diff options
| author | andromeda <andromeda@lenovo> | 2026-01-01 20:21:14 +0100 |
|---|---|---|
| committer | andromeda <andromeda@lenovo> | 2026-01-01 20:21:14 +0100 |
| commit | 122a7fa174a04f30d92bfd40040d5f33fd3e7cc2 (patch) | |
| tree | db69c335462a373eff66fc204035215ee0a2b4fc | |
| parent | 49ba1149d86cc1eb22ad9e212c7f2b25e85d6c0d (diff) | |
mb?
| -rw-r--r-- | flake.nix | 1 | ||||
| -rw-r--r-- | pub-keys.nix | 14 | ||||
| -rw-r--r-- | secrets.nix | 14 | ||||
| -rw-r--r-- | secrets/secret0.age | bin | 396 -> 396 bytes | |||
| -rw-r--r-- | secrets/secret1.age | bin | 396 -> 396 bytes | |||
| -rw-r--r-- | secrets/secret2.age | bin | 396 -> 506 bytes | |||
| -rw-r--r-- | secrets/secrets.nix | 5 |
7 files changed, 18 insertions, 16 deletions
@@ -35,7 +35,6 @@ noshell, nur, nvf, - self, stylix, ... }: let diff --git a/pub-keys.nix b/pub-keys.nix new file mode 100644 index 0000000..389786b --- /dev/null +++ b/pub-keys.nix @@ -0,0 +1,14 @@ +{ + age.secrets = { + secret0.file = ./secrets/secret0.age; + secret1.file = ./secrets/secret1.age; + secret2.file = ./secrets/secret2.age; + }; + pub-keys = { + ssh = { + andromeda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJy2VD362wUcu0lKj2d6OIU8dbAna0Lu/NaAYIj8gdIA andromeda@lenovo"; + lenovo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHG4eqsLTq2os2mxfwhys3BpVnowcJrqt2CbRFzN2pJb root@lenovo"; + _109-199-104-83 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJe5ol56yC23fivSEKeK4HZQm934ROX46AM7o0aE2hMq root@vmi2998419"; + }; + }; +} diff --git a/secrets.nix b/secrets.nix index 2e435a5..fd1c166 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,17 +1,5 @@ {lib, ...}: { - config = { - age.secrets = { - secret0.file = ./secrets/secret0.age; - secret1.file = ./secrets/secret1.age; - secret2.file = ./secrets/secret2.age; - }; - pub-keys = { - ssh = { - andromeda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJy2VD362wUcu0lKj2d6OIU8dbAna0Lu/NaAYIj8gdIA andromeda@lenovo"; - lenovo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHG4eqsLTq2os2mxfwhys3BpVnowcJrqt2CbRFzN2pJb root@lenovo"; - }; - }; - }; + imports = [./pub-keys.nix]; options = { pub-keys.ssh = lib.mkOption { type = lib.types.attrsOf lib.types.str; diff --git a/secrets/secret0.age b/secrets/secret0.age Binary files differindex 4fd14de..757e7ff 100644 --- a/secrets/secret0.age +++ b/secrets/secret0.age diff --git a/secrets/secret1.age b/secrets/secret1.age Binary files differindex 3a172d3..facb97b 100644 --- a/secrets/secret1.age +++ b/secrets/secret1.age diff --git a/secrets/secret2.age b/secrets/secret2.age Binary files differindex de8612d..993e770 100644 --- a/secrets/secret2.age +++ b/secrets/secret2.age diff --git a/secrets/secrets.nix b/secrets/secrets.nix index e6859f1..309c6ac 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,9 +1,10 @@ let - pub-keys = (import ../secrets.nix).pub-keys; + pub-keys = (import ../pub-keys.nix).pub-keys; andromeda = pub-keys.ssh.andromeda; lenovo = pub-keys.ssh.lenovo; + _109-199-104-83 = pub-keys.ssh._109-199-104-83; in { "secret0.age".publicKeys = [andromeda lenovo]; "secret1.age".publicKeys = [andromeda lenovo]; - "secret2.age".publicKeys = [andromeda lenovo]; + "secret2.age".publicKeys = [andromeda lenovo _109-199-104-83]; } |