nix/part/Secret.nix

{ ... }: {
	hashedPassword = "$y$j9T$oqCB16i5E2t1t/HAWaFd5.$tTaHtAcifXaDVpTcRv.yH2/eWKxKE9xM8KcqXHfHrD7"; # Use `mkpasswd`.

	ssh = {
		trustedKeys = [
			"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIL2LI1iFDZC223aWqBVz9yusfB/XrRwsBKiL5warIF/ nix-on-droid@phone"
			(builtins.readFile ./secret/public/Ssh.key)
		];

		builderKeys = [
			"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuuw5ek5wGB9KdBhCTxjV+CBpPU6RIOynHkFYC4dau3 root@dasha"
			"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIf192IxsksM6u8UY+eqpHopebgV+NNq2G03ssdXIgz root@desktop"
			"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSWdbkYsRiDlKu8iT/k+JN4KY08iX9qh4VyqxlpEZcE root@home"
			"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFgiYKFkMfiGOZCZIk+O7LtaoF6A3cHEFCqaPwXOM4rR root@work"
			"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBA+KKCkFOshUznJlXW/LDie0vZLd4b+KWodSm8N8vM+ root@laptop"
			(builtins.readFile ./secret/public/Ssh.key)
		];
	};

	crypto = {
		sign = {
			format  = "ssh";
			key     = ./secret/public/Ssh.key;
			allowed = ./secret/public/Signers.key;
		};
		publicKeys = [
			{
				source = ./secret/public/Gpg.key;
				trust  = 5;
			}
		];
	};
}
Secret : Move sshd trusted keys to secret part. 2024-04-09 04:52:17 +03:00			`{ ... }: {`
Flake : Move hashedPassword from const to secret. 2024-04-14 19:30:03 +03:00			hashedPassword = "$y$j9T$oqCB16i5E2t1t/HAWaFd5.$tTaHtAcifXaDVpTcRv.yH2/eWKxKE9xM8KcqXHfHrD7"; # Use `mkpasswd`.

NixBuilder : Use restricted user. 2024-04-14 06:44:00 +03:00			`ssh = {`
			`trustedKeys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIL2LI1iFDZC223aWqBVz9yusfB/XrRwsBKiL5warIF/ nix-on-droid@phone"`
			`(builtins.readFile ./secret/public/Ssh.key)`
			`];`

			`builderKeys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuuw5ek5wGB9KdBhCTxjV+CBpPU6RIOynHkFYC4dau3 root@dasha"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIf192IxsksM6u8UY+eqpHopebgV+NNq2G03ssdXIgz root@desktop"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSWdbkYsRiDlKu8iT/k+JN4KY08iX9qh4VyqxlpEZcE root@home"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFgiYKFkMfiGOZCZIk+O7LtaoF6A3cHEFCqaPwXOM4rR root@work"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBA+KKCkFOshUznJlXW/LDie0vZLd4b+KWodSm8N8vM+ root@laptop"`
			`(builtins.readFile ./secret/public/Ssh.key)`
			`];`
			`};`
Crypto : Add GNUPGHOME tmpfs template. 2024-04-09 14:26:36 +03:00
			`crypto = {`
			`sign = {`
Git : Configure log to show signatures. 2024-04-10 11:55:19 +03:00			`format = "ssh";`
			`key = ./secret/public/Ssh.key;`
			`allowed = ./secret/public/Signers.key;`
Crypto : Add GNUPGHOME tmpfs template. 2024-04-09 14:26:36 +03:00			`};`
			`publicKeys = [`
Gpg : Auto-import public keys. 2024-04-14 08:32:29 +03:00			`{`
			`source = ./secret/public/Gpg.key;`
			`trust = 5;`
			`}`
Crypto : Add GNUPGHOME tmpfs template. 2024-04-09 14:26:36 +03:00			`];`
			`};`
Secret : Move sshd trusted keys to secret part. 2024-04-09 04:52:17 +03:00			`}`