Alice Huston
9d82282556
* Feature/factorio (#109) * add factorio * add factorio server * add new user * fixed typo * jeeves base * allow jeeves to be built into an ISO Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * server-side fixes * Disable sops on jeeves temporarily Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * fix flake.nix inputs Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add sops for jeeves * update jeeves age key Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * efi variables fix? Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * updating sops * remove alice Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * remove richie Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * usbguard :( Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * remove iso from image Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add alice zt * restore home-manager Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * fix comment Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add jeeves key Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * restore original config Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * revert canTouchEfiVariables keeping it in line with other servers Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * removed working-config.nix * Get rid of dummy user Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * change formatter to nixfmt-rfc-style Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * update lock Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * added plex * initial format Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * removed lib.mkDefault from PermitRootLogin --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> Co-authored-by: Richie Cahill <richie@tmmworkshop.com>
56 lines
1.4 KiB
YAML
56 lines
1.4 KiB
YAML
keys:
|
|
# The PGP keys in keys/
|
|
- &admin_alice F63832C3080D6E1AC77EECF80B4245FFE305BC82
|
|
- &admin_richie 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3
|
|
|
|
# Generate AGE keys from SSH keys with:
|
|
# ssh-keygen -A
|
|
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
|
|
- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
|
|
- &jeeves age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w
|
|
- &jeeves-jr age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
|
|
|
|
admins: &admins
|
|
- *admin_alice
|
|
- *admin_richie
|
|
|
|
servers: &servers
|
|
- *jeeves
|
|
- *jeeves-jr
|
|
- *palatine-hill
|
|
|
|
# add new users by executing: sops users/<user>/secrets.yaml
|
|
# then have someone already in the repo run the below
|
|
#
|
|
# update keys by executing: sops updatekeys secrets.yaml
|
|
creation_rules:
|
|
- path_regex: systems/jeeves/secrets\.yaml$
|
|
key_groups:
|
|
- pgp: *admins
|
|
age:
|
|
- *jeeves
|
|
|
|
- path_regex: systems/jeeves-jr/secrets\.yaml$
|
|
key_groups:
|
|
- pgp: *admins
|
|
age:
|
|
- *jeeves-jr
|
|
|
|
- path_regex: systems/palatine-hill/secrets\.yaml$
|
|
key_groups:
|
|
- pgp: *admins
|
|
age:
|
|
- *palatine-hill
|
|
|
|
- path_regex: users/alice/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_alice
|
|
age: *servers
|
|
|
|
- path_regex: users/richie/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_richie
|
|
age: *servers
|