aciceri/nixfleet
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Do not use gpg for ssh keys anymore

Browse source
This commit is contained in:
Andrea Ciceri 2024-11-29 11:17:45 +01:00
parent da236805f5
commit a121569f84
Signed by: aciceri
SSH key fingerprint: SHA256:/AagBweyV4Hlfg9u092n8hbHwD5fcB6A3qhDiDA65Rg
5 changed files with 26 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
hmModules/gpg/default.nix
View file

@ -3,7 +3,6 @@
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
enableSshSupport = true; enableSshSupport = true;
sshKeys = [ "CE2FD0D9BECBD8876811714925066CC257413416" ];
extraConfig = extraConfig =
let let
pinentryRofi = pkgs.writeShellApplication { pinentryRofi = pkgs.writeShellApplication {

1
hosts/janeway/default.nix
View file

@ -46,7 +46,6 @@ in
$DRY_RUN_CMD echo ${hosts.sisko} >> "${config.user.home}/.ssh/authorized_keys" $DRY_RUN_CMD echo ${hosts.sisko} >> "${config.user.home}/.ssh/authorized_keys"
$DRY_RUN_CMD echo ${hosts.kirk} >> "${config.user.home}/.ssh/authorized_keys" $DRY_RUN_CMD echo ${hosts.kirk} >> "${config.user.home}/.ssh/authorized_keys"
$DRY_RUN_CMD echo ${users.ccr-ssh} >> "${config.user.home}/.ssh/authorized_keys" $DRY_RUN_CMD echo ${users.ccr-ssh} >> "${config.user.home}/.ssh/authorized_keys"
$DRY_RUN_CMD echo ${users.ccr-gpg} >> "${config.user.home}/.ssh/authorized_keys"
if [[ ! -d "${sshdDirectory}" ]]; then if [[ ! -d "${sshdDirectory}" ]]; then
$DRY_RUN_CMD rm $VERBOSE_ARG --recursive --force "${sshdTmpDirectory}" $DRY_RUN_CMD rm $VERBOSE_ARG --recursive --force "${sshdTmpDirectory}"

1
lib/default.nix
View file

@ -1,7 +1,6 @@
{ {
keys = { keys = {
users = { users = {
ccr-gpg = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5cEUx25pnZiH3eBrE2xNbJ92gJiKSznDUNRzcEL4ti6FlJm+75p4q0hgdqHwStR8+uCWBL6viVFCGutOVMFE5MX1Oc3A8fJdR6H9Rrwvk/1UQzqzc9tWxw1qPLKz+fnPDomjOvNofghCWQRwX3Xf1HnIqvRwELpNbR9i+/cHkDGzLJxkstbt4gol8ywMPkw02QdKk8s5MEd1vawxc+7Chs0JPW57RDqDYFErYys52JLeAViCBB9bofF+KT42LuRXKSjWlvCV9kR5TL49vUeBgzMQWMh++WQdN4m9lpqFqYyc75I49/E0HGf8LChDSS+hvRnb5MbtnVGjEA4WDHyldmJCvUNob5CUo4FjoSPRi+S/J3Ads8D4JVwaJOJEVqmMKEhiQ0Hzk4hwe3eV/VumlZj4U/QjaCrqqi4TW/iP0gNRfzcfiM+G/z5R7w1NMUpTX7oilyKjMQmGnXB857D3SSptS7dwh5OiKhVmrQMRCduooUsj236abqLU28K//RnxhOgh8kDGgoUHApnTiMZNKhgLiR42lKrubNcW1tAAqoNyFLMwwXeMLjh0iP1b5y8ntfNPNIcGb7vcwpS24z/aIjW7rQ4J7x5EBphHGhys6ne+irdhOM8c7kFr+c8+Q2oU0YAtFuMYztAFOHm1e20X00Zvys2nuee+hT9F1NungAQ== andrea.ciceri@autistici.org";
ccr-ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzCmDCtlGscpesHuoiruVWD2IjYEFtaIl9Y2JZGiOAyf3V17KPx0MikcknfmxSHi399SxppiaXQHxo/1wjGxXkXNTTv6h1fBuqwhJE6C8+ZSV+gal81vEnXX+/9w2FQqtVgnG2/mO7oJ0e3FY+6kFpOsGEhYexoGt/UxIpAZoqIN+CWNhJIASUkneaZWtgwiL8Afb59kJQ2E7WbBu+PjYZ/s5lhPobhlkz6s8rkhItvYdiSHT0DPDKvp1oEbxsxd4E4cjJFbahyS8b089NJd9gF5gs0b74H/2lUUymnl63cV37Mp4iXB4rtE69MbjqsGEBKTPumLualmc8pOGBHqWIdhAqGdZQeBajcb6VK0E3hcU0wBB+GJgm7KUzlAHGdC3azY0KlHMrLaZN0pBrgCVR6zBNWtZz2B2qMBZ8Cw+K4vut8GuspdXZscID10U578GxQvJAB9CdxNUtrzSmKX2UtZPB1udWjjIAlejzba4MG73uXgQEdv0NcuHNwaLuCWxTUT5QQF18IwlJ23Mg8aPK8ojUW5A+kGHAu9wtgZVcX1nS5cmYKSgLzcP1LA1l9fTJ1vqBSuy38GTdUzfzz7AbnkRfGPj2ALDgyx17Rc5ommjc1k0gFoeIqiLaxEs5FzDcRyo7YvZXPsGeIqNCYwQWw3+U+yUEJby8bxGb2d/6YQ== andrea.ciceri@autistici.org"; ccr-ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzCmDCtlGscpesHuoiruVWD2IjYEFtaIl9Y2JZGiOAyf3V17KPx0MikcknfmxSHi399SxppiaXQHxo/1wjGxXkXNTTv6h1fBuqwhJE6C8+ZSV+gal81vEnXX+/9w2FQqtVgnG2/mO7oJ0e3FY+6kFpOsGEhYexoGt/UxIpAZoqIN+CWNhJIASUkneaZWtgwiL8Afb59kJQ2E7WbBu+PjYZ/s5lhPobhlkz6s8rkhItvYdiSHT0DPDKvp1oEbxsxd4E4cjJFbahyS8b089NJd9gF5gs0b74H/2lUUymnl63cV37Mp4iXB4rtE69MbjqsGEBKTPumLualmc8pOGBHqWIdhAqGdZQeBajcb6VK0E3hcU0wBB+GJgm7KUzlAHGdC3azY0KlHMrLaZN0pBrgCVR6zBNWtZz2B2qMBZ8Cw+K4vut8GuspdXZscID10U578GxQvJAB9CdxNUtrzSmKX2UtZPB1udWjjIAlejzba4MG73uXgQEdv0NcuHNwaLuCWxTUT5QQF18IwlJ23Mg8aPK8ojUW5A+kGHAu9wtgZVcX1nS5cmYKSgLzcP1LA1l9fTJ1vqBSuy38GTdUzfzz7AbnkRfGPj2ALDgyx17Rc5ommjc1k0gFoeIqiLaxEs5FzDcRyo7YvZXPsGeIqNCYwQWw3+U+yUEJby8bxGb2d/6YQ== andrea.ciceri@autistici.org";
oneplus8t = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8da1Mf11vXFF0kVDgxocVoGwpHHMEs9emS9T+v8hLb oneplus8t"; oneplus8t = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8da1Mf11vXFF0kVDgxocVoGwpHHMEs9emS9T+v8hLb oneplus8t";
hercules-ci-agent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPupm00BiveTIYF6CNwuMijF5VvEaPDMjvt+vMlAy+N hercules-ci-agent"; hercules-ci-agent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPupm00BiveTIYF6CNwuMijF5VvEaPDMjvt+vMlAy+N hercules-ci-agent";

1
modules/ssh-initrd/default.nix
View file

@ -15,7 +15,6 @@
HostKey /ssh_initrd_host_ed25519_key HostKey /ssh_initrd_host_ed25519_key
''; '';
authorizedKeys = with (import ../../lib).keys; [ authorizedKeys = with (import ../../lib).keys; [
users.ccr-gpg
users.ccr-ssh users.ccr-ssh
hosts.sisko hosts.sisko
]; ];

58
secrets/secrets.nix
View file

@ -6,7 +6,6 @@ with keys.users;
{ {
"cachix-personal-token.age".publicKeys = [ "cachix-personal-token.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
mothership mothership
kirk kirk
sisko sisko
@ -15,90 +14,85 @@ with keys.users;
]; ];
"magit-forge-github-token.age".publicKeys = [ "magit-forge-github-token.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
mothership mothership
kirk kirk
]; ];
"git-workspace-tokens.age".publicKeys = [ "git-workspace-tokens.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
mothership mothership
kirk kirk
picard picard
]; ];
"hydra-admin-password.age".publicKeys = [ "hydra-admin-password.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
mothership mothership
]; ];
"hydra-github-token.age".publicKeys = [ "hydra-github-token.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
mothership mothership
]; ];
"cache-private-key.age".publicKeys = [ "cache-private-key.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
mothership mothership
]; ];
"autistici-password.age".publicKeys = [ "autistici-password.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
kirk kirk
picard picard
sisko sisko
]; ];
"hercules-ci-join-token.age".publicKeys = [ "hercules-ci-join-token.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
mothership mothership
sisko sisko
picard picard
]; ];
"hercules-ci-binary-caches.age".publicKeys = [ "hercules-ci-binary-caches.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
mothership mothership
sisko sisko
picard picard
]; ];
"hercules-ci-secrets-json.age".publicKeys = [ "hercules-ci-secrets-json.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
mothership mothership
sisko sisko
picard picard
]; ];
"minio-credentials.age".publicKeys = [ "minio-credentials.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
picard picard
sisko sisko
]; ];
"aws-credentials.age".publicKeys = [ "aws-credentials.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
picard picard
sisko sisko
]; ];
"nextcloud-admin-pass.age".publicKeys = [ "nextcloud-admin-pass.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
sisko sisko
]; ];
"home-planimetry.age".publicKeys = [ "home-planimetry.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
sisko sisko
]; ];
"home-assistant-token.age".publicKeys = [ "home-assistant-token.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
sisko sisko
]; ];
"chatgpt-token.age".publicKeys = [ "chatgpt-token.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
kirk kirk
mothership mothership
picard picard
@ -106,86 +100,86 @@ with keys.users;
]; ];
"cloudflare-dyndns-api-token.age".publicKeys = [ "cloudflare-dyndns-api-token.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
sisko sisko
]; ];
"restic-hetzner-password.age".publicKeys = [ "restic-hetzner-password.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
picard picard
sisko sisko
kirk kirk
]; ];
"hass-ssh-key.age".publicKeys = [ "hass-ssh-key.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
sisko sisko
]; ];
"grafana-password.age".publicKeys = [ "grafana-password.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
sisko sisko
]; ];
"matrix-registration-shared-secret.age".publicKeys = [ "matrix-registration-shared-secret.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
sisko sisko
]; ];
"matrix-sliding-sync-secret.age".publicKeys = [ "matrix-sliding-sync-secret.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
sisko sisko
]; ];
"forgejo-runners-token.age".publicKeys = [ "forgejo-runners-token.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
picard picard
]; ];
"forgejo-nix-access-tokens.age".publicKeys = [ "forgejo-nix-access-tokens.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
picard picard
]; ];
"garmin-collector-environment.age".publicKeys = [ "garmin-collector-environment.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
sisko sisko
]; ];
"hetzner-storage-box-sisko-ssh-password.age".publicKeys = [ "hetzner-storage-box-sisko-ssh-password.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
sisko sisko
]; ];
"sisko-restic-password.age".publicKeys = [ "sisko-restic-password.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
sisko sisko
]; ];
"sisko-attic-environment-file.age".publicKeys = [ "sisko-attic-environment-file.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
sisko sisko
]; ];
# WireGuard # WireGuard
"picard-wireguard-private-key.age".publicKeys = [ "picard-wireguard-private-key.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
picard picard
]; ];
"sisko-wireguard-private-key.age".publicKeys = [ "sisko-wireguard-private-key.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
sisko sisko
]; ];
"kirk-wireguard-private-key.age".publicKeys = [ "kirk-wireguard-private-key.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
kirk kirk
]; ];
"deltaflyer-wireguard-private-key.age".publicKeys = [ "deltaflyer-wireguard-private-key.age".publicKeys = [
ccr-ssh ccr-ssh
ccr-gpg
deltaflyer deltaflyer
]; ];
} }