From 9782c3b362c4388959864fc9e2c53d68af81b87c Mon Sep 17 00:00:00 2001 From: sinavir Date: Sun, 22 Dec 2024 11:47:04 +0100 Subject: [PATCH] fix(keys): Add nixosMachineKeys This is needed for secret encryption since netconf and liminix machines don't have an ssh key for now. --- keys/default.nix | 9 +- .../nixos/dgn-records/__arkheon-token_file | 101 +++++++++--------- modules/nixos/dgn-records/secrets.nix | 2 +- 3 files changed, 62 insertions(+), 50 deletions(-) diff --git a/keys/default.nix b/keys/default.nix index 2db0640..6e8b0a0 100644 --- a/keys/default.nix +++ b/keys/default.nix @@ -5,7 +5,9 @@ let _sources = import ../npins; - meta = import ../meta (import _sources.nixpkgs { }).lib; + inherit (import _sources.nixpkgs { }) lib; + + meta = import ../meta lib; getAttr = flip builtins.getAttr; @@ -17,6 +19,7 @@ rec { # If not, you will face an angry maintainer _keys = { # SSH keys of the nodes + ap01 = [ "" ]; bridge01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP5bS3iBXz8wycBnTvI5Qi79WLu0h4IVv/EOdKYbP5y7" ]; compute01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/YluSVS+4h3oV8CIUj0OmquyJXju8aEQy0Jz210vTu" ]; geo01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEl6Pubbau+usQkemymoSKrTBbrX8JU5m5qpZbhNx8p4" ]; @@ -99,4 +102,8 @@ rec { # List of 'machine' keys machineKeys = rootKeys ++ (getKeys (builtins.attrNames meta.nodes)); + + nixosMachineKeys = + rootKeys + ++ (getKeys (builtins.attrNames (lib.filterAttrs (_: v: v.nixpkgs.system == "nixos") meta.nodes))); } diff --git a/modules/nixos/dgn-records/__arkheon-token_file b/modules/nixos/dgn-records/__arkheon-token_file index 25c1d05..178a496 100644 --- a/modules/nixos/dgn-records/__arkheon-token_file +++ b/modules/nixos/dgn-records/__arkheon-token_file @@ -1,50 +1,55 @@ age-encryption.org/v1 --> ssh-ed25519 jIXfPA YaucboAId6lgc1Y/jV6hLyovkJQnMBnKhJ2QWAci53U -Q8RUPu4GUC5QbzTROgL9xaG3BUWO1QU/q1p0/yimBQ0 --> ssh-ed25519 QlRB9Q y1tbd/81NoECRtKwOw41Tlls5y+WSu2jGmeOlC939VM -DT1zZgWJkkIWRWxzfu4VgiGpV8CioaDKnVemowH59N4 --> ssh-ed25519 r+nK/Q dDmGkZ3Y7xAzZGKvGIyIdhD+P0tkV6SMPx3UxphoTXo -tkanRbPfu3/cuMPoTrcWBlNcu6RmK+txif+9aIRLy+s +-> ssh-ed25519 jIXfPA Fg3/a46Mon39gTFeQkn0wtxbwsTzeBUNyEAaNHd27hQ +A78ImPc4lST6bAeBmWiWxoICV4JVCJVAmKuQJySerHs +-> ssh-ed25519 QlRB9Q P1C+ZzsB4oAWkwIq2zcaqoukMMo+yFwk9g6Al32fCWM +G+M9cYya5pX64/oEbvpvha2qbQg4y8frl1i18ZIG6fY +-> ssh-ed25519 r+nK/Q r4kctDRssAYznMRxHJqu7/GoBHyibP4xWdua6KYnpU0 +l5KS9reXjT2P5iUCe0swZmK/m9Vg7VvtrK4L/TaEuAI -> ssh-rsa krWCLQ -IZGpFoWjQuQzqkS2KbpVr+fP7NLPhyaxS4yQroVEkPEZnXx2c6eH3ul218zytZld -YRBCxiCtV6VfOB2N2QGuiK7YCGl6oUfN1DePy0jPrGKsnvWBitTuqzADiGQB7aSI -ie7GgblPpi4q3ovJPgf7Bs+Mi2dKW5hiD8Jnped7rEW7SEnESkQa3Cx22Ww/UYcW -9Uj7ZaDVVbP0ZWyc41HdoJwEnV6MYMRnXUJ/qrLMCIvRaYk8UdiCDgco+XxqAnbs -iyUqCvz8iVNsWbJxK+7jJHXp0dQJRciHzSGStIVRSGx4gvuXOGjsuBMjfwoq1XoR -5PE3BnP/atHZg3CkQcC2eA --> ssh-ed25519 /vwQcQ WL0PdIIsSWzw+ar2QNXCp7Xs1NH9gUk2fSPskGC9o2I -+kHedFsYHgpsGfILtywJaIrTRj8HtHZvVyhtbRhKYC0 --> ssh-ed25519 0R97PA +G7wUHF6NJimsAxe6M9RVVTa3GLPoW1bhsgMsWXKNC8 -i++lKoe8hFFb1rilkO9lcwBJujRqFsLGDOPvbaiz6Nw --> ssh-ed25519 JGx7Ng o66YGXN0uMC2qZo1tVcEMOa4SwxNZaf4HvnGsgzlqjo -Tc4KMMrnJbybrNIkhEJz42PVHc3fVMFFSs96lKsEKCA --> ssh-ed25519 5SY7Kg P8Xp9wVJDcPdj3uSiq0yLnLMDInMeFs6XX30VwlXWlg -uJfxXOZl8EX8fjRsHZ61JMKFpYksZJucZwVaRJs7qW8 --> ssh-ed25519 p/Mg4Q yUyxue7Oda0b+CjdF9VfUCliWyzXNOsVPH7OFoHzWCw -+zi+TSojvSc+VDXZG8XXSsTezxKRNC2XHc/hGGv4baM --> ssh-ed25519 DqHxWQ 7Vnq/xidbguw/PkZPUOTHUBTe8/x4PvTjCusUe10jio -7Sl1MptpElvEA9VUj7JiVGuEWC0F3aA2rgYvfIchOB0 --> ssh-ed25519 tDqJRg udOCDV4/vszObNxcQhJ6iGiDkxgZlrBDyKt3MbibMx4 -CDDd0LNCCdYvEww/h8q2z4f5QtjnL+kJsnPFtlbiD28 --> ssh-ed25519 9pVK7Q DXqkIewHGpUUDtL2ivAoFwY/HCjoQXjxoHGPGkuFfH0 -JZ7xC2kdtnRNq8WADL2SNw/Ukezu1s4TuUbQnbP8L4o --> ssh-ed25519 /BRpBQ 9j1+wzO733ej03ra8LQOkpOyvY63UCbO9sfT6bV6+zs -2F0UjpAqgCK5JS0y0kkHX30EV8JCcjhnJ1NkW06ww4w --> ssh-ed25519 /x+F2Q wYchtMn7MCGllfiFwTrycdLEY3dl297ns26PHs7l320 -feRd57Z5k6iJ71JRHud0wyYWo3O56q4rrYZt5y3aoqA --> ssh-ed25519 +MNHsw FHfvx1FQWcsRlKrFF0SRcVZ+XG6LXBwIMcPCVeu/ZCg -w9fZGhZpEJHlf8JPcbWcNoAO9S06hi15LZxkv1dJUWk --> ssh-ed25519 rHotTw QDcThfb0AJMQBfQDbbtqm6z7BGxC4/sBioprElUTXFA -2JOFoMLcVhMoGzZDDNOTL3PBWsqVnrFx8o/W/cWuzl0 --> ssh-ed25519 +mFdtQ tWg17VH1Q4gQj/1IK9yrxjw4kRPzsp4dDHFwDKYxvDE -9H4ohD3XN4Xtk15SsZQf5k0db+yIVcWp4EV5jKsZgHI --> ssh-ed25519 0IVRbA rkMPsBgVEaiYtaBN5JzHNCPFYFKr/7dqoY+RX19+03o -baQK5t5sG8WabaCuMTZ2ZIfMTRH0jQU4l7JEyJ6H+LU --> ssh-ed25519 IY5FSQ c1+2+CMJFMw/iF2XNx5ma28KhwdKKQ9dNC1nBvFz/B0 -3AE1FQq+//dNIQfuW9BHcpfNbGn724Ydq7aJc95KmmY --> ssh-ed25519 VQSaNw t9yLak0T7FO8hgGrPWFeR3Jw0D6cPxjR5LOIcMnAmgo -869SBp0nM5v/9+Xjib6rkmmelhTBfXcyuHiAXh08AWo --> r32t]I\-grease ka<* -nkxH0w1aQ64 ---- LlTR5EcQzCLJ5trkQcomW0+soQoec/IZZNW+g5dyOo0 -M"Lmh]auq4+9;Ф-ZLH0o1E \ No newline at end of file +g+zPwOWXgd06McsOCwo2QjAQF7B7t8oCf5eA5K79Om/X63VAqakts3ilwOt9SgZk +yQYa72TP67nyljLO4tPG7u/aKIBIwitGXIIYs+ZNLq9Q0ciWvzVAhsLsfi9yE7AF +I3tnL03fES2v5sbKes/JulBQl+87065YZr67TNWRY9f7a0XQZtfewP0vOxxfJsSy +RYBpztlzAGkaWXtqk2291x7yGhKsQWXmUhxx4KqyPs+KvFm1d4GglalFjhySzCkG +Rc7Flg1ukru3Bd1/fieOWpr3DyDBQ8pZyS4gIUYLB7xcy2t1JI/U3egTQTPBCSgy +PwoWgyQ7lGLRIarTMRa1JQ +-> ssh-ed25519 /vwQcQ FOpyMB3qDu3HpjqsH2VVpInqlvJlZD35y/XNf8RkSXU +ZUxuGbwH1XtE9Da+L7SjfoYinjq0cAwsHsDaz2u5Lrg +-> ssh-ed25519 0R97PA kphmpWyiMaxGmUAH4rvFUjtf0mvseVkPPBlMqKNE3lA +F1cgXiz2UjCHU0MeS5DryvOBtxW/1DIsjw28uQ1nd3A +-> ssh-ed25519 JGx7Ng ejW0Pf2cwsitmVLY8jJUaHZ/6Qhfxa7fnYWoaWYISWk +awOvJwkkFdXuc/ikZTX6512zG91FCi+0n7KaYrULO3E +-> ssh-ed25519 bUjjig 2Gw2h1bx0TRc6CmRjY8GPgtSHRs5rl/lg394JKiWBlA +yvltWHak7XMXBmBmlelE4pF5y1saRaQJmV5IUxzaPyo +-> ssh-ed25519 DqHxWQ gh/5iRZQbmbvwWGtah4b9MK3DNe4+UNiHoXPYnw0sEQ +z/nbwMWAjsBRAzTMSS/9dPzXe1st8mQWiUlZnVmtcCw +-> ssh-ed25519 tDqJRg 0GBbdUBhJxdCICdp6WtgXW2GXfQskuxanzucrKRoBns +AW0jVC8Y8lbhycDgLzPu40kQtgb7OI7fyycLldXknwc +-> ssh-ed25519 9pVK7Q +aOx8mN/HX4F7SdNdJZjMRWiy6SIhqFkWYIo+I24cTI +IQCd6tA+bUDlnW9JsxVE02EBKj38yYDybBe24PxXr68 +-> ssh-ed25519 /BRpBQ 8UN2aIKUhi3JLhnOoOs38+a9qx+UhDnV5tYlWVF8d24 +FkScXVvXdhFbDGs2Ks0BYfj9nJpAUVPz6OhX7vkOTmI +-> ssh-ed25519 t0vvHQ wDCpgqimo5goEB9Gj5/QGQ98nTEkKy/qHyxPg3NA6Ss +sielO8aAj9ke+nZL+F/zyMUzUPn1LjtKrSkAoMW6YYE +-> ssh-ed25519 E6cGqw zbwhYf2zKgjdymEjG0sVuqQQ/CgCDnSlT72OrAUFSiw +B70dyGna1SRXvf5SLJCiZGeBiXwS9nf3LPTBkG/3fGs +-> ssh-ed25519 EEPmeQ 06lIugc0LbiXVFwbV/6GKbSnlac0ROIVNmgS2Q9MM2A +KTUmdmSXZT2D4oQQpO1qNsdOn5sH70ameln6i7Itb+A +-> ssh-ed25519 +MNHsw OMAS3ud2K1+JGVytqHp9P/i+r4apcb91Dyc+tTudpQ8 +V6T+VPSvRZ21nVtDeRkOsuP62bECSGcIm8vO3JADxVQ +-> ssh-ed25519 rHotTw JAc7ZlrFGL+DXq07YrmqY4lS5Pib31RoRTT6o7zJH04 +Y1qLn6nWk7FfkrWIiBBd7BHHp5WXHTZfq734DMUlB74 +-> ssh-ed25519 NaIdrw ZWfEZfhiXxkq6P6H2kbiVZiiPxH13Cehk+2ti9fYx08 +gMlI5Da2cgP7m2pZnHpwJiA7BVVtZgNyZnPkYqhBYHQ +-> ssh-ed25519 +mFdtQ GZQpMTZySkDwDvzpWou8nfvAtYco/v4xF+YU7LYjAAI +deNceVs+tUxiQy2JHcoOd/w6KLYnxuDwrIPoVWJ66Vo +-> ssh-ed25519 0IVRbA S917NcJZ75oqjwGMMwknUFcHYJ2TCkEt331mpOZ5DxI +khoDidhLjy1wIs+qGAfx/qH+t4ROB71QeiiUmnpZ1s8 +-> ssh-ed25519 IY5FSQ 2HjLcN2RK/dtAeHXUTu/Du4LiBH4SxpG0d6f7QCa61Y +ql6B8ZZzEaz+Czb0TRT8pF1KD7dhEv0XE9k9IJ9AgBo +-> ssh-ed25519 VQSaNw aAcXlRKzMgw847XeDTqnh+4XvApVIE183gJ2O42eohE +wndgsI85eDc+i+CBPmo2ym5koIvTMS9mOuWdLvLM3Qs +-> lm-grease -KjCZ 46y2wU x1 +1iP6 +--- MthoOm+rboJhFyo+SKFlPfwT9V3VeaKl5xQ2gs0W2ns +;ց"b/*}eg}Lq +zG~Q._X{A  \ No newline at end of file diff --git a/modules/nixos/dgn-records/secrets.nix b/modules/nixos/dgn-records/secrets.nix index d54775d..d483b14 100644 --- a/modules/nixos/dgn-records/secrets.nix +++ b/modules/nixos/dgn-records/secrets.nix @@ -2,4 +2,4 @@ # # SPDX-License-Identifier: EUPL-1.2 -{ __arkheon-token_file.publicKeys = (import ../../../keys).machineKeys; } +{ __arkheon-token_file.publicKeys = (import ../../../keys).nixosMachineKeys; }