sstent/vmimages
1
0
Fork 0
mirror of https://github.com/sstent/vmimages.git synced 2026-02-14 11:22:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:sstent/vmimages

Browse Source
This commit is contained in:
sstent
2023-02-24 11:02:42 -05:00
parent a976ca82d1 754dc9e2ba
commit d034f05fae
7 changed files with 77 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.sops.yaml
View File

@@ -2,10 +2,12 @@ keys:
- &adminkey age1jvqe2j70h97844nkz34z9k4epx3uahx50cx75ss8mty2dnxlrf7qqv9a0g - &adminkey age1jvqe2j70h97844nkz34z9k4epx3uahx50cx75ss8mty2dnxlrf7qqv9a0g
- &STUPC_WSL_UBUNTU_2204 age1jvf8rd8krchw3ph0w2let8clvyuzcdhq2ug6sm7tx86refc2z5vq4w6lxr - &STUPC_WSL_UBUNTU_2204 age1jvf8rd8krchw3ph0w2let8clvyuzcdhq2ug6sm7tx86refc2z5vq4w6lxr
- &STUPC_WSL_NIXOS age1e0g0rrfdmp5f8f4xgkyp8zgxw2v5t3ldlm2t822xekdz0z6qj49q6aesuw - &STUPC_WSL_NIXOS age1e0g0rrfdmp5f8f4xgkyp8zgxw2v5t3ldlm2t822xekdz0z6qj49q6aesuw
- &GO3_WSL_NIXOS age187fdx6pc2559tjh03jrcwp6yj8whd70h666g8a0ptyr0z49tfcsssdx6au
creation_rules: creation_rules:
- path_regex: secrets.yaml$ - path_regex: secrets.yaml$
key_groups: key_groups:
- age: - age:
- *adminkey - *adminkey
- *STUPC_WSL_UBUNTU_2204 - *STUPC_WSL_UBUNTU_2204
- *STUPC_WSL_NIXOS - *STUPC_WSL_NIXOS
- *GO3_WSL_NIXOS

20
README.md
View File

@@ -1,19 +1,19 @@
# vmimages # vmimages
based on https://samleathers.com/posts/2022-02-11-my-new-network-and-sops.html based on https://samleathers.com/posts/2022-02-11-my-new-network-and-sops.html
## Create new SSH HOST KEYS
Create new SSH HOST KEYS
sudo ssh-keygen -q -N "" -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key sudo ssh-keygen -q -N "" -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key
sudo ssh-keygen -q -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key sudo ssh-keygen -q -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
Local ## Local
nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age' `nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'`
or in nix develop
`cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'`
## Add key to .sops.yaml
## rekey a file
`sops updatekeys hosts/wsl2/secrets.yaml`
TODO
swtich to ed25519
ssh-to-age? https://github.com/Mic92/ssh-to-age

35
flake.lock generated
View File

@@ -295,6 +295,20 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": {
"locked": {
"lastModified": 1672441588,
"narHash": "sha256-jx5kxOyeObnVD44HRebKYL3cjWrcKhhcDmEYm0/naDY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6a0d2701705c3cf6f42c15aa92b7885f1f8a477f",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"root": { "root": {
"inputs": { "inputs": {
"deploy": "deploy", "deploy": "deploy",
@@ -305,7 +319,8 @@
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixos-wsl": "nixos-wsl", "nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"sops-nix": "sops-nix" "sops-nix": "sops-nix",
"vscode-server": "vscode-server"
} }
}, },
"sops-nix": { "sops-nix": {
@@ -356,6 +371,24 @@
"repo": "flake-utils", "repo": "flake-utils",
"type": "github" "type": "github"
} }
},
"vscode-server": {
"inputs": {
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1676501444,
"narHash": "sha256-H+uQetkzd5GIga56HmCDwl5eihdQgeN2jVdNrkXzDyo=",
"owner": "msteen",
"repo": "nixos-vscode-server",
"rev": "57f1716bc625d2892579294cc207956679e3d94c",
"type": "github"
},
"original": {
"owner": "msteen",
"repo": "nixos-vscode-server",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

39
hosts/wsl2/secrets.yaml
View File

@@ -17,29 +17,38 @@ sops:
- recipient: age1jvqe2j70h97844nkz34z9k4epx3uahx50cx75ss8mty2dnxlrf7qqv9a0g - recipient: age1jvqe2j70h97844nkz34z9k4epx3uahx50cx75ss8mty2dnxlrf7qqv9a0g
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZ3pIMFREMVYrUFRDWHZC YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0N0lGdFlhWUpJM1VDanUr
a2Fkc2hESllPWjVVejNEWlMrR0hON1NSclhZCjRmOWNsTHBIUFdVSFlLMzhGbXJj WW9nR0dMVHkzZkJnak5PV1pYWm5UclFOTW1FCndUQmdMeTRUVnFJZk5XUTFDOUY3
ZHBDVmVIWnd6YWc4VzBOK013TXNtbVEKLS0tIEZacjBaS3pzemZubXBscXdKbWVO MkRNZ3ZTK1c2T2Eyb0p0TlhwRDNsKzAKLS0tIGQzZ3RieVIzdnRLbjZFZTdnVS9I
R2licUlGUmoxRmlsUTVKRytHZVNlejgKerHAPjXKYvX8aNDH87s6IX25XtdI6wlI VU5RSkJjWmZpb0xnR1k2QVc4eVdvRHMKLdAHlt8kukrq2C5yKhQFH0vhOh1cCXS2
mnrQJc++j6UxQ+d01g8MijCGATuj3dh92dbU3RtXuL66SBYGoTsqDA== PpdfBCQn2pt5NHn2xfBMbZKcykbP3PNfWiiLWphuqo5jq0zKcTrMqA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jvf8rd8krchw3ph0w2let8clvyuzcdhq2ug6sm7tx86refc2z5vq4w6lxr - recipient: age1jvf8rd8krchw3ph0w2let8clvyuzcdhq2ug6sm7tx86refc2z5vq4w6lxr
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaNm16TmN0bHRTK2gzOTN2 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5MUU4MkdFVXZEUWxNZ3d5
dm5oRmZpdFg4RGZSeDlXUHBzeVFET2lYcUJNCnlweER4WmhDbVVRSXNiL2M5d3pi YVlPMTVXU0RhVmcvbG5DRlExU0hUWmtIZmo4ClJpNUlNRHNCWng2azFvQ1lBY2FZ
REJpTjE2Z3E1azI4eXBQMlgwajNDSWcKLS0tIFN3NXFnc3BnVDVpdFdOUmRlRE0z OWpZcGw4eVVmVzBwUHFQbVAxR3VLTE0KLS0tIEliS2xTZTZGRk1mVVpLMTJxc0xP
cWx0RW9nZzR2SWxsQitsOC9TWXF1b2MKAjhh/efzeQ8dyXEgiSWNYtrZVpyRUFO4 enlzeGN3R3p2Njk2b04rbTlJM3pwMnMKH5IO+BNDBm2cv5aujiHzrwnlMCD3mztz
0O42tC/d/64iE3RVEN3+spkod4iMT0WAD3riCvPJMbtYnBb827ehYA== qKSnjnhiWufT+0Ry/jmCtnpTPM0efE7dj02I3yHLBQOjLMMgA3gwyQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1e0g0rrfdmp5f8f4xgkyp8zgxw2v5t3ldlm2t822xekdz0z6qj49q6aesuw - recipient: age1e0g0rrfdmp5f8f4xgkyp8zgxw2v5t3ldlm2t822xekdz0z6qj49q6aesuw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1UlBrVTJNV0JQOWlGZGRG YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUUVoY2o0Z2x1TkRLN3hI
VWtQcHhNZFZyRURiV1NqdGNiRmhnR0JyaERrCnRpbEs0UlNrVkhuTXFiMEh0ZFhZ WTRvdTluL2FGM3poUEhJN1JWMm1mcXM1UzJJCmpOZ1BHVTZ0b0VSK0NpaTI3bWto
emJ4NDFhRzJUM0xqOGNFUytTS2VWYW8KLS0tIEI0NXFwZnhjV0dKbUdUNG8xWmow WnpZdHVyY2diQ01sTEJJVlR2Y3VveVkKLS0tIEVoeTJpS1BOTWtQVnkxdW13Zlln
a2xBNkVCNFRqbSswK09nMUNpMld2Y0EKoITJ8ZDf+RbFLhtrrz00wRqdh/gw+z7+ WlduRzlRcnFyRWFLZzU5MWFiR1FrODQKo1hsxCwzcuX9JHEE0+VUFq57t8uYY2qs
RWPAlEzcuTLw4qyLTymCtyStUMTC29O+y5kz4dcyOLUyu5qAG4IEPg== V6v6/BtMwOSQJRCR4hfOsb37f5GRjcB8ePIuT4xV7+NyZ6SQn6AiLQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age187fdx6pc2559tjh03jrcwp6yj8whd70h666g8a0ptyr0z49tfcsssdx6au
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByRGlJRU03SXEvbFdkbGNu
U0VteElBVTRyL1dSMzN1eTk4U3VtdkIrVTFvCmIxYkE3TXlCdVRvZG16QXZ4R2lJ
eWJYSjBEUTBtRTNxK3NFaElWUVk4N3cKLS0tIGIxb0JWT2xTMWFrVnZGV2Q3Vjl6
ekIrNmxVTndjRzFYbmNzcnpiMytNRVkKcUCt552xTRH7GP+X8zcv+WcKFcHJe/1G
WRQWzG3jNnjmLIGM4NwCFgUYnjHsxo8P+2KcWFZan4mnLRIq/aSwfw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-02-22T20:23:22Z" lastmodified: "2023-02-22T20:23:22Z"
mac: ENC[AES256_GCM,data:4UNFXIZMpz2B+6L36p+6EIq6qrk3O2jhoqKiRdWHtEPS19DLcStvbG43JZSbQDt8JdUnZ3+vtx22wnCjxZ2sR1gMqEZZIieMuP4zqzdRjbnlaLs8PSvGIvQD66xcF4isJWuP9VhTM99DvlgZnlIRWb45HLhsL4w7bIo5f1vtuzo=,iv:MYgAL+fbYOlbqWUpFUvQcX2AMHrXsCBuSu2ImBv+sPQ=,tag:HSSrxA9mpeLOdcPS1LwemQ==,type:str] mac: ENC[AES256_GCM,data:4UNFXIZMpz2B+6L36p+6EIq6qrk3O2jhoqKiRdWHtEPS19DLcStvbG43JZSbQDt8JdUnZ3+vtx22wnCjxZ2sR1gMqEZZIieMuP4zqzdRjbnlaLs8PSvGIvQD66xcF4isJWuP9VhTM99DvlgZnlIRWb45HLhsL4w7bIo5f1vtuzo=,iv:MYgAL+fbYOlbqWUpFUvQcX2AMHrXsCBuSu2ImBv+sPQ=,tag:HSSrxA9mpeLOdcPS1LwemQ==,type:str]

7
modules/home-manager/sstent.nix
View File

@@ -115,8 +115,11 @@ programs = {
}; };
}; };
systemd.user = lib.mkIf config.wsl.enable {
systemd.user.services.ssh-proxy = lib.mkIf config.wsl.enable { startServices = true;
services.ssh-proxy = lib.mkIf config.wsl.enable {
Unit = { Description = "WSL Proxy"; }; Unit = { Description = "WSL Proxy"; };
Service = { Service = {
ExecStart = "${pkgs.writeShellScript "start-proxy" '' ExecStart = "${pkgs.writeShellScript "start-proxy" ''
@@ -127,7 +130,7 @@ programs = {
}; };
#Install = { WantedBy = [ "default.target" ]; }; #Install = { WantedBy = [ "default.target" ]; };
}; };
};
}; ### endf home-manager }; ### endf home-manager

2
outputs.nix
View File

@@ -13,7 +13,7 @@
in in
{ {
devShell = pkgs.callPackage ./shell.nix { devShell = pkgs.callPackage ./shell.nix {
inherit (sops-nix.packages."${pkgs.system}") sops-import-keys-hook ssh-to-pgp sops-init-gpg-key; inherit (sops-nix.packages."${pkgs.system}");
inherit (deploy.packages."${pkgs.system}") deploy-rs; inherit (deploy.packages."${pkgs.system}") deploy-rs;
inherit pkgs; inherit pkgs;
}; };

6
shell.nix
View File

@@ -1,7 +1,4 @@
{ mkShell { mkShell
, sops-import-keys-hook
, ssh-to-pgp
, sops-init-gpg-key
, sops , sops
, deploy-rs , deploy-rs
, nixpkgs-fmt , nixpkgs-fmt
@@ -15,9 +12,6 @@ mkShell {
python3.pkgs.invoke python3.pkgs.invoke
pkgs.ssh-to-age pkgs.ssh-to-age
pkgs.age pkgs.age
ssh-to-pgp
sops-import-keys-hook
sops-init-gpg-key
sops sops
deploy-rs deploy-rs
nixpkgs-fmt nixpkgs-fmt