Alice Huston
46a605d12e
* Add artemision Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * blank config.nix for alice Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * move alice config Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * move alice config Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * fix slack (artemision) Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * fix unipicker (artemision) Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * fix vscode (artemision) Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add wired-notify (not currently working, artemision) Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * change formatter to nixfmt-rfc-style Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * update lock Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * initial format Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * artemision settings Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add artemision files Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * artemision initial setup * artemision initial setup * sops generation Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * sops updates Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * sops updates Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * fix breaking changes, add framework module Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * formatting and friends Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add boot, mutable users is true * fmt * Add desktop/framework dependencies Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * enable sops * sops/ethernet fixes * update subs * cache key fix & mutable users * temp neovim * zsh changes Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * dependency fixes, zsh.nix * zsh fixes for home-manager Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * minor zsh fixes * minor zsh/home fixes * cleanup * typo from merge Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * formatting Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * remove owner Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * non-server :) Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add display manager Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * switch to gdm Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * wayland errors Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * fix formatting Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * remove ZFS unstable Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * zsh reorg Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * wayland enable Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add boot partition options Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * wayland agian Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * nix format Signed-off-by: ahuston-0 <aliceghuston@gmail.com> --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> Co-authored-by: ahuston-0 <alice.huston@gmail.com>
69 lines
1.8 KiB
YAML
69 lines
1.8 KiB
YAML
keys:
|
|
# The PGP keys in keys/
|
|
- &admin_alice F63832C3080D6E1AC77EECF80B4245FFE305BC82
|
|
- &admin_richie 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3
|
|
|
|
# Generate AGE keys from SSH keys with:
|
|
# ssh-keygen -A
|
|
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
|
|
- &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
|
|
- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
|
|
- &jeeves age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w
|
|
- &jeeves-jr age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
|
|
|
|
admins: &admins
|
|
- *admin_alice
|
|
- *admin_richie
|
|
|
|
servers: &servers
|
|
- *jeeves
|
|
- *jeeves-jr
|
|
- *palatine-hill
|
|
|
|
# add new users by executing: sops users/<user>/secrets.yaml
|
|
# then have someone already in the repo run the below
|
|
#
|
|
# update keys by executing: sops updatekeys secrets.yaml
|
|
creation_rules:
|
|
- path_regex: systems/jeeves/secrets\.yaml$
|
|
key_groups:
|
|
- pgp: *admins
|
|
age:
|
|
- *jeeves
|
|
|
|
- path_regex: systems/jeeves-jr/secrets\.yaml$
|
|
key_groups:
|
|
- pgp: *admins
|
|
age:
|
|
- *jeeves-jr
|
|
|
|
- path_regex: users/alice/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_alice
|
|
age:
|
|
- *palatine-hill
|
|
- *jeeves
|
|
- *jeeves-jr
|
|
- *artemision
|
|
|
|
- path_regex: systems/palatine-hill/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_alice
|
|
age:
|
|
- *palatine-hill
|
|
|
|
- path_regex: users/alice/systems/artemision/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_alice
|
|
age:
|
|
- *artemision
|
|
|
|
- path_regex: users/richie/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_richie
|
|
age: *servers
|