add secrets

2023-04-19 18:04:32 -06:00 · 2023-04-19 18:04:32 -06:00 · 6add0cd5e5
commit 6add0cd5e5
parent e5c1c99793
3 changed files with 16 additions and 0 deletions
--- a/common/network/hosts.nix
+++ b/common/network/hosts.nix
@ -6,6 +6,7 @@ let
  # hostnames that resolve on clearnet for LUKS unlocking
  unlock-clearnet-hosts = {
    ponyo = "unlock.ponyo.neet.dev";
+    phil = "unlock.phil.neet.dev";
    s0 = "s0";
  };

@ -27,6 +28,14 @@ in
      hostNames = [ unlock-clearnet-hosts.ponyo unlock-onion-hosts.ponyo ];
      publicKey = system.ponyo-unlock;
    };
+    phil = {
+      hostNames = [ "phil" "phil.neet.dev" ];
+      publicKey = system.phil;
+    };
+    phil-unlock = {
+      hostNames = [ unlock-clearnet-hosts.phil ];
+      publicKey = system.phil-unlock;
+    };
    router = {
      hostNames = [ "router" "192.168.1.228" ];
      publicKey = system.router;
--- a/common/ssh.nix
+++ b/common/ssh.nix
@ -9,6 +9,8 @@ rec {
    ponyo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBBlTAIp38RhErU1wNNV5MBeb+WGH0mhF/dxh5RsAXN";
    ponyo-unlock = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9LQuuImgWlkjDhEEIbM1wOd+HqRv1RxvYZuLXPSdRi";
    ray = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQM8hwKRgl8cZj7UVYATSLYu4LhG7I0WFJ9m2iWowiB";
+    phil = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBlOs6mTZCSJL/XM6NysHN0ZNQAyj2GEwBV2Ze6NxRmr";
+    phil-unlock = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqy9X/m67oXJBX+OMdIqpiLONYc5aQ2nHeEPAaj/vgN";
    router = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFr2IHmWFlaLaLp5dGoSmFEYKA/eg2SwGXAogaOmLsHL";
    router-unlock = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOw5dTPmtKqiPBH6VKyz5MYBubn8leAh5Eaw7s/O85c";
    s0 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q";
@ -22,6 +24,7 @@ rec {
  # groups
  systems = with system; [
    ponyo
+    phil
    ray
    router
    s0
@ -31,6 +34,7 @@ rec {
  ];
  servers = with system; [
    ponyo
+    phil
    router
    s0
  ];
--- a/machines/phil/hardware-configuration.nix
+++ b/machines/phil/hardware-configuration.nix
@ -11,6 +11,9 @@

  boot.loader.systemd-boot.enable = true;

+  remoteLuksUnlock.enable = true;
+  remoteLuksUnlock.enableTorUnlock = false;
+
  boot.initrd.availableKernelModules = [ "xhci_pci" ];
  boot.initrd.kernelModules = [ "dm-snapshot" ];
  boot.kernelModules = [ ];