Merge pull request 'feat: add declarative root ssh key on nachtigall' (#46) from feat/declarative-root-ssh-nachtigall into main

Reviewed-on: #46 Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2023-11-05 20:54:39 +00:00 · 2023-11-05 20:54:39 +00:00 · 65a660117a
parent a9beccc31f d011cb04e1
commit 65a660117a
3 changed files with 9 additions and 0 deletions
--- a/hosts/nachtigall/configuration.nix
+++ b/hosts/nachtigall/configuration.nix
@ -58,6 +58,12 @@
  users.groups.hakkonaut = {};

  users.users.root.initialHashedPassword = "$y$j9T$bIN6GjQkmPMllOcQsq52K0$q0Z5B5.KW/uxXK9fItB8H6HO79RYAcI/ZZdB0Djke32";
+  age.secrets."nachtigall-root-ssh-key" = {
+    file = "${flake.self}/secrets/nachtigall-root-ssh-key.age";
+    path = "/root/.ssh/id_ed25519";
+    mode = "400";
+    owner = root;
+  };

  # This value determines the NixOS release with which your system is to be
  # compatible, in order to avoid breaking some software such as database
--- a/secrets/nachtigall-root-ssh-key.age
+++ b/secrets/nachtigall-root-ssh-key.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -20,6 +20,9 @@ let
    nachtigall-host
  ];
 in {
+  # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBB5XaH02a6+TchnyQED2VwaltPgeFCbildbE2h6nF5e root@nachtigall
+  "nachtigall-root-ssh-key.age".publicKeys = nachtigallKeys ++ baseKeys;
+
  "mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ baseKeys;
  "mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ baseKeys;
  "mastodon-vapid-private-key.age".publicKeys = nachtigallKeys ++ baseKeys;