Add a private peerix key
This commit is contained in:
parent
95f82b45a5
commit
0813bee4ee
4 changed files with 36 additions and 3 deletions
|
@ -1,3 +1,23 @@
|
|||
{...}: {
|
||||
services.peerix.enable = true;
|
||||
{config, ...}:
|
||||
let
|
||||
peerix_user = "peerix";
|
||||
in
|
||||
{
|
||||
users.groups.${peerix_user} = {};
|
||||
users.users.${peerix_user} = {
|
||||
group = peerix_user;
|
||||
isSystemUser = true;
|
||||
};
|
||||
|
||||
age.secrets.binary-cache-secret = {
|
||||
owner = peerix_user;
|
||||
file = ../../secrets/binary-cache-secret.age;
|
||||
};
|
||||
|
||||
services.peerix = {
|
||||
enable = true;
|
||||
user = peerix_user;
|
||||
privateKeyFile = config.age.secrets.binary-cache-secret.path;
|
||||
publicKey = (builtins.readFile ../../secrets/binary-cache-pub);
|
||||
};
|
||||
}
|
||||
|
|
1
secrets/binary-cache-pub
Normal file
1
secrets/binary-cache-pub
Normal file
|
@ -0,0 +1 @@
|
|||
mae-binary-cache:zgDhN/r2Dti6xFEDhmEVL74mcGUN+hKaOVSFfv3a2qM=
|
10
secrets/binary-cache-secret.age
Normal file
10
secrets/binary-cache-secret.age
Normal file
|
@ -0,0 +1,10 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 HCZ4Yw InyIbzkqYD4rjLlm2/kXIA5pcw5gfUT8pfuzP5k3KA8
|
||||
JFhSw5zD9RoON/PQM7uil+RCXxvPxcTIlAmCCyx4AuE
|
||||
-> ssh-ed25519 KRoghg fG1+RSmK9COQEll+3t/Jxh/YbK3bXI2MC+TUcr/CNCo
|
||||
cLxQTv2pqXFJcSZVnzC7k1JDrgtJxMB3z/fDF2vPK6o
|
||||
-> <;E[-grease _ 0U::
|
||||
J4Cj04IK3H1rC8M/9u9vVvsP9rwFGy/GKgeP0evx4Fxf3HZo6L9F4sXtSK17op1o
|
||||
Wxam+ZSxi8P9e5zLPg
|
||||
--- 9W3G9DkrznU1gfFC7Hiwc0oFR29lSRH57c3yb27PHKY
|
||||
/¬¥:RÐÎÔ<C38E>˜‹6Þˆkt·-’ËàŠÆÇL?E²7ƒ’4l…<;ìRÎÌË#Ð<>jëìÔ<Æ0 ¸ÄP£‚Ć¯ÇÓ½¾%ÎËàžt$<24>³Ìú"¾L‡QÀ¸v^¡ƒ.[7éñš]ÀÙ¾!L‚õ™±ù2ùIœ[¡µ¬¢2v\8 ¼B)ü¦è^
|
|
@ -6,7 +6,9 @@ let
|
|||
tesco_sys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqryVRMbcei0pZTOP1wgTVzn452vgsUP7MrEb0LQ17s root@tesco";
|
||||
mae_tesco = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN64wtGODBn2yygv1sOXnV8qbXImbOttMlhdTKEyQCoT mae@tesco";
|
||||
|
||||
allKeys = [ teapot_sys mae_teapot tesco_sys mae_tesco ];
|
||||
systemKeys = [teapot_sys tesco_sys];
|
||||
allKeys = [ mae_teapot mae_tesco ] ++ systemKeys;
|
||||
in
|
||||
{
|
||||
"binary-cache-secret.age".publicKeys = systemKeys;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue