forked from pub-solar/infra
Merge pull request 'feat: add declarative root ssh key on nachtigall' (#46) from feat/declarative-root-ssh-nachtigall into main
Reviewed-on: pub-solar/infra#46 Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
This commit is contained in:
commit
65a660117a
|
@ -58,6 +58,12 @@
|
||||||
users.groups.hakkonaut = {};
|
users.groups.hakkonaut = {};
|
||||||
|
|
||||||
users.users.root.initialHashedPassword = "$y$j9T$bIN6GjQkmPMllOcQsq52K0$q0Z5B5.KW/uxXK9fItB8H6HO79RYAcI/ZZdB0Djke32";
|
users.users.root.initialHashedPassword = "$y$j9T$bIN6GjQkmPMllOcQsq52K0$q0Z5B5.KW/uxXK9fItB8H6HO79RYAcI/ZZdB0Djke32";
|
||||||
|
age.secrets."nachtigall-root-ssh-key" = {
|
||||||
|
file = "${flake.self}/secrets/nachtigall-root-ssh-key.age";
|
||||||
|
path = "/root/.ssh/id_ed25519";
|
||||||
|
mode = "400";
|
||||||
|
owner = root;
|
||||||
|
};
|
||||||
|
|
||||||
# This value determines the NixOS release with which your system is to be
|
# This value determines the NixOS release with which your system is to be
|
||||||
# compatible, in order to avoid breaking some software such as database
|
# compatible, in order to avoid breaking some software such as database
|
||||||
|
|
BIN
secrets/nachtigall-root-ssh-key.age
Normal file
BIN
secrets/nachtigall-root-ssh-key.age
Normal file
Binary file not shown.
|
@ -20,6 +20,9 @@ let
|
||||||
nachtigall-host
|
nachtigall-host
|
||||||
];
|
];
|
||||||
in {
|
in {
|
||||||
|
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBB5XaH02a6+TchnyQED2VwaltPgeFCbildbE2h6nF5e root@nachtigall
|
||||||
|
"nachtigall-root-ssh-key.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
|
||||||
"mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
"mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
"mastodon-vapid-private-key.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"mastodon-vapid-private-key.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
|
Loading…
Reference in a new issue