From 519963707ae3c6f8057c78cd7aa1e62cfd3db1d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= <hello@benjaminbaedorf.eu>
Date: Thu, 20 Jul 2023 23:36:40 +0200
Subject: [PATCH] feat: deploy droppie root user ssh private key via nix

---
 hosts/droppie/droppie.nix    |   7 +++++++
 secrets/droppie-ssh-root.key | Bin 0 -> 1755 bytes
 secrets/secrets.nix          |   2 ++
 3 files changed, 9 insertions(+)
 create mode 100644 secrets/droppie-ssh-root.key

diff --git a/hosts/droppie/droppie.nix b/hosts/droppie/droppie.nix
index 8c561040..1dc9804c 100644
--- a/hosts/droppie/droppie.nix
+++ b/hosts/droppie/droppie.nix
@@ -48,5 +48,12 @@ in {
       mode = "400";
       owner = "root";
     };
+
+    age.secrets."droppie-ssh-root.key" = {
+      file = "${self}/secrets/droppie-ssh-root.key";
+      path = "/home/${psCfg.user.name}/.ssh/id_ed25519";
+      mode = "400";
+      owner = psCfg.user.name;
+    };
   };
 }
diff --git a/secrets/droppie-ssh-root.key b/secrets/droppie-ssh-root.key
new file mode 100644
index 0000000000000000000000000000000000000000..fa6fde640b043bafbd4d91ae278c80a0f26959be
GIT binary patch
literal 1755
zcmYk4Ym6KP0e}@7(V>W!+M~o+k26gQ%Q-Xq-U@}?o%hbn&d$uv?936!?#|BcJa-;D
zyECJqB;_H!rVZDU2BY;64XH#hQ9()xQ42|%*3?+<4lEBf3fTCg7S4cR)E_4P|B^5H
z@^y!UrGeWI5^rLR-7k-WAvlGBrM(MbI9eKL*+K!XER<w7gsKaII~@$EY=@DkVbAS_
z4I_|hf$UhUBN!Q4q1?Dk!*XS2TL9`pl+bUK+uneu(gK4=7+(?amMF?mpR0^gw$n|k
zDOqOF|Jj1DyD*a`_N)b<YIe|cY@O`Y87wv-0fI4VY?oTD&QAI;TGXOqB@TlmH}L8S
zUdR@lfm3j+Mz1gDs)7K3dVM6CP(~yt9tN9!)@p$h)zbS-2Ss9`t(S>j>?568$DI)-
z=O;8-ZsJ+mi;;{Sc3~jyxe?m#4e^HIXZk$Gh+(ao(~G5%T%ZZKFeTlL0{S&ImauqO
z5yeV_&2%W5p0d4|bSgkdy3=f33X%em5XE*d#=40crZr}kSQWBLr-c#5C}A?9hhiy@
z=QLKS<ei>Ur(lUq{V`B3Ra8Qx6eHCdBbDy)s>qI`@t_yACw0_l5fM@?4oem-aC&Fb
zuOXt1+Mpi0E(Jk$76q`PItbmd?s-ha;51Zihj_O2|Fta)5uhqSMcml4^ztmIApM|M
zj1n7?H76!nMKa(N^m7%<jVEOnQ#`#<=cH1@rMU4hX__c&Fb+_SQiJ!w2zT%(Z6L6K
zc#b|R)cX=)YJ*lMU(yhUh2bPY!Llbd!|^2OHQHq+Pm6&#p@C2?fe1<sJOn2BmN)A9
z;Y?|iS`n?Kbsn7%^3*X^zkqag+0x)n5}4MQ77}`pRd75Iffh`3Qm5YR&?Sw))oR9d
z_zZ6O@E8sR%~d)!1~r|5XlhECkP5`m(2;=l$3_4ZsTg$tvuE}?Syf@WSvPGAb5<9N
zOr0weoLvvFDQ3{N<kStjJydx=Nn;jt1vu$e389&>N5cZZTfS9=jY0#}8CC2{zS-dw
zcMR1SkFxVgP3W*i&~6}8wk+1NxDFA9RZl^ZkER;aXyAa$%%G_*BRtxU5t!FptskN+
z#^u}95;tuYY%<%1bi?B(QX;{i`XA1aQ6i(nJYCI9MWDu6eNvVqwQNtEN><61x<yFW
z$VQ5rMr<M+X^D2%$@*rqrg*Iw%r|P7FocM4)vtr147g6ct~nVFZz)otO8R3}DHf-N
zd<@!FTV`uwFCr%`SYaW*g`;TVP?FywvuYxbu#5%P0GE?$P_I0|8lzEvP%~Lg>t`Tw
zmZMvx38F(_s&$4aUx^A<wKheYb|0g;HZ0^+p<*(y2dL9*RPKNhYczS4G)*TrL`H&8
z!b_aq@5o)SRg@W<BJyVYzaLAJfx9#e2HkM5pm-(pzFn-kpwO8;3u@Q7W!K%oZ3_Yw
z2#E}sO~L4ltGGf;Mz#Q#Bf3)qmX?+lNLywbeO*TR2!l|s-sVI#gv4B?E9CQ9fr)zk
zFr7lyfJOn}RQl38*Z%$Z{3nmy|Iq4V$>!5Xo<8!U7%XX<yC&C_(*5(l6O;Fkp1AAB
zXFvb(9m48|n}50U8EUuk4{XPKr|RFh_vKsmz4W((8~<86GxvJ^TYp}r?wFqc`8yk<
zZ?}^V*O4uA+0Sf!f;#{1A8!7^Cr)pXUO2w<YY!jXx|`VZX7Poa^tIb}fANBG@#vF&
z91piXx^l^9ytPQb=Hc6RzB~T@tI#8>^y$O@+*f&Q`IQR~{(AfL@>}{Mw|;ZuXIFlC
z;TM}Pa_aLprKc9xKle!Y{OOD9#~0}*-hSv#__;F=oR@d(9{uXvqr<Du-neh$<pXzo
z^AdXFiMiY7S1vDq;jlaTX!VUlKRs~mi_+Zde?7T+WaDt~-1`T&kUx2gSbXrl=a;#+
z@4xu<LrYg%`CHYM2j;IyK433L+u!@N`6rV1j;*cz{yV@8>TCHGcxUgAbGaQ?A14=A
z#OpTS*!#or_1$fx_1lx5sy!8aci*|kpM2)E8}9iHbs*X}Z4S2`UEKNXJ$LUBPJVP|
zTYhox@>lksoj+Fl*z)yP#LMC2OK;xw$_M_Hqt<@)v+<#x&u>4=9XNCD)$iSU>BLj_
L3i<MS<*WY&CG>}@

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index eef6775c..b04b58ce 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -49,6 +49,8 @@ in {
 
   "dyndns-droppie.key".publicKeys = droppieKeys ++ baseKeys;
 
+  "droppie-ssh-root.key".publicKeys = droppieKeys ++ baseKeys;
+
   "mopidy.conf".publicKeys = chocolatebarKeys ++ biolimoKeys ++ baseKeys;
 
   "b12f-env-secrets".publicKeys = biolimoKeys ++ chocolatebarKeys ++ baseKeys;