Set up secrets for Archie

2023-06-05 12:55:47 +02:00 · 2023-06-05 12:55:47 +02:00 · 8578615936
commit 8578615936
parent 382c8a73d0
6 changed files with 33 additions and 4 deletions
--- a/roles/common/configuration.nix
+++ b/roles/common/configuration.nix
@ -24,23 +24,23 @@
 		secrets = {
 			"ed25519" = {
 				symlink = false;
-				file = ../../secrets/Everest/host-key-ed25519;
+				file = ../../secrets/${config.networking.hostName}/host-key-ed25519;
 				path = "/etc/ssh/ssh_host_ed25519_key";
 			};
 			"rsa" = {
 				symlink = false;
-				file = ../../secrets/Everest/host-key-rsa;
+				file = ../../secrets/${config.networking.hostName}/host-key-rsa;
 				path= "/etc/ssh/ssh_host_rsa_key";
 			};
 			"ed25519-public" = {
 				symlink = false;
-				file = ../../secrets/Everest/host-key-ed25519-public;
+				file = ../../secrets/${config.networking.hostName}/host-key-ed25519-public;
 				path = "/etc/ssh/ssh_host_ed25519_key.pub";
 				mode = "0644";
 			};
 			"rsa-public" = {
 				symlink = false;
-				file = ../../secrets/Everest/host-key-rsa-public;
+				file = ../../secrets/${config.networking.hostName}/host-key-rsa-public;
 				path = "/etc/ssh/ssh_host_rsa_key.pub";
 				mode = "0644";
 			};
--- a/secrets/Archie/host-key-ed25519
+++ b/secrets/Archie/host-key-ed25519
@ -0,0 +1,14 @@
 age-encryption.org/v1
 -> ssh-ed25519 zhSyTg v0zMwf3PyU8i5Z8cKQAM8G/egqkmPONA7twvIsTtFUU
 4BlqeR6PpQrYwf7BT1UXqzaiiNwHAxsbbvX1Sk7YG7M
 -> ssh-ed25519 AuWU1Q m0nCQcYG0Jz8AeouayMRTPiQvZxWDbci88ouaaW1kBE
 FMRP4tDLTQ8wo/9j6AaVhl4/amQAjgZDPKqmtzTwHbI
 -> tR-grease jXU
 zPQZdJy9DQ9MUenFWBk
 --- NY5Z2u04JmXtfy09gfYTziCNqdXfSXQLe3n/e7wburg
 åê
 šKàQoƒa|É—·²ëÞ âÜ.ýƒùhSÞ
 ^aÉ¹L)m.	At‘}B¡RüÈ!7ÌJí¿%fÒ#f_/=´ïïÏÞd›:§‡\[ùTý<54>ãxÈ”—U³s(†:‘’ÝI¨ãˆ~-¢ºiº”-l!(íÌ®S†G¿»½^öä¹Ù¢ØVŒ¤Ú—ig¾ñ~ò™MDdn–WõqûÃ•b7¼ÃÊÖáñ‘†ôP\÷²CÎ±ˆØü½Iõþë}©ÍmsUè•4="™‚‰1Ï.Ùõ±:aT-Oo<4F>yˆ¢%v¥$iBåN—À)s8¿OV(EÇ…ì¯ôtW•i;n·€Pè7æÝQº‡çó0†Â·„tRúá+W´’1Bdé„T’òTO…W¡f>å”æ6Cß>ö<0E>´nTÂ¾ô
 ÈKÙ)åDÍ81Õi<17>lÃß3JPQw¢Õ.w\&6¢Åö¿j ”T:¥8E`,•Ò"ÔìaÒ‚<Êd<>K×rc2ä´ƒ<´ÔÞ~¹ù
 h?FŽc
 ÐÎ£Jöüto›D€Æ
--- a/secrets/Archie/host-key-ed25519-public
+++ b/secrets/Archie/host-key-ed25519-public
@ -0,0 +1,10 @@
 age-encryption.org/v1
 -> ssh-ed25519 zhSyTg Xkk6wPQm3Sm3RuNyKhnKVz/evGJtr0UwhB7m2iuhrR4
 RMheqKeCD+Py22+xmvp3Se1z84t60+6y1Bbt7uYGxFs
 -> ssh-ed25519 AuWU1Q 5l5/vuIGxW+6ZzlDKjLzNCxyiW1+Kh651xpnwjfF3FQ
 ZIx/zZZMPpO8zDW5JdkucIBVH1xK4KtoA7Kovw+bcOU
 -> 7%-grease [ wwEC MxP UF:U6Cy
 Hp7t6AxdTAfm4r/LMWAt22vOYvhfHJLX4BIB7eEUfQnNAPIx43SrK8QIrAGHWbxN
 hdO18C5g6xoE5HHz5uM5ASzUWC4Nws3OXwY
 --- 2kwRA1NakiMhvMQgkaiEiJ93SkjTmOt77m0tO+e/p/w
 Ï ^^ðè”Ià=Õð•ñÏ*Ã='çVå[$-Ä<10>ÙÕÊ²}	.’¼²=€&°<>Éºl@®l5êÇ×<C387>p¯—¯¼™IÈKVèˆN¼‡Œ“‹C¡ÔŽI¥¼š_<³g.…ïÄmf}Oá4(<28>Ñˆûöø¾@Ç;
--- a/secrets/Archie/host-key-rsa
+++ b/secrets/Archie/host-key-rsa
--- a/secrets/Archie/host-key-rsa-public
+++ b/secrets/Archie/host-key-rsa-public
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -1,5 +1,6 @@
 let
 	everest = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7GzKZIK/UAMfRjsaxWWKOBqG7sa1ttJ+Gp0zTQSBXM root@Everest";
 	archie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINuqKOfYb2lyhoQYBQbuIEyMomze872rnpxDnax8BsC5 root@Archie";
  bootsrtrap = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKloSXSeF4dNXebd93uMuiFuXRHfxo/he4+O9SFTz1s bootstrap key";
 in
 {
@ -10,4 +11,8 @@ in
 	"Everest/host-key-ed25519-public".publicKeys = [ everest bootsrtrap ];
 	"Everest/host-key-rsa".publicKeys = [ everest bootsrtrap ];
 	"Everest/host-key-rsa-public".publicKeys = [ everest bootsrtrap ];
 	"Archie/host-key-ed25519".publicKeys = [ archie  bootsrtrap ];
 	"Archie/host-key-ed25519-public".publicKeys = [ archie bootsrtrap ];
 	"Archie/host-key-rsa".publicKeys = [ archie bootsrtrap ];
 	"Archie/host-key-rsa-public".publicKeys = [ archie bootsrtrap ];
 }