diff --git a/.sops.yaml b/.sops.yaml index 94677308..d72903ca 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,12 +2,17 @@ keys: - &user_albert D98BBC6C9A27324654C2D8C464F6C4EB46C4543A - &host_nixos-vm-01 fa79d269a8a6944d3f7f73525a8b15a68b98e6ee - &host_nixos-rpi4-01 b8313b59194b577cb5a0187bbfd686dae3a80e78 + - &host_nixos-rpi4-02 166ed206738ba44b3428629dc1f2ed98cbef1a6a + - &host_nixos-rpi4-03 769021d2a24bf6e4d1c72791fc302f9a3cfb5171 + creation_rules: - path_regex: secrets/secrets.yaml key_groups: - pgp: - *user_albert - *host_nixos-rpi4-01 + - *host_nixos-rpi4-02 + - *host_nixos-rpi4-03 - *host_nixos-vm-01 - path_regex: secrets/tailscale.yaml @@ -15,4 +20,6 @@ creation_rules: - pgp: - *user_albert - *host_nixos-rpi4-01 + - *host_nixos-rpi4-02 + - *host_nixos-rpi4-03 - *host_nixos-vm-01 \ No newline at end of file diff --git a/setup.sh b/setup.sh index f0088a31..ff0f80e6 100755 --- a/setup.sh +++ b/setup.sh @@ -2,9 +2,12 @@ # First setup: user=albert -read -p "Hostname: " host; +read -p "Hostname: " hostname; # run as root: +# eIf on the raspberry pi image: +# sudo nix-channel --add https://nixos.org/channels/nixpkgs-unstable +# sudo nix-channel --update sudo nix-shell -p git --run git clone https://git.sysctl.io/albert/nix /etc/nixos/git sudo git clone https://git.sysctl.io/albert/nix /etc/nixos/git sudo ln -s /etc/nixos/git/flake.nix /etc/nixos/flake.nix @@ -23,7 +26,8 @@ gpg --import $gpgKey echo -e "5\ny\n" | gpg --command-fd 0 --expert --edit-key 64F6C4EB46C4543A trust # Setup SOPS -sudo nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o /etc/nixos/git/keys/hosts/$(host).asc" +sudo nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o /etc/nixos/git/keys/hosts/$(hostname).asc" +# Update your .sops.yaml with this key cd /etc/nixos/git nix-shell sops-update secrets/secrets.yaml @@ -31,13 +35,13 @@ sops-update secrets/secrets.yaml # Set up ssh keys ssh-keygen -t rsa -b 8192 -f ~/.ssh/id_rsa -N "" echo "" >> /etc/nixos/git/keys/ssh/keys.txt -echo "# $user@$host" >> /etc/nixos/git/keys/ssh/keys.txt -cat .ssh/id_rsa.pub >> /etc/nixos/git/keys/ssh/keys.txt +echo "# `whoami`@`hostname`" >> /etc/nixos/git/keys/ssh/keys.txt +cat /home/albert/.ssh/id_rsa.pub >> /etc/nixos/git/keys/ssh/keys.txt # Add all changes to git and and push -git add keys/hosts/$(host).asc -git commit -am "Setup of host: $host" +git add keys/hosts/`hostname`.asc +git commit -am "Setup of: `whoami`@`hostname`" git push echo "Complete. Reboot to complete the config" \ No newline at end of file