voronind/nix
0
0
Fork 0
Code Issues 40 Pull requests Packages Projects Releases Wiki Activity

Secret : Add comments.

Browse source
This commit is contained in:
Dmitry Voronin 2024-05-12 04:22:57 +03:00
parent 16d734d81e
commit a24b5bdd99
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
3 changed files with 13 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
module/android/Git.nix
View file

@ -1,12 +1,12 @@
{ secret, ... }: {
config = {
credential.helper = "store";
gpg.format = secret.crypto.sign.format;
gpg.ssh.allowedSignersFile = toString(secret.crypto.sign.allowed);
gpg.format = secret.crypto.sign.gih.format;
gpg.ssh.allowedSignersFile = toString(secret.crypto.sign.git.allowed);
init.defaultBranch = "main";
pull.rebase = true;
push.autoSetupRemote = true;
rebase.autoStash = true;
user.signingkey = builtins.readFile secret.crypto.sign.key;
user.signingkey = builtins.readFile secret.crypto.sign.git.key;
};
}

6
module/common/Git.nix
View file

@ -7,9 +7,9 @@
pull.rebase = true;
push.autoSetupRemote = true;
rebase.autoStash = true;
user.signingkey = builtins.readFile secret.crypto.sign.key;
gpg.ssh.allowedSignersFile = toString(secret.crypto.sign.allowed);
gpg.format = secret.crypto.sign.format;
user.signingkey = builtins.readFile secret.crypto.sign.git.key;
gpg.ssh.allowedSignersFile = toString(secret.crypto.sign.git.allowed);
gpg.format = secret.crypto.sign.git.format;
};
};
}

9
part/Secret.nix
View file

@ -1,13 +1,15 @@
# Secrets configuration.
{ ... }: {
# Password used for root user.
hashedPassword = "$y$j9T$oqCB16i5E2t1t/HAWaFd5.$tTaHtAcifXaDVpTcRv.yH2/eWKxKE9xM8KcqXHfHrD7"; # Use `mkpasswd`.
ssh = {
# Keys that are allowed to connect via SSH.
trustedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIL2LI1iFDZC223aWqBVz9yusfB/XrRwsBKiL5warIF/ nix-on-droid@phone"
(builtins.readFile ./secret/public/Ssh.key)
];
# Keys that are allowd to connect via SSH to nixbuild user for Nix remote builds.
builderKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuuw5ek5wGB9KdBhCTxjV+CBpPU6RIOynHkFYC4dau3 root@dasha"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIf192IxsksM6u8UY+eqpHopebgV+NNq2G03ssdXIgz root@desktop"
@ -19,11 +21,14 @@
};
crypto = {
sign = {
# Git commit signing.
sign.git = {
format = "ssh";
key = ./secret/public/Ssh.key;
allowed = ./secret/public/Signers.key;
};
# List of accepted public keys.
publicKeys = [
{
source = ./secret/public/Gpg.key;