diff --git a/hosts/nachtigall/configuration.nix b/hosts/nachtigall/configuration.nix index ea1b774c..0aeb9a1e 100644 --- a/hosts/nachtigall/configuration.nix +++ b/hosts/nachtigall/configuration.nix @@ -58,6 +58,12 @@ users.groups.hakkonaut = {}; users.users.root.initialHashedPassword = "$y$j9T$bIN6GjQkmPMllOcQsq52K0$q0Z5B5.KW/uxXK9fItB8H6HO79RYAcI/ZZdB0Djke32"; + age.secrets."nachtigall-root-ssh-key" = { + file = "${flake.self}/secrets/nachtigall-root-ssh-key.age"; + path = "/root/.ssh/id_ed25519"; + mode = "400"; + owner = root; + }; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database diff --git a/secrets/nachtigall-root-ssh-key.age b/secrets/nachtigall-root-ssh-key.age new file mode 100644 index 00000000..359a86f7 Binary files /dev/null and b/secrets/nachtigall-root-ssh-key.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 46909246..d65cdd1c 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -20,6 +20,9 @@ let nachtigall-host ]; in { + # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBB5XaH02a6+TchnyQED2VwaltPgeFCbildbE2h6nF5e root@nachtigall + "nachtigall-root-ssh-key.age".publicKeys = nachtigallKeys ++ baseKeys; + "mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ baseKeys; "mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ baseKeys; "mastodon-vapid-private-key.age".publicKeys = nachtigallKeys ++ baseKeys;