [PATCH] use openssh host keys for agenix --- secrets/desktop/rootPassword.age | 21 ++++++++++++--------- secrets/desktop/userPassword.age | 21 ++++++++++++--------- secrets/secrets.nix | 5 ++++- systems/desktop.nix | 2 +- 4 files changed, 29 insertions(+), 20 deletions(-) diff --git a/secrets/desktop/rootPassword.age b/secrets/desktop/rootPassword.age index d1dc86a..53f9aba 100644 --- a/secrets/desktop/rootPassword.age +++ b/secrets/desktop/rootPassword.age @@ -1,11 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRQMGFOdyBHMzNS -OGNDcFdjaFl0czhHbGRLK2RacUplZzZPeTlsbTZFdjR1UXF5TDE4CitGdzVIMElX -UHRmYmZzVE5YY3J0VzFnbUJqNGlvVGw5RXEySnJ4UzRPaHcKLT4gQS1ncmVhc2Ug -QjQ+I2UxIFgoZE5gaWUgPmNqMCApVTRFInRrCmRZdkJLTFpPU25QRk42T1piR0Vw -Z0xrOVJVY3BXTmMKLS0tIHBSSDBqSWxISXh3Q1ErK0Y4YW8yamVpQXNhQ2hxMmZY -N2J3N1NuOUxYcW8K3vxFXBdoRbsRu46x2wkht529KxYMkj0ZhuSU8DTQAtH5JMIw -NSO0CpHRzFmHleoba8K4DSGy7V2gIVFZn13KIP5adtzOnMV3S41uC+FxLFK5sph0 -HiZNZi/CqhMJh5QuEJDLMQjwQ8vh2ffLBThmO5LqkIRFJJPpeieD3inVBIX+Y0Y2 -z9gx9jzaLA== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFd5V3BRdyBHNXlJ +QjVZSDI5RVl0TWVDUFN4cnlZL1dvV0pmL01hR21UUktzK0cwQndJClBqc1N5Ujlw +UVVhWHJSYk13TjFlOUQzbmF5dkJFVGVjUmxXNFBQUnMwck0KLT4gc3NoLWVkMjU1 +MTkgVmIvYW1BIGlPL2FwQnB4ZVYvd2xEVFAyYlNxVW1jenU1Q28wU20wckQ2Y05q +bHlQRHMKZUxiN2xWd0s2RktTcXp4UXFTaCtQZHY0NTVjZ0FsQ2pITmxocE9sRXJW +RQotPiBQcUNLNDYtZ3JlYXNlICUuPHcqaSBkaHkjQyAnJ2taSCw5WyB0XHRldwph +SkIxdDFBdFZxdEZGTURHYzJoanVIVmxHQjBTN1ZrcFJlRXRCS3Q1Wkk4TS9FRmds +YjA4WnMzMFVKZDNSbW53CjlZSXJETWFuLzVuQwotLS0gcm1PaVB0eUxRQXJKQ0x5 +R2tPMllQbm93c2JSc3dTeDRBUWlqUDMwSHJQRQp8JF/S90jK26M/RUnYWRe8lP8P +ruZfFMnXP3cQcE9IBdoRWMzf1Uf3Aj3CNKDGRv6LHnapkWPGrxP0J32Q8/VLZQJn +/ibjcgya+6Tvzq/cY1iz+VhMw9bAXRwJC19cj9edl7ZlE254VdOvt2uK38aVh7lO +Y+hyLBd7TSH7XCajqtCwrXV6ZTIeGit1 -----END AGE ENCRYPTED FILE----- diff --git a/secrets/desktop/userPassword.age b/secrets/desktop/userPassword.age index faca72d..b67b4ae 100644 --- a/secrets/desktop/userPassword.age +++ b/secrets/desktop/userPassword.age @@ -1,11 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRQMGFOdyBnSzhu -cGYwM3VFajVCOGhGa3hTcktTa1VhbkplZFhnc3ppZXlSWExFRUI4Ci9qT3MydUt0 -NzVsWUZMcDZ6U3htMkIyUXg0eWNnMXR0ZzF4UVlEdkMxNHMKLT4gLiVZLWdyZWFz -ZSAmPTZnbEsgezU7YHx+IGY8XzQtayA2WApjMlZ5M1FYVFg3MjRydlZwam9XUGYv -Y2swNHBsZXdsZDUrb2tjNEpyOUtuck5wL0tSTHh0akxBckJvRWt6RitvCmM0ZS9s -Skh1bWg5by84L3VEV0tXdnM3MSs5ZW4xSnorWUgzbHFPUQotLS0gSjMrVVc2S2oy -Sy9GMUY1WUlYZ3gxZmFTOHl6K01PMjV2ejR3Umtyb3VPMAptrFOjuXbeqLlmYz16 -qY2HtGPorPUszQcd4ZSJMM7thcPHxsohLsvmCpRGrSMkY5B5ehbSu6GkdZYpBuON -x98uVRNYoXP9t3Kv+V9jOVWZnnU6A29dBQ2xQGl40Au/8tmwdGgqZMLtLdOZ +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFd5V3BRdyBjMXZY +d2w5ek1SbS9hNHpIN1JNajM4ZmFyZ1pLbExDSVdsM01PWkxZNUZnCmRaWWJKUVBt +SCtMbTZJOHN5TVRRNVFWYnBoTXpKYis5OWY1VWkvZVJINTgKLT4gc3NoLWVkMjU1 +MTkgVmIvYW1BIENtZW0wREpyM0VqeXdaM0FUcHQydXNuWUt1Snc4VTNlRFZDSFEz +T01ja3MKWXhmQk0zTzVpMTZlNTBFcGhrblNwS1I2N3NqSGliMWZYMnZCUGtUenpy +WQotPiBQLWdyZWFzZSBxeWtBInEpPSA9Zlt9KT4vICEsLlRLUjhHCnR0SURGbzVB +aDQ5UDhCeFVKNk1BUkJKVDg1NGx5a05XZkFUb3FOdUlLd0FrMjBUNVM3eGRSZjBw +UkFWODVHZWoKdWFQNWY4THhTNjBITHluT2RZNnBxaFYwRE5Ga0RmVkR1enNqOHZO +Umt0VFpoQ1dzaG1UVHFkdzBtQWxiZUxqcApIQmErCi0tLSBONVhSQjl5RmxNTml5 +ZGZ1MXQ1aFY2TEJPU1o5dFl3NXkrRy9ZRFQ3Ny84CvqQqRz3ALqi1zsAhikcH8vj +gLd9u064SGS5ZHSj52BhjYp3ss4f+qpWmWtMcqxf8YJizVR1Djv8/3MZZV67IuhW +YLuZe7k1Fh8NiZ+dJ9ViooBi2+5ebNsjHLu6n4hyM01V23YQAYMbczk= -----END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 51de529..83c8963 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,5 +1,8 @@ let - main = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+7+KfdOrhcnHayxvOENUeMx8rE4XEIV/AxMHiaNUP8 uku3lig"]; + main = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHETiSgdsFFub534ChUKrY3U1ApAlyM7jqFmj3qN65so root@fuji" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPbRi03uVAVzqEI5zc8QmP3uthcC1ep55gQL+nQPrEvv root@kilimandjaro" + ]; server = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdyRFBTdyCCMQ7I75TyO9voxrrreXQTXtSw+iCRf4XI root@vesuvio"] ++ main; in { diff --git a/systems/desktop.nix b/systems/desktop.nix index b6462e2..4166bcb 100644 --- a/systems/desktop.nix +++ b/systems/desktop.nix @@ -102,7 +102,7 @@ in { security.rtkit.enable = true; age = { - identityPaths = ["/home/${username}/.ssh/id_ed25519"]; + identityPaths = ["/etc/ssh/ssh_host_ed25519_key"]; secrets = let base = ../secrets/desktop;