diff --git a/README.md b/README.md index 91dbf08..9481874 100644 --- a/README.md +++ b/README.md @@ -8,8 +8,7 @@ sudo ssh-keygen -q -N "" -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key sudo ssh-keygen -q -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key Local -sudo cat /etc/ssh/ssh_host_rsa_key|ssh-to-pgp -o nixos/secrets/keys/hostname -ssh hostname "cat /etc/ssh/ssh_host_rsa_key"|ssh-to-pgp -o nixos/secrets/keys/hostname +nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age' diff --git a/hosts/wsl2/secrets.yaml b/hosts/wsl2/secrets.yaml new file mode 100644 index 0000000..bbd3fff --- /dev/null +++ b/hosts/wsl2/secrets.yaml @@ -0,0 +1,48 @@ +hello: ENC[AES256_GCM,data:Ud5OrxfxTTd+hODqAVPNQ+uBm1TfoZBOX4Kuf9sYesdXvVAXfRs7nfl/oc1CxA==,iv:7OkyOuVdF/EP935qEKoCajBOjj2vXcZIta0w+cA/oRo=,tag:E5gdJgq4mID80VEWUFzy0g==,type:str] +example_key: ENC[AES256_GCM,data:/RfLk6gTT0kIMCBSoQ==,iv:j3Vfq0YUSpUX69enVUM/YIw8nf2VFmywZTrqsUCz9V8=,tag:zxWFJcASmACnNi4UzSgADg==,type:str] +#ENC[AES256_GCM,data:840IJuzeLeueawtP2Fsu7w==,iv:eyGxQuV7VjOu/28Rhgjo4brcgCad4QVCEVwebrLvUaY=,tag:B7AKsAOAZ3+Z5PYGIoRIyg==,type:comment] +example_array: + - ENC[AES256_GCM,data:ej1qqKCsOHC2gFUFOoI=,iv:wUSGEUaGsa2jfvPAbcfxPdFNzfvqBYTemNB5479lobg=,tag:T3vR3SzqwxIqG/NFbrODAg==,type:str] + - ENC[AES256_GCM,data:iems8hE9Rwdra7nQzcc=,iv:9SUJFkhM8auxdgPiHoiNfN9+kyCzVglx1Ct2Z0vSMDI=,tag:DsXhv4/ynPZEFk/xd4oYEA==,type:str] +example_number: ENC[AES256_GCM,data:6XOMhg2zcxpEbA==,iv:Eaz/c+v6jldx34IrJSVx35htQQ94VLIUuQCqXKpnZus=,tag:S6/1ZaLOEuzkg5ukImfnVw==,type:float] +example_booleans: + - ENC[AES256_GCM,data:dnmmWA==,iv:4wpHwmjngwWOZs+Bel+4R4U1gythHK6+eklxac6vE9A=,tag:hr+4s/mD/pio5NqEae83QQ==,type:bool] + - ENC[AES256_GCM,data:bUDlFik=,iv:Z1nxFy0Oin+iSaWvkf3S7mhOREz9hgtOBKHMdmrErLo=,tag:wlNXVZzNv35OcRpq63pcSw==,type:bool] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1jvqe2j70h97844nkz34z9k4epx3uahx50cx75ss8mty2dnxlrf7qqv9a0g + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZ3pIMFREMVYrUFRDWHZC + a2Fkc2hESllPWjVVejNEWlMrR0hON1NSclhZCjRmOWNsTHBIUFdVSFlLMzhGbXJj + ZHBDVmVIWnd6YWc4VzBOK013TXNtbVEKLS0tIEZacjBaS3pzemZubXBscXdKbWVO + R2licUlGUmoxRmlsUTVKRytHZVNlejgKerHAPjXKYvX8aNDH87s6IX25XtdI6wlI + mnrQJc++j6UxQ+d01g8MijCGATuj3dh92dbU3RtXuL66SBYGoTsqDA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1jvf8rd8krchw3ph0w2let8clvyuzcdhq2ug6sm7tx86refc2z5vq4w6lxr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaNm16TmN0bHRTK2gzOTN2 + dm5oRmZpdFg4RGZSeDlXUHBzeVFET2lYcUJNCnlweER4WmhDbVVRSXNiL2M5d3pi + REJpTjE2Z3E1azI4eXBQMlgwajNDSWcKLS0tIFN3NXFnc3BnVDVpdFdOUmRlRE0z + cWx0RW9nZzR2SWxsQitsOC9TWXF1b2MKAjhh/efzeQ8dyXEgiSWNYtrZVpyRUFO4 + 0O42tC/d/64iE3RVEN3+spkod4iMT0WAD3riCvPJMbtYnBb827ehYA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1e0g0rrfdmp5f8f4xgkyp8zgxw2v5t3ldlm2t822xekdz0z6qj49q6aesuw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1UlBrVTJNV0JQOWlGZGRG + VWtQcHhNZFZyRURiV1NqdGNiRmhnR0JyaERrCnRpbEs0UlNrVkhuTXFiMEh0ZFhZ + emJ4NDFhRzJUM0xqOGNFUytTS2VWYW8KLS0tIEI0NXFwZnhjV0dKbUdUNG8xWmow + a2xBNkVCNFRqbSswK09nMUNpMld2Y0EKoITJ8ZDf+RbFLhtrrz00wRqdh/gw+z7+ + RWPAlEzcuTLw4qyLTymCtyStUMTC29O+y5kz4dcyOLUyu5qAG4IEPg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-02-22T20:23:22Z" + mac: ENC[AES256_GCM,data:4UNFXIZMpz2B+6L36p+6EIq6qrk3O2jhoqKiRdWHtEPS19DLcStvbG43JZSbQDt8JdUnZ3+vtx22wnCjxZ2sR1gMqEZZIieMuP4zqzdRjbnlaLs8PSvGIvQD66xcF4isJWuP9VhTM99DvlgZnlIRWb45HLhsL4w7bIo5f1vtuzo=,iv:MYgAL+fbYOlbqWUpFUvQcX2AMHrXsCBuSu2ImBv+sPQ=,tag:HSSrxA9mpeLOdcPS1LwemQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/outputs.nix b/outputs.nix index edcbd02..f4f791b 100644 --- a/outputs.nix +++ b/outputs.nix @@ -14,6 +14,7 @@ devShell = pkgs.callPackage ./shell.nix { inherit (sops-nix.packages."${pkgs.system}") sops-import-keys-hook ssh-to-pgp sops-init-gpg-key; inherit (deploy.packages."${pkgs.system}") deploy-rs; + inherit pkgs; }; })) // { nixosConfigurations = import ./configurations.nix (inputs // { diff --git a/secrets/keys/STUPC_WSL_NIXOS b/secrets/keys/STUPC_WSL_NIXOS deleted file mode 100644 index f851793..0000000 --- a/secrets/keys/STUPC_WSL_NIXOS +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -xsFNBAAAAAABEAC4mmn7K7t/5YwUiMCPfJtK7mX1k2sQoKNAmltJ434c6sgvAf/7 -o9hxugJznTjx/iRPU2at7P5cX+aK6E1GhDq0SjOCE6AiUeu7kdjqetRjYeGX2r1b -aQLOoF/IEShlukEcnVGt7BhvZawM8hKZBpcYJZM33wkWY416QLrTbr/ZFcVEVuns -zQzzTiw5IxOsYnaIKglJCOEnO/QmNup85XsQW81DCERKzRkAuTxP3bI+b2KnjbgD -flHaudE5KTPXEqy9Xgf6fHQHxAy8TtXztuT2HZcrnv7liU4jimO9UYK6ZJFY3uZY -16m40jZhE7AD+l+tn3UzyFjgHEAI+vcBGVgCEm+xDqzqDNvSTnJ29s+0kKxNBvYn -kIibEyHi2Oao/gEuMeAX+9rp5X3j4CW8nwpwxxTX0MV/halKO+P012VSKEd82PZU -GhGisPRJveAL3Z0BSgcbEgOrRXF1oSLv2C5y8kjTxxTFt94sbsFVhcMHaP1k1CJq -1mcx/g7LPfVjdep4KWpAMAWiAAkaOwSDyjzynDNphL9lndiaObkfLN6ErkIwK1KY -wdNcTZWIJcvcT/0t1tmwyrpF+ZSGMoIrJA0QATYGDmJopAB8c0Z00602wpmczFAc -50qbUuNwsaYT3n7YAAS9pf5pPR2DJ59jPxm3s50ggAFc4SJpKpTY1iURPwARAQAB -zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT -AQgAFgUCAAAAAAkQUFaEF3UkChkCGw8CGQEAAC2nEAAkoIe+ZGA5wxvQSU2wk9k3 -40w7nXN2/lk1ZDG9Mm5Q6tzThbg251Iq0ub48upv15y135IyN2AYzwDdzA/Per7t -ZqgnSqgEeStkDPJWsH+4UJTtriJyLLfPXs/Mr4qY2u39Gb8TP1tuE+Tz02HO1wuo -WyzPycHsht+d2ZlzJzpllx4xy92dPW+fWbNj+0OXSznmk4KmzhWaCpg3+jayTmnt -gn06B5qNSYlRoQp4XOKh8j/QmxjcI04RubYt4LoqoQsfIM8QEaiLawHKSQppJmUw -goorAGOodPaNBckMKXPHoK0ydb5f2zFoGTzUIdyS2ubGWnUCyuJjfnqFGZV9OzBL -/9q3C21zSJ8uZOYvXJQZhoPj8D2YJSO723hulwvwixoWmFaNagQMmrF2vXa1GsIo -2hngv+25xt1y8MlezBHBjtKwvRq2ipIVk4gujRbq+iKSesPwkHx5dvx/ORjQSLOK -g/8HhSycLwMi0lEeWzCd4djNmoBI2BqwlYM7Vw3cSg2hWk0BfRAsyB7OkGbn+rnO -F1cEqalVR2RpUq1WcyEP0rRZWxnamIo/yt30AtRdhdRavKUJC16CH7CVRKyF/2bX -g3FPoVs8PQAptscpMU6zeW/aFSHnPUX0tq0hFJGa8hoSmKfde1+U99TtQFgBQYs/ -acTELELjUPSKX4zrfoa0tw== -=7MoZ ------END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/secrets/keys/STUPC_WSL_UBUNTU_2204 b/secrets/keys/STUPC_WSL_UBUNTU_2204 deleted file mode 100644 index 054712f..0000000 --- a/secrets/keys/STUPC_WSL_UBUNTU_2204 +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -xsFNBAAAAAABEAC/oKqtIpkz+P75sonMt82XzUOCUfPDE9OlNah1AkawYFb28wsr -HZszxkraOaS9a6fxPdSbBWOKUQt4fJYr1aCCIw+ZwpAYWfAh4BJ5NqysU7Munn3O -wo+mXwN663ACQouVnzi3JnThjnvYx4aklpjG33o5Vd81Uag6lEmvYN/MXPJ28Rxq -kEoNjszyPyKdW/WOMZux+svVAF4KsoviUh9BahjP7hH4bkd1NeZPhKLJmMxn1V9+ -RBo6Mqv3PLo+t5Srlshfk9+YLpDix2FXLJz0r79NeRGnaM3UQbLt8cHPY5D5Hezy -wJp4fFLROVRqMewN+I3vYkSzGeIKsDEHl+BkdqIzTIhLq0ugCh4phZdWfNsVQ1yV -hzwlfsMy2nXqWoeFlPBrhEJQd3yAgGDcbK5aZXZ0U7MZTcOD3Y5Qsu+NdyKzO0HA -pzNZhHVLaI1Gkw4fl+oF0cOQOHc71RTkYkINR2hBQpzlJQSm0neX/aIO3+N9XR2q -kBE7kR4mxpBQFw3xvq4PUXmQCwvqojfClGPBfv2SE0h43w9BWEFR8ZYiFr6Kz3+s -OttK60tEw0wqebmEvzYNYrIQQ2pDk68uPStV+N4hrTW7ZGPN767VhWegM8FyQX/c -zdKic0EjNW4LAFzHj1aMbG0mhVA6oex4iXjONLY9Oc3p5qQJboKKl9I3hQARAQAB -zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT -AQgAFgUCAAAAAAkQSDohlgtBcGsCGw8CGQEAAMpQEABYZTkYO0tkon28c5WgernI -L9iwfgT7LJ/p1MZHWy9BxSwIo41be5/VSU8UFQQSniIsji/b3htN7AKlNlR77YCN -OLmnpMY7GHSyZm4DpmrwROGjVl4EOWe5xlcMX1pfthfNyqMCdZhgut0WQL5UZmSx -bc7qmqvf3H8K+Ooy7+hxEGmNfYni7mf7RysfHunvyUN7CfTUc0gg40ME1Vw8bLfO -1Ze9XsAnjgekiCjFqfwC6u9+ta1U49WsrJr9w/spR36g5V7zEqfxqp/atj6KgC4P -FtFWHLsibhMnA6zJaKJHVvVjsdIdngcI9GJLNFaP4Z/eHMBpQp8QbmKIpI1ID5Uv -Qx1IWiU+94SspJgu4uZNltIchYv1yt7eHL5G+WV8J8UvS1pLtraZGJc6EXGItNQ1 -x1+LyzdZehkDnPR408xajxyalniw6thuO9GHFBQ/ZhvWqS0c3/WXaLwaBD/N8YHd -KsLTo0cGhPBfAnCHlKsHvYX5nVa0mCBjYUy/tQ3P/1K6oGpb7KtOgXPEMuyMwuwt -Eec6uBocur6pWeok+jrlfjzYYm+P57BmQHLRxzZSYnVMPbX5ZmBtHbsJqvAfKqPH -KZfja7hZ7o450vFHH74rOMn1ELLDKKSmOp9qqtRWvCH2F9hykNr5X9Vz/eyU8e5a -veRjYvqnl47Sllkj2P1OJg== -=KGZX ------END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/secrets/keys/hostname b/secrets/keys/hostname deleted file mode 100644 index f3df851..0000000 --- a/secrets/keys/hostname +++ /dev/null @@ -1,2 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - diff --git a/shell.nix b/shell.nix index e25333d..6de21df 100644 --- a/shell.nix +++ b/shell.nix @@ -6,12 +6,15 @@ , deploy-rs , nixpkgs-fmt , python3 +, pkgs }: mkShell { sopsPGPKeyDirs = [ "./secrets/keys" ]; nativeBuildInputs = [ python3.pkgs.invoke + pkgs.ssh-to-age + pkgs.age ssh-to-pgp sops-import-keys-hook sops-init-gpg-key