hosts/youko: add youko ssh keys, set user password

2024-12-17 23:11:05 +01:00 · 2024-12-17 23:11:05 +01:00 · aaa0b853f7
commit aaa0b853f7
parent e2014034bb
4 changed files with 30 additions and 21 deletions
--- a/assets/ssh.nix
+++ b/assets/ssh.nix
@ -15,6 +15,7 @@
    kogata = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGK7H4Z29d72HJlI69Vt0YLOyuPcn9XxYjvMZfql80z0 nikodem@rabulinski.com";
    hijiri = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXVPUBYAMn9H3efG/ldWl/ySmZV0CXleyH7E5nKf/N7 nikodem@rabulinski.com";
    tsukasa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPKXcihNVgsStMstnZYvh+Ai+JsydX3vu4O0yhlN+zw niko@tsukasa";
+    youko = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKAGBazVVFr1+beFxpC701IPz4JwdPIyFJybVVZ9kTkr niko@youko";
  };

  system = {
@ -25,5 +26,6 @@
    kogata = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPN/SXBcIB1WN8GIhYrQrqzFGuVkEP4o0E+x0uQ4f2l";
    hijiri = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILsTkICNuUwGqrToisTViFCBoql39+DFYVZSWj7vfbXK";
    tsukasa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKy32XGCkB0KOUm4f0ybrutfAzR7+baifM2yv5KuYV7 root@tsukasa";
+    youko = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPSbIjEo28aB2TACkvLY+VRKElZEdH9qFlTTfxCrblGZ root@youko";
  };
 }
--- a/hosts/youko/default.nix
+++ b/hosts/youko/default.nix
@ -1,26 +1,22 @@
 {
-  configurations.nixos.youko = {
-    imports = [
-      ./disks.nix
-      ./hardware.nix
-    ];
+  configurations.nixos.youko =
+    { config, username, ... }:
+    {
+      imports = [
+        ./disks.nix
+        ./hardware.nix
+      ];

-    nixpkgs.hostPlatform = "x86_64-linux";
+      nixpkgs.hostPlatform = "x86_64-linux";

-    boot = {
-      loader.systemd-boot.enable = true;
-      loader.efi.canTouchEfiVariables = true;
-    };
-
-    networking.networkmanager.enable = true;
-
-    settei.user.config =
-      { lib, ... }:
-      {
-        programs.git.signing = lib.mkForce {
-          key = null;
-          signByDefault = false;
-        };
+      boot = {
+        loader.systemd-boot.enable = true;
+        loader.efi.canTouchEfiVariables = true;
      };
-  };
+
+      networking.networkmanager.enable = true;
+
+      age.secrets.niko-pass.file = ../../secrets/youko-niko-pass.age;
+      users.users.${username}.hashedPasswordFile = config.age.secrets.niko-pass.path;
+    };
 }
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -89,4 +89,8 @@ in
    keys.system.ude
    keys.other.bootstrap
  ];
+  "youko-niko-pass.age".publicKeys = [
+    keys.system.youko
+    keys.other.bootstrap
+  ];
 }
--- a/secrets/youko-niko-pass.age
+++ b/secrets/youko-niko-pass.age
@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 rA7dkQ ztMXNi12xb4ZTd1w6KxB6RXLzdk0b8s73aFObVcUjSc
+gVE8z6agYlnMj9N2ZhudUX9BfgpiYXqwisYuYsFMCrE
+-> ssh-ed25519 GKhvwg C+uqtkHl5BNPLERwVByw4oQQgXSbbxwejy2nhJRjYzs
+xS/4KSywTRvgbvLeeIgvylWu5TRPTlOQiG+wsaLEZoY
+--- d7crfFYKvz20fbdLgtYh+QuPrC9cFKvIrrJz+Rsl0vk
+7ÒÿªRâ3¼ódÖ‹Êï!Žb„ƒ³ªP$Ñ¿Ä'ª‡<1F>ö±áÏþ
<0A>eµÓ|ó’®ð-ÍÉ©¼®ÆHR%“¾àÉ¼`Üä‘¹HSˆË@€ÝÁx¬"ŽÈdä‰Y8™à™%*AÏ“W‡#3«