Skip to content

Commit

Permalink
fix: add vin to agenix
Browse files Browse the repository at this point in the history
  • Loading branch information
@rafaelsgirao
rafaelsgirao committed Jun 14, 2024
1 parent a19afd8 commit 7f6d487
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 15 deletions.
6 changes: 0 additions & 6 deletions hosts/sazed/hardware.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,12 +113,6 @@
};
};

# Mount legacy partitions.
# fileSystems."/home-state" = {
# device = "neonrgpool/safe/home";
# fsType = "zfs";
# };

fileSystems."/pst".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
}
Expand Down
4 changes: 2 additions & 2 deletions hosts/vin/machine.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@
};

boot.initrd.postDeviceCommands = lib.mkIf (!config.boot.initrd.systemd.enable) (lib.mkAfter ''
zfs rollback -r neonrgpool/local/root@blank
zfs rollback -r zpool/local/root@blank
'');

# boot.crashDump.enable = true;
Expand All @@ -110,7 +110,7 @@
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
zfs rollback -r neonrgpool/local/root@blank && echo " >> >> rollback complete << <<"
zfs rollback -r zpool/local/root@blank && echo " >> >> rollback complete << <<"
'';
};

Expand Down
2 changes: 1 addition & 1 deletion modules/dei.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ in
security.pki.certificateFiles = [ "${RNLCert}" ];
age.secrets = {
RNLDEI-wg = {
file = "${hostSecretsDir}/RNLDEI-wireguard.age";
file = "${hostSecretsDir}/../RNLDEI-wireguard.age";
owner = "root";
group = "systemd-network";
mode = "0640";
Expand Down
15 changes: 9 additions & 6 deletions secrets/secrets.nix
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
let
rg-scout = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFDT738i9yW4X/sO5IKD10zE/A4+Kz9ep01TkMLTrd1a";

# Unsupported by agenix:
#rg-yubikey-1-rk = "[email protected] AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEwOBxayZyd/zGYyoTRN2rdIQM71nzVT3lISg2pNfrZRAAAABHNzaDo=";

users = [ rg-scout ];
users = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFDT738i9yW4X/sO5IKD10zE/A4+Kz9ep01TkMLTrd1a rg@scout"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJi2uB1uGKJSSVYq0zM1i26l5Lr+dWw1M+I73v9kdhNzdE995c8a4uIl0J5eU+3XV4LJP/AFLv1eRBaVInTVGQ8= rg@sazed-TPM"
];

scout = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlOwjvhd+yIUCNLtK4q3nNT3sZNa/CfPcvuxXMU02Fq";

Expand All @@ -14,7 +15,9 @@ let

sazed = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL98QtOSOE5mmB/EXHsINd5mHc46gkynP2FBN939BlEc root@sazed";

workstations = [ scout sazed ];
vin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHRXa7/kHjUK8do4degCAvq1Ak2k3BGIn1kLYtjbQsjk root@vin";

workstations = [ scout sazed vin ];

servers = [ spy saxton ];

Expand All @@ -23,11 +26,13 @@ let
spy
saxton
sazed
vin
];
in
{
#so ugly!

"RNLDEI-wireguard.age".publicKeys = workstations ++ users;
"wakatime-config.age".publicKeys = systems ++ users;
"ACME-env.age".publicKeys = systems ++ users;
"sendmail-pass.age".publicKeys = systems ++ users;
Expand All @@ -43,7 +48,6 @@ in
"scout/RGNet-key.age".publicKeys = [ scout ] ++ users;
"scout/RGNet-cert.age".publicKeys = [ scout ] ++ users;
"scout/unFTP-creds.age".publicKeys = [ scout ] ++ users;
"scout/RNLDEI-wireguard.age".publicKeys = [ scout ] ++ users;

#Spy secrets
"spy/ENV-attic.age".publicKeys = [ spy ] ++ users;
Expand Down Expand Up @@ -71,7 +75,6 @@ in
"saxton/ENV-bolsas-scraper.age".publicKeys = [ saxton ] ++ users;
"saxton/HC-alive.age".publicKeys = [ saxton ] ++ users;
"saxton/HC-bolsas.age".publicKeys = [ saxton ] ++ users;
# "saxton/HC-sirpt.age".publicKeys = [ saxton ] ++ users;
"saxton/ENV-sirptDNSBL.age".publicKeys = [ saxton ] ++ users;
"saxton/ENV-vaultwarden.age".publicKeys = [ saxton ] ++ users;
"saxton/Mailserver-pwd-rafael.age".publicKeys = [ saxton ] ++ users;
Expand Down

0 comments on commit 7f6d487

Please sign in to comment.