zuckerberg/nix-config
zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

store pia secret in git

Browse Source
This commit is contained in:
zuckerberg 2021-06-22 20:48:05 -04:00
parent 1584bd565a
commit e7b9b46f44
5 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
common/pia.nix
View File

@ -85,7 +85,7 @@ YDQ8z9v+DMO6iwyIDRiU
</ca> </ca>
disable-occ disable-occ
auth-user-pass /secret/pia-login.conf auth-user-pass /run/secrets/pia-login.conf
''; '';
autoStart = true; autoStart = true;
up = "echo nameserver $nameserver | ${pkgs.openresolv}/sbin/resolvconf -m 0 -a $dev"; up = "echo nameserver $nameserver | ${pkgs.openresolv}/sbin/resolvconf -m 0 -a $dev";
@ -93,5 +93,6 @@ auth-user-pass /secret/pia-login.conf
}; };
}; };
}; };
age.secrets."pia-login.conf".file = ../secrets/pia-login.conf;
}; };
} }

3
common/ssh.nix
View File

@ -7,6 +7,7 @@ rec {
]; ];
system = { system = {
liza = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDY/pNyWedEfU7Tq9ikGbriRuF1ZWkHhegGS17L0Vcdl"; liza = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDY/pNyWedEfU7Tq9ikGbriRuF1ZWkHhegGS17L0Vcdl";
mitty = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJE2oSon3hKFqdDbfWXjc72trCWsdi16eEppeXkKRTEn";
}; };
systems = [ system.liza ]; systems = [ system.liza system.mitty ];
} }

4
machines/mitty/configuration.nix
View File

@ -36,8 +36,8 @@
}; };
}; };
bindMounts = { bindMounts = {
"/secret" = { "/run/secrets" = {
hostPath = "/secret"; hostPath = "/run/secrets";
isReadOnly = true; isReadOnly = true;
}; };
}; };

17
secrets/pia-login.conf Normal file
View File

@ -0,0 +1,17 @@
age-encryption.org/v1
-> ssh-ed25519 WVH30Q snPXnqoyFpLZC/3g5xuk38xw8rRC1uG5FQ1UoygWOlg
xmUPcKzhUCOFA5oJ+mgB7X4nU72Dva9MrISwvy9OypQ
-> ssh-ed25519 G2eSCQ INFecXmB/x6/j01MoeyycP83LYazWAneIYaTIaLSmyQ
Wbft9S6XW/Ps3RthPLLZaH1aHSV4sX7YkAW4ONQTjtI
-> ssh-ed25519 2a2Yhw NoxlRKbjJyLEBs0fsJK6VWSdwTKwe1a/mHh/9RZ7aBY
eScYO2IAKJz6LdGHCbYV7b6UATWKirqK4SNGcSnMEJo
-> ssh-ed25519 N240Tg RG6gq+6KTozGSlfM7wylDJGKIdDncdjXbyZt4UjHsi4
Jg2wgatlpILw3lfXYBOwy+vgEoUGKQXD4aE+kTEMPmk
-> ssh-ed25519 mbw8xA xjYbjae/j3jdRRT/O1GKvC8N6GSaBRTOwr6t5i0Ng04
vZDh4rrsJQI2LG4X0RrP7fc1eEHApG0Ya5HElSUi+ek
-> ssh-ed25519 xoAm7w NziSfA468lCU/SBnqfTu8VEbUZavqJvxUnLpT4E1/3A
QK9cNVAMR7wq2PUarmrNZ73hE1M5lTkTbiZmyoR0CnA
-> f-grease FYI c,@S&E !Pg
LlfyHfU6CRWGV/RU8w
--- D45DX/qNTQ6eWoCYmSP7exOh3e6x4AAV03fiW7EAthM
ä9px%æSúôþ1zöï)é½Æ<16>™bëñŒ ÆV KHÆmÌzZ°Ö:ÈØ#µ?v<>íPžÃ±x…lzœÃP#šUæÕR&`ÒÇÀ.sÊ

1
secrets/secrets.nix
View File

@ -6,4 +6,5 @@ let
in in
{ {
"searx.age".publicKeys = all; "searx.age".publicKeys = all;
"pia-login.conf".publicKeys = all;
} }