zuckerberg/nix-config
zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

add secrets

Browse Source
This commit is contained in:
Zuckerberg 2023-04-19 18:04:32 -06:00
parent e5c1c99793
commit 6add0cd5e5
3 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
common/network/hosts.nix
View File

@ -6,6 +6,7 @@ let
# hostnames that resolve on clearnet for LUKS unlocking # hostnames that resolve on clearnet for LUKS unlocking
unlock-clearnet-hosts = { unlock-clearnet-hosts = {
ponyo = "unlock.ponyo.neet.dev"; ponyo = "unlock.ponyo.neet.dev";
phil = "unlock.phil.neet.dev";
s0 = "s0"; s0 = "s0";
}; };
@ -27,6 +28,14 @@ in
hostNames = [ unlock-clearnet-hosts.ponyo unlock-onion-hosts.ponyo ]; hostNames = [ unlock-clearnet-hosts.ponyo unlock-onion-hosts.ponyo ];
publicKey = system.ponyo-unlock; publicKey = system.ponyo-unlock;
}; };
phil = {
hostNames = [ "phil" "phil.neet.dev" ];
publicKey = system.phil;
};
phil-unlock = {
hostNames = [ unlock-clearnet-hosts.phil ];
publicKey = system.phil-unlock;
};
router = { router = {
hostNames = [ "router" "192.168.1.228" ]; hostNames = [ "router" "192.168.1.228" ];
publicKey = system.router; publicKey = system.router;

4
common/ssh.nix
View File

@ -9,6 +9,8 @@ rec {
ponyo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBBlTAIp38RhErU1wNNV5MBeb+WGH0mhF/dxh5RsAXN"; ponyo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBBlTAIp38RhErU1wNNV5MBeb+WGH0mhF/dxh5RsAXN";
ponyo-unlock = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9LQuuImgWlkjDhEEIbM1wOd+HqRv1RxvYZuLXPSdRi"; ponyo-unlock = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9LQuuImgWlkjDhEEIbM1wOd+HqRv1RxvYZuLXPSdRi";
ray = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQM8hwKRgl8cZj7UVYATSLYu4LhG7I0WFJ9m2iWowiB"; ray = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQM8hwKRgl8cZj7UVYATSLYu4LhG7I0WFJ9m2iWowiB";
phil = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBlOs6mTZCSJL/XM6NysHN0ZNQAyj2GEwBV2Ze6NxRmr";
phil-unlock = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqy9X/m67oXJBX+OMdIqpiLONYc5aQ2nHeEPAaj/vgN";
router = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFr2IHmWFlaLaLp5dGoSmFEYKA/eg2SwGXAogaOmLsHL"; router = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFr2IHmWFlaLaLp5dGoSmFEYKA/eg2SwGXAogaOmLsHL";
router-unlock = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOw5dTPmtKqiPBH6VKyz5MYBubn8leAh5Eaw7s/O85c"; router-unlock = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOw5dTPmtKqiPBH6VKyz5MYBubn8leAh5Eaw7s/O85c";
s0 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q"; s0 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q";
@ -22,6 +24,7 @@ rec {
# groups # groups
systems = with system; [ systems = with system; [
ponyo ponyo
phil
ray ray
router router
s0 s0
@ -31,6 +34,7 @@ rec {
]; ];
servers = with system; [ servers = with system; [
ponyo ponyo
phil
router router
s0 s0
]; ];

3
machines/phil/hardware-configuration.nix
View File

@ -11,6 +11,9 @@
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
remoteLuksUnlock.enable = true;
remoteLuksUnlock.enableTorUnlock = false;
boot.initrd.availableKernelModules = [ "xhci_pci" ]; boot.initrd.availableKernelModules = [ "xhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];