voronind/nix
0
0
Fork 0
Code Issues 40 Pull requests Packages Projects Releases Wiki Activity

Secret : Add comments.

Browse source
This commit is contained in:
Dmitry Voronin 2024-05-12 04:22:57 +03:00
parent 16d734d81e
commit a24b5bdd99
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
3 changed files with 13 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
module/android/Git.nix
View file

@ -1,12 +1,12 @@
{ secret, ... }: { { secret, ... }: {
config = { config = {
credential.helper = "store"; credential.helper = "store";
gpg.format = secret.crypto.sign.format; gpg.format = secret.crypto.sign.gih.format;
gpg.ssh.allowedSignersFile = toString(secret.crypto.sign.allowed); gpg.ssh.allowedSignersFile = toString(secret.crypto.sign.git.allowed);
init.defaultBranch = "main"; init.defaultBranch = "main";
pull.rebase = true; pull.rebase = true;
push.autoSetupRemote = true; push.autoSetupRemote = true;
rebase.autoStash = true; rebase.autoStash = true;
user.signingkey = builtins.readFile secret.crypto.sign.key; user.signingkey = builtins.readFile secret.crypto.sign.git.key;
}; };
} }

6
module/common/Git.nix
View file

@ -7,9 +7,9 @@
pull.rebase = true; pull.rebase = true;
push.autoSetupRemote = true; push.autoSetupRemote = true;
rebase.autoStash = true; rebase.autoStash = true;
user.signingkey = builtins.readFile secret.crypto.sign.key; user.signingkey = builtins.readFile secret.crypto.sign.git.key;
gpg.ssh.allowedSignersFile = toString(secret.crypto.sign.allowed); gpg.ssh.allowedSignersFile = toString(secret.crypto.sign.git.allowed);
gpg.format = secret.crypto.sign.format; gpg.format = secret.crypto.sign.git.format;
}; };
}; };
} }

9
part/Secret.nix
View file

@ -1,13 +1,15 @@
# Secrets configuration.
{ ... }: { { ... }: {
# Password used for root user.
hashedPassword = "$y$j9T$oqCB16i5E2t1t/HAWaFd5.$tTaHtAcifXaDVpTcRv.yH2/eWKxKE9xM8KcqXHfHrD7"; # Use `mkpasswd`. hashedPassword = "$y$j9T$oqCB16i5E2t1t/HAWaFd5.$tTaHtAcifXaDVpTcRv.yH2/eWKxKE9xM8KcqXHfHrD7"; # Use `mkpasswd`.
ssh = { ssh = {
# Keys that are allowed to connect via SSH.
trustedKeys = [ trustedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIL2LI1iFDZC223aWqBVz9yusfB/XrRwsBKiL5warIF/ nix-on-droid@phone" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIL2LI1iFDZC223aWqBVz9yusfB/XrRwsBKiL5warIF/ nix-on-droid@phone"
(builtins.readFile ./secret/public/Ssh.key) (builtins.readFile ./secret/public/Ssh.key)
]; ];
# Keys that are allowd to connect via SSH to nixbuild user for Nix remote builds.
builderKeys = [ builderKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuuw5ek5wGB9KdBhCTxjV+CBpPU6RIOynHkFYC4dau3 root@dasha" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuuw5ek5wGB9KdBhCTxjV+CBpPU6RIOynHkFYC4dau3 root@dasha"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIf192IxsksM6u8UY+eqpHopebgV+NNq2G03ssdXIgz root@desktop" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIf192IxsksM6u8UY+eqpHopebgV+NNq2G03ssdXIgz root@desktop"
@ -19,11 +21,14 @@
}; };
crypto = { crypto = {
sign = { # Git commit signing.
sign.git = {
format = "ssh"; format = "ssh";
key = ./secret/public/Ssh.key; key = ./secret/public/Ssh.key;
allowed = ./secret/public/Signers.key; allowed = ./secret/public/Signers.key;
}; };
# List of accepted public keys.
publicKeys = [ publicKeys = [
{ {
source = ./secret/public/Gpg.key; source = ./secret/public/Gpg.key;