Move sops secrets to secrets folder

enable sshd
2025-12-19 09:29:36 +01:00 · 2022-05-31 15:19:11 +02:00 · 2022-05-31 15:19:11 +02:00 · 22fdcbf773
commit 22fdcbf773
parent 5356bb0183
7 changed files with 79 additions and 2 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -0,0 +1,2 @@
+keys:
+  - &stefan_ellmauthaler 3B39 8B08 6C41 0264 A14F  B353 B1E6 F030 30A4 AEAA
--- a/flake.nix
+++ b/flake.nix
@ -97,7 +97,9 @@
          inputs.home-manager.nixosModules.home-manager
          inputs.sops-nix.nixosModules.sops
          inputs.dwarffs.nixosModules.dwarffs
-        ] ++ (map (name: ./modules + "/${name}") (moduleNames ./modules));
+        ] ++ (map (name: ./modules + "/${name}") (moduleNames ./modules)) ++ [
+          ./secrets
+        ];
        specialArgs = {
          nixos-hardware = inputs.nixos-hardware.nixosModules;
          inherit inputs;
--- a/machines/stel-xps/default.nix
+++ b/machines/stel-xps/default.nix
@ -13,6 +13,8 @@
    base.enable = true;
    # setup locale and font settings
    locale.enable = true;
+    # setup sshd
+    sshd.enable = true;
    # configure zsh
    zsh.enable = true;
    # enable X11 with lightdm and i3
--- a/modules/secrets/secrets.yaml
+++ b/modules/secrets/secrets.yaml
--- a/modules/ssh.nix
+++ b/modules/ssh.nix
@ -0,0 +1,16 @@
+{ config, lib, pkgs, ... }:
+with lib; {
+  options.elss.sshd.enable = mkEnableOption "Set up sshd";
+
+  config =
+    let
+      cfg = config.elss.sshd;
+    in
+      mkIf cfg.enable {
+        services.openssh = {
+          enable = true;
+          passwordAuthentication = false;
+          permitRootLogin = false;
+        };
+      };
+}
--- a/modules/secrets/default.nix
+++ b/modules/secrets/default.nix
@ -7,6 +7,9 @@ with lib; {
      cfg = config.elss.sops;
    in
    mkIf cfg.enable {
-      sops.defaultSopsFile = ./secrets.yaml;
+      sops = {
+        defaultSopsFile = ./secrets.yaml;
+
+      };
    };
 }
--- a/secrets/keys/users/stefan_ellmauthaler.asc
+++ b/secrets/keys/users/stefan_ellmauthaler.asc
@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGClB3EBEADX75a/UKReD9GfpCQwuuBG6vO00W2WutEGC+lA+xt+yQfEFSc7
+8A52n9Ypgbn0I/TdCkRl3zSyw/ysR2On0biYb6rsyZG6PVmwq6wSpgPRHh2P0E9r
+tg4PLhOkmSTlxT3k3SMvP4lJpRuZBSqRHkxaVMJDVjSlrwifUkSOl0LMewCtGZOG
+jV9P8OMFHy/SAE/YVlnjH2IW6yUT5n+suNJ2pf6u/PcdXCpryNPkNLmsoQ0e+ZjG
+we3i/7/vJ6wkkg7DZAuCmIjo1Zq1zNRI6ouJpgO58VKO5zrRdnKIkOstcp1smDmt
+KngMzzYa7J1ytvNcy3nPoePjI0HwRREDrPZ/vhTFNpdfhLiuP4nhqu/mLVMJScqK
+iaX2dLZ8wRTCgpC94pPJ81fXkTtLCTfIn1Tss9sFx37IHNiwd3BZhzFtQrbAMjTz
+3vvF74XaVaDFZXGWcgJLBYRRgGSSIZCzOvPyPqENA/ugGvXb3U4YwFEV9H2BR/ei
+0r6CLJgr99vD9SOlaF05hqCLAqyXE+o1jCMyOEHCChTf3VS2ZIxacpp5AoTkVOq8
+ZmaoASw8uxt4UD8wNJFtJdgzNxYSRWP6UE4Io7AUwoPQmfk9RxOiMQKDgJ9oj7yc
+a5DHWS03xhtW4YL1ZZZm9TRg4jo1WB6jXRGbwT0lAtRnwaeWCqaJqm7uUQARAQAB
+tDNTdGVmYW4gRWxsbWF1dGhhbGVyIDxzdGVmYW4uZWxsbWF1dGhhbGVyQGdtYWls
+LmNvbT6JAlQEEwEKAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQQ7OYsI
+bEECZKFPs1Ox5vAwMKSuqgUCYpYJ2gUJA9ITLwAKCRCx5vAwMKSuqsU8EACYntlq
+QFfM7bvviC0VJgvAnDGLeuGOh1Ba6SnmMQCHb1uYCQslmUpoYIWz0MntLoRcfdbz
+JeyKP2OXvs6jg8EGPPk30g/hvD7392D45pPYNz9xY/sqR9FrYkBzrytvJRZY00qP
+yrC+CmSlC9/pnJobbnGVDPAtDbM/1yxoNQhb/L6RIRcPc/efisi8e2O2J2DF/847
+eFEpIf38QlMf4RoWO+xsOT16R4iC4xdffI7xk+gG6pXD6tqI9IY7GPyzUhz/ttrX
+GA+gEdfIFH/Ro2JVG2a91V1UV7b/STx+1yWH71Oa8UCSGRFQMdDx62kPfuBzrxg3
+ZMYqaRyyqpZDel0Vt05DCYgqmk7GmsvDLZnjfu1JJ8yreAzbJstvEfg9oLoBq3mD
+DjaWLl4QJMmGkwQfmZlIWkLMgvdWuaoMAAr23JKCcNUGH0rnjlJHjnbX2+Q1ASH3
+1U5UPgVavuvHTs08E09aMfjDucd9u/NhzNsokzJZ5UlwY46hcYnU/ZAopKNTHR28
+2d4WBw8P/dsoymsLBqe0rUn9gm1Sm94jJtZwDw2PsJ+QXShJv2zpiGWd7hTBzOCT
+bMTxVkASmyfLuLNjJBHzYOtnnqFN6GQoLlJRwlOARCGH+8q/yT9v34TsEeYOeDep
+I1CjjraAChCxw53c2TXkp05wJp+zyZaEe80I9LkCDQRgpQdxARAArwHwHId6uhSS
+RmdHE0jMnbSXknd62WeX9yy7tI5st8PisxLkUvIhsYEm7820BQtyB5/6Mda3th87
+LSmlzWO5Uvr+dpcUX80ozw0MlxY4Afd2b3uN8hDq1B1yreq3p9WdPlr+tZo/1zK3
+gxosfd/BDKdn+4FHPTpO3oePpYSUnlHhLac8wjn4C6HVvQHRK0rifzaAf3TlVHjk
+/rRpJZ713JahiCVu9PR5dxE8zaI3pI63JV0g7aSQUevlbdfOBtwToX+Opz7s46Ep
+sj6gzW1YHYgIuRcZ0fXxjhqB3BifKRvjdKfRTWgC/SPWby/DmYJaYdf81FDhGEqt
+hqnI3YbO06Apid41xmmHiSoMjUv0i78edBInxEu/jZ7UZ8jmDmqkGqrJEJqAlaG3
+oUM1Xd0csP5gCxN7Ny/u3QloKfC7EAlVNxKub/Yumc4PE7m1zs9bEt4ZH3UomX5o
+Ub5D9BOnWuRjBiGewYmGHjQDNPA1NLHUs7eNcFsadNQil+w/n/9mle+qvh/C0irB
+bJS/DNDExQmb9IT7SqsMQO2N3M5ZTZrkFoKEJ8mVJ+JFwNpAZG2RXjw9fFU/g4zT
+bi35xODgz+WfyP9+gLY33YM44UkDDpVUzlVJ9A8bPbgTKQIuuFqRNHRLq4Nmu2Hn
+EXjGDmKsmsDkNOIWrqYTsXXfo7qPbBsAEQEAAYkCPAQYAQgAJhYhBDs5iwhsQQJk
+oU+zU7Hm8DAwpK6qBQJgpQdxAhsMBQkB4TOAAAoJELHm8DAwpK6qJgwQAM1btgX0
+EOMN1s2hsoZe7pNZ1itj5HI8lxctcwC9zlBSgS3M5IeCOC/zf0yj5pOHRqN595jI
+NjoXNTPFunuvd33tgLGSlPPifb8Dn9n1/oEt+Ys0LuownADEdtX3L9JO5l79JK4S
+gQKG5Mx7ZmD3E5WdwmvkzjUzY12p3uC78en11OCm+sp2Fk5OhUBSXXJ/BsXoTD5f
+g7XbbuRfhs52x6qIgWSuqbOghYq6VCNmR1j53qZsTUZg2gmKT10cSzI2rlsws2L3
+qIeo2eXKLxlUNuxK4kse007MxyzEqlWTVTwsL8SC06ouZ/W2VMF+xGZJ8O/Br5LD
+pmEX+wZXJL6H2lIRa/aMreaQ8S9d9TSXHRIuc5MpmGnd9/KOm4Sdch5IQLiJLfyw
+KkB9R1evg0HZqfOt05i6A1IyJQ9OlUXfbRBow6msNDlOmEviNNeJfLMQ/YvyZ+FM
+oaSW5hMYZRMSthuIhQogWH+t1Kt76gHK+WVhyD9XZ8NWu18+ZUKMV2Dg4EyzJBkf
+sdiWD4kFnotONtUHouRjMr5xFbDWQ/bSoQ+QGUOmxDx6Wl/DsGiQ+6HB4cD3JAxz
+w2Ykcg94PlmESgC6SyLT8pDIbd8z42QR5VNRvMRBJnX/FygNGLj0PCol1piRM1zu
+KdqlWuZpbVFm5DF/TQWr9PSFUs8QJ3EL/mXR
+=Vjox
+-----END PGP PUBLIC KEY BLOCK-----