diff --git a/README.md b/README.md index cd59b4d..0d37b40 100644 --- a/README.md +++ b/README.md @@ -1 +1,11 @@ # vmimages + +Create new SSH HOST KEYS + +sudo ssh-keygen -q -N "" -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key +sudo ssh-keygen -q -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key + +TODO + +swtich to ed25519 +ssh-to-age? https://github.com/Mic92/ssh-to-age \ No newline at end of file diff --git a/flake.lock b/flake.lock index 98d90f2..b148107 100644 --- a/flake.lock +++ b/flake.lock @@ -1,49 +1,6 @@ { "nodes": { - "agenix": { - "inputs": { - "darwin": "darwin", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1676599101, - "narHash": "sha256-CKS6UsOGhoNxGDBt9wyFiWHvtng/+BMAJ4G8ahhe1DE=", - "owner": "ryantm", - "repo": "agenix", - "rev": "de657061b13cf329c57a1a9730a5049a971b40b3", - "type": "github" - }, - "original": { - "owner": "ryantm", - "repo": "agenix", - "type": "github" - } - }, - "darwin": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1673295039, - "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", - "owner": "lnl7", - "repo": "nix-darwin", - "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", - "type": "github" - }, - "original": { - "owner": "lnl7", - "ref": "master", - "repo": "nix-darwin", - "type": "github" - } - }, - "deploy-rs": { + "deploy": { "inputs": { "flake-compat": "flake-compat", "nixpkgs": [ @@ -148,6 +105,43 @@ "type": "github" } }, + "lowdown-src": { + "flake": false, + "locked": { + "lastModified": 1633514407, + "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=", + "owner": "kristapsdz", + "repo": "lowdown", + "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8", + "type": "github" + }, + "original": { + "owner": "kristapsdz", + "repo": "lowdown", + "type": "github" + } + }, + "nix": { + "inputs": { + "lowdown-src": "lowdown-src", + "nixpkgs": "nixpkgs", + "nixpkgs-regression": "nixpkgs-regression" + }, + "locked": { + "lastModified": 1670334625, + "narHash": "sha256-sQ9C101CL/eVN5JgH91ozHFWU4+bXr8/Fi/8NQk6xRI=", + "owner": "NixOS", + "repo": "nix", + "rev": "ef800f1e73602c0f10951dd789b97e750f37afc0", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "2.12.0", + "repo": "nix", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1636849918, @@ -184,6 +178,21 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1676924492, + "narHash": "sha256-78278eyP55JRFe7UCpmFwdkrTY6H2arzTpVeteWo8kM=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "d24ea777c57b69c6b143cf11d83184ef71b0dbbf", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixos-wsl": { "inputs": { "flake-compat": "flake-compat_2", @@ -208,20 +217,36 @@ }, "nixpkgs": { "locked": { - "lastModified": 1676569297, - "narHash": "sha256-2n4C4H3/U+3YbDrQB6xIw7AaLdFISCCFwOkcETAigqU=", + "lastModified": 1657693803, + "narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ac1f5b72a9e95873d1de0233fddcb56f99884b37", + "rev": "365e1b3a859281cf11b94f87231adeabbdd878a2", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-22.05-small", "repo": "nixpkgs", "type": "github" } }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1676771332, @@ -239,6 +264,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1676569297, + "narHash": "sha256-2n4C4H3/U+3YbDrQB6xIw7AaLdFISCCFwOkcETAigqU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ac1f5b72a9e95873d1de0233fddcb56f99884b37", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1676549890, "narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=", @@ -256,19 +297,20 @@ }, "root": { "inputs": { - "agenix": "agenix", - "deploy-rs": "deploy-rs", + "deploy": "deploy", "flake-utils": "flake-utils", "home-manager": "home-manager", + "nix": "nix", "nixos-generators": "nixos-generators", + "nixos-hardware": "nixos-hardware", "nixos-wsl": "nixos-wsl", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "sops-nix": "sops-nix" } }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable" }, "locked": { diff --git a/secrets/keys/hostname b/secrets/keys/hostname new file mode 100644 index 0000000..f3df851 --- /dev/null +++ b/secrets/keys/hostname @@ -0,0 +1,2 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + diff --git a/shell.nix b/shell.nix index 1470265..e25333d 100644 --- a/shell.nix +++ b/shell.nix @@ -9,7 +9,7 @@ }: mkShell { - sopsPGPKeyDirs = [ "./nixos/secrets/keys" ]; + sopsPGPKeyDirs = [ "./secrets/keys" ]; nativeBuildInputs = [ python3.pkgs.invoke ssh-to-pgp