39 lines
1.3 KiB
Nix
39 lines
1.3 KiB
Nix
{ inputs, host, lib, ... }:
|
|
let
|
|
keys = {
|
|
phoenix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsrEEXQwcu4i7hOqCbpwd4EdC/+v9fAWm30MUXhVpp5";
|
|
cepheus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGm1PymMJ2JnE973UCaezWQFKyZi7lsAzHshUUwafa8F";
|
|
naos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcR9C753wDWjg/oJxn6p9kLMaiaOPJFNT0xYPICXK52";
|
|
};
|
|
in {
|
|
environment.systemPackages = [ inputs.agenix-rekey.packages.x86_64-linux.default ];
|
|
imports = [
|
|
inputs.agenix.nixosModules.default
|
|
inputs.agenix-rekey.nixosModules.default
|
|
];
|
|
|
|
age.identityPaths = [ "/nix/keys/identity" ]; # default key path
|
|
age.rekey = {
|
|
masterIdentities = [
|
|
{ identity = "/home/user/.ssh/id_ed25519";
|
|
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDEDqpSiQpbSsClh6UGb7Z2DA1Hy+EyePzTy+5hEVD/A"; }
|
|
];
|
|
storageMode = "local";
|
|
generatedSecretsDir = ../../secrets/generated/${host};
|
|
localStorageDir = ../../secrets/rekeyed/${host};
|
|
};
|
|
|
|
# services.openssh.enable = true;
|
|
services.openssh.hostKeys = [{
|
|
path = "/nix/keys/identity";
|
|
type = "ed25519";
|
|
}];
|
|
|
|
# TODO: define key via hosts/<name>/default.nix
|
|
|
|
nodes.phoenix.age.rekey.hostPubkey = keys.phoenix;
|
|
nodes.cepheus.age.rekey.hostPubkey = keys.cepheus;
|
|
# nodes.tureis.age.rekey.hostPubkey = ""; # TODO
|
|
nodes.naos.age.rekey.hostPubkey = keys.naos;
|
|
}
|