Add a private peerix key

This commit is contained in:
Bad 2022-06-17 23:17:33 +02:00
parent 95f82b45a5
commit 0813bee4ee
4 changed files with 36 additions and 3 deletions

View file

@ -1,3 +1,23 @@
{...}: {
services.peerix.enable = true;
{config, ...}:
let
peerix_user = "peerix";
in
{
users.groups.${peerix_user} = {};
users.users.${peerix_user} = {
group = peerix_user;
isSystemUser = true;
};
age.secrets.binary-cache-secret = {
owner = peerix_user;
file = ../../secrets/binary-cache-secret.age;
};
services.peerix = {
enable = true;
user = peerix_user;
privateKeyFile = config.age.secrets.binary-cache-secret.path;
publicKey = (builtins.readFile ../../secrets/binary-cache-pub);
};
}

1
secrets/binary-cache-pub Normal file
View file

@ -0,0 +1 @@
mae-binary-cache:zgDhN/r2Dti6xFEDhmEVL74mcGUN+hKaOVSFfv3a2qM=

View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 HCZ4Yw InyIbzkqYD4rjLlm2/kXIA5pcw5gfUT8pfuzP5k3KA8
JFhSw5zD9RoON/PQM7uil+RCXxvPxcTIlAmCCyx4AuE
-> ssh-ed25519 KRoghg fG1+RSmK9COQEll+3t/Jxh/YbK3bXI2MC+TUcr/CNCo
cLxQTv2pqXFJcSZVnzC7k1JDrgtJxMB3z/fDF2vPK6o
-> <;E[-grease _ 0U::
J4Cj04IK3H1rC8M/9u9vVvsP9rwFGy/GKgeP0evx4Fxf3HZo6L9F4sXtSK17op1o
Wxam+ZSxi8P9e5zLPg
--- 9W3G9DkrznU1gfFC7Hiwc0oFR29lSRH57c3yb27PHKY
/¬¥:RÐÎÔ<C38E>˜ˆkt·-ËàŠÆÇL?E²7ƒ4l…<;ìRÎÌË#Ð<>ìÔ<Æ0 ¸ÄP£Ä†¯ ÇÓ½¾%ÎËàžt$<24>³Ìú"¾L‡QÀ¸v^¡ƒ.[7éñš]ÀÙ¾!Lõ™±ù2ùIœ[¡µ¬¢2v\8  ¼B)ü¦è^

View file

@ -6,7 +6,9 @@ let
tesco_sys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqryVRMbcei0pZTOP1wgTVzn452vgsUP7MrEb0LQ17s root@tesco";
mae_tesco = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN64wtGODBn2yygv1sOXnV8qbXImbOttMlhdTKEyQCoT mae@tesco";
allKeys = [ teapot_sys mae_teapot tesco_sys mae_tesco ];
systemKeys = [teapot_sys tesco_sys];
allKeys = [ mae_teapot mae_tesco ] ++ systemKeys;
in
{
"binary-cache-secret.age".publicKeys = systemKeys;
}