fix sops & change ssh key

2024-07-22 16:01:11 -04:00 · 2024-07-22 16:01:11 -04:00 · 1200a7093f
commit 1200a7093f
parent 5ab530f9be
6 changed files with 12 additions and 11 deletions
--- a/flake.lock
+++ b/flake.lock
@ -419,10 +419,10 @@
    "mysecrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1720910245,
-        "narHash": "sha256-xACM/LGDLmgy8JQIPWojb5KOiIqbQpofX9WUbGQHiZE=",
+        "lastModified": 1721677492,
+        "narHash": "sha256-VQBIEuO01t4Tq4We5ER9/GV/mbHXVQSf3zD7s6vwSqY=",
        "ref": "main",
-        "rev": "2f617698545719fd26f7fc074a0da1e6673e62d9",
+        "rev": "1e1c10a8bd978220aa4cea5c3a13f726971276f2",
        "shallow": true,
        "type": "git",
        "url": "ssh://git@192.168.1.203:2222/deva/secrets.git"
--- a/os/configuration.nix
+++ b/os/configuration.nix
@ -21,18 +21,18 @@ in {
  # sops.age.generateKey = true;

  # This file below is the only file that needs to be copied over (for sops support)
-  sops.age.keyFile = "/home/${config.users.users.me.name}/.config/sops/age/keys.txt";
+  sops.age.keyFile = "/etc/sops-keys.txt";
  sops.secrets = {
-    id_dev = {
+    id_deva = {
      owner = config.users.users.me.name;
      inherit (config.users.users.me) group;
-      path = "/home/${config.users.users.me.name}/.ssh/id_dev";
+      path = "/home/${config.users.users.me.name}/.ssh/id_deva";
    };
    user_password = {
      neededForUsers = true;
    };
  };
-  home-manager.users.me.home.file.".ssh/id_dev.pub".text = builtins.readFile ./id_dev.pub;
+  home-manager.users.me.home.file.".ssh/id_deva.pub".text = builtins.readFile ./id_deva.pub;
  users.mutableUsers = false;
  users.users.me.hashedPasswordFile = config.sops.secrets.user_password.path;

@ -145,6 +145,7 @@ in {
    ];
    files = [
      "/etc/machine-id"
+      "/etc/sops-keys.txt"
    ];
  };

--- a/os/dev/default.nix
+++ b/os/dev/default.nix
@ -136,7 +136,7 @@ in {
          host = "gitlab.com github.com 192.168.1.203";
          identitiesOnly = true;
          identityFile = [
-            "~/.ssh/id_dev"
+            "~/.ssh/id_deva"
          ];
        };
      };
--- a/os/id_dev.pub
+++ b/os/id_dev.pub
@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJRVqaCvz582ioiqnNELKIrGy4RkJ4IVorYlJ98iuZz hi@dessa.dev
--- a/os/id_deva.pub
+++ b/os/id_deva.pub
@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPVwUob8DTgkccFqWNU2XJEf3xlFPOKef+43+56W5UGj hi@dessa.dev
--- a/os/users.nix
+++ b/os/users.nix
@ -16,7 +16,7 @@
    desktopEnvironment = "gnome";
    obs = true;
    authorizedKeys = [
-      (builtins.readFile ./id_dev.pub)
+      (builtins.readFile ./id_deva.pub)
    ];
    packages = with pkgs; [
      nom
@ -34,7 +34,7 @@
    shell = "zsh";
    extraGroups = [];
    authorizedKeys = [
-      (builtins.readFile ./id_dev.pub)
+      (builtins.readFile ./id_deva.pub)
    ];
  };
 }
				`@ -1 +0,0 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJRVqaCvz582ioiqnNELKIrGy4RkJ4IVorYlJ98iuZz hi@dessa.dev`
				`@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPVwUob8DTgkccFqWNU2XJEf3xlFPOKef+43+56W5UGj hi@dessa.dev`