diff --git a/data.nix b/data.nix index a44ece6..9e1c0c0 100644 --- a/data.nix +++ b/data.nix @@ -4,22 +4,18 @@ rec { hel1a = "65.21.7.119"; }; - ssh_pubkeys = { + people = { motiejus = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+qpaaD+FCYPcUU1ONbw/ff5j0xXu5DNvp/4qZH/vOYwG13uDdfI5ISYPs8zNaVcFuEDgNxWorVPwDw4p6+1JwRLlhO4J/5tE1w8Gt6C7y76LRWnp0rCdva5vL3xMozxYIWVOAiN131eyirV2FdOaqTwPy4ouNMmBFbibLQwBna89tbFMG/jwR7Cxt1I6UiYOuCXIocI5YUbXlsXoK9gr5yBRoTjl2OfH2itGYHz9xQCswvatmqrnteubAbkb6IUFYz184rnlVntuZLwzM99ezcG4v8/485gWkotTkOgQIrGNKgOA7UNKpQNbrwdPAMugqfSTo6g8fEvy0Q+6OXdxw5X7en2TJE+BLVaXp4pVMdOAzKF0nnssn64sRhsrUtFIjNGmOWBOR2gGokaJcM6x9R72qxucuG5054pSibs32BkPEg6Qzp+Bh77C3vUmC94YLVg6pazHhLroYSP1xQjfOvXyLxXB1s9rwJcO+s4kqmInft2weyhfaFE0Bjcoc+1/dKuQYfPCPSB//4zvktxTXud80zwWzMy91Q4ucRrHTBz3PrhO8ys74aSGnKOiG3ccD3HbaT0Ff4qmtIwHcAjrnNlINAcH/A2mpi0/2xA7T8WpFnvgtkQbcMF0kEKGnNS5ULZXP/LC8BlLXxwPdqTzvKikkTb661j4PhJhinhVwnQ=="; - vno1_root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiWb7yeSeuFCMZWarKJD6ZSxIlpEHbU++MfpOIy/2kh"; }; - systems = { + hosts = { "vno1-oh2.servers.jakst" = { extraHostNames = ["dl.jakstys.lt" "vno1-oh2.jakstys.lt"]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHtYsaht57g2sp6UmLHqsCK+fHjiiZ0rmGceFmFt88pY"; + publicKey = (import ./secrets.nix).host_pubkeys."vno1-oh2.servers.jakst"; }; "hel1-a.servers.jakst" = { extraHostNames = ["hel1-a.jakstys.lt" "git.jakstys.lt" "vpn.jakstys.lt" "jakstys.lt" "www.jakstys.lt"]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6Wd2lKrpP2Gqul10obMo2dc1xKaaLv0I4FAnfIaFKu"; - }; - "mtwork.motiejus.jakst" = { - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvNuABV5KXmh6rmS+R50XeJ9/V+Sgpuc1DrlYXW2bQb"; + publicKey = (import ./secrets.nix).host_pubkeys."hel1-a.servers.jakst"; }; "zh2769.rsync.net" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd"; diff --git a/flake.nix b/flake.nix index 522d086..34f8ed9 100644 --- a/flake.nix +++ b/flake.nix @@ -58,14 +58,16 @@ agenix.nixosModules.default { + age.secrets.motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age; + age.secrets.root-passwd-hash.file = ./secrets/root_passwd_hash.age; + age.secrets.zfs-passphrase.vno1-oh2.file = ./secrets/vno1-oh2/zfs-passphrase.age; + age.secrets.borgbackup-password.file = ./secrets/hel1-a/borgbackup/password.age; age.secrets.sasl-passwd.file = ./secrets/hel1-a/postfix/sasl_passwd.age; age.secrets.turn-static-auth-secret.file = ./secrets/hel1-a/turn/static_auth_secret.age; age.secrets.synapse-jakstys-signing-key.file = ./secrets/hel1-a/synapse/jakstys_lt_signing_key.age; age.secrets.synapse-registration-shared-secret.file = ./secrets/hel1-a/synapse/registration_shared_secret.age; age.secrets.synapse-macaroon-secret-key.file = ./secrets/hel1-a/synapse/macaroon_secret_key.age; - age.secrets.motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age; - age.secrets.root-passwd-hash.file = ./secrets/root_passwd_hash.age; } ]; @@ -84,6 +86,7 @@ { age.secrets.motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age; age.secrets.root-passwd-hash.file = ./secrets/root_passwd_hash.age; + age.secrets.zfs-passphrase.hel1-a.file = ./secrets/hel1-a/zfs-passphrase.age; } ]; @@ -103,7 +106,7 @@ }; deploy.nodes.vno1-oh2 = { - hostname = "192.168.189.1"; + hostname = "vno1-oh2.servers.jakst"; profiles = { system = { sshUser = "motiejus"; diff --git a/modules/base/sshd/default.nix b/modules/base/sshd/default.nix index 8deedec..1f0621d 100644 --- a/modules/base/sshd/default.nix +++ b/modules/base/sshd/default.nix @@ -13,6 +13,6 @@ }; }; programs.mosh.enable = true; - programs.ssh.knownHosts = myData.systems; + programs.ssh.knownHosts = myData.hosts; }; } diff --git a/secrets.nix b/secrets.nix index f3a3cd8..4d77182 100644 --- a/secrets.nix +++ b/secrets.nix @@ -20,4 +20,9 @@ in { "secrets/motiejus_passwd_hash.age".publicKeys = [hel1-a vno1-oh2] ++ motiejus; "secrets/root_passwd_hash.age".publicKeys = [hel1-a vno1-oh2] ++ motiejus; + + host_pubkeys = { + "hel1-a.servers.jakst" = hel1-a; + "vno1-oh2.servers.jakst" = vno1-oh2; + }; }