This commit is contained in:
iFargle 2023-09-19 17:01:58 +09:00
parent 38da44ccec
commit 1515cf51e1
2 changed files with 17 additions and 6 deletions

View file

@ -2,12 +2,17 @@ keys:
- &user_albert D98BBC6C9A27324654C2D8C464F6C4EB46C4543A - &user_albert D98BBC6C9A27324654C2D8C464F6C4EB46C4543A
- &host_nixos-vm-01 fa79d269a8a6944d3f7f73525a8b15a68b98e6ee - &host_nixos-vm-01 fa79d269a8a6944d3f7f73525a8b15a68b98e6ee
- &host_nixos-rpi4-01 b8313b59194b577cb5a0187bbfd686dae3a80e78 - &host_nixos-rpi4-01 b8313b59194b577cb5a0187bbfd686dae3a80e78
- &host_nixos-rpi4-02 166ed206738ba44b3428629dc1f2ed98cbef1a6a
- &host_nixos-rpi4-03 769021d2a24bf6e4d1c72791fc302f9a3cfb5171
creation_rules: creation_rules:
- path_regex: secrets/secrets.yaml - path_regex: secrets/secrets.yaml
key_groups: key_groups:
- pgp: - pgp:
- *user_albert - *user_albert
- *host_nixos-rpi4-01 - *host_nixos-rpi4-01
- *host_nixos-rpi4-02
- *host_nixos-rpi4-03
- *host_nixos-vm-01 - *host_nixos-vm-01
- path_regex: secrets/tailscale.yaml - path_regex: secrets/tailscale.yaml
@ -15,4 +20,6 @@ creation_rules:
- pgp: - pgp:
- *user_albert - *user_albert
- *host_nixos-rpi4-01 - *host_nixos-rpi4-01
- *host_nixos-rpi4-02
- *host_nixos-rpi4-03
- *host_nixos-vm-01 - *host_nixos-vm-01

View file

@ -2,9 +2,12 @@
# First setup: # First setup:
user=albert user=albert
read -p "Hostname: " host; read -p "Hostname: " hostname;
# run as root: # run as root:
# eIf on the raspberry pi image:
# sudo nix-channel --add https://nixos.org/channels/nixpkgs-unstable
# sudo nix-channel --update
sudo nix-shell -p git --run git clone https://git.sysctl.io/albert/nix /etc/nixos/git sudo nix-shell -p git --run git clone https://git.sysctl.io/albert/nix /etc/nixos/git
sudo git clone https://git.sysctl.io/albert/nix /etc/nixos/git sudo git clone https://git.sysctl.io/albert/nix /etc/nixos/git
sudo ln -s /etc/nixos/git/flake.nix /etc/nixos/flake.nix sudo ln -s /etc/nixos/git/flake.nix /etc/nixos/flake.nix
@ -23,7 +26,8 @@ gpg --import $gpgKey
echo -e "5\ny\n" | gpg --command-fd 0 --expert --edit-key 64F6C4EB46C4543A trust echo -e "5\ny\n" | gpg --command-fd 0 --expert --edit-key 64F6C4EB46C4543A trust
# Setup SOPS # Setup SOPS
sudo nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o /etc/nixos/git/keys/hosts/$(host).asc" sudo nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o /etc/nixos/git/keys/hosts/$(hostname).asc"
# Update your .sops.yaml with this key
cd /etc/nixos/git cd /etc/nixos/git
nix-shell nix-shell
sops-update secrets/secrets.yaml sops-update secrets/secrets.yaml
@ -31,13 +35,13 @@ sops-update secrets/secrets.yaml
# Set up ssh keys # Set up ssh keys
ssh-keygen -t rsa -b 8192 -f ~/.ssh/id_rsa -N "" ssh-keygen -t rsa -b 8192 -f ~/.ssh/id_rsa -N ""
echo "" >> /etc/nixos/git/keys/ssh/keys.txt echo "" >> /etc/nixos/git/keys/ssh/keys.txt
echo "# $user@$host" >> /etc/nixos/git/keys/ssh/keys.txt echo "# `whoami`@`hostname`" >> /etc/nixos/git/keys/ssh/keys.txt
cat .ssh/id_rsa.pub >> /etc/nixos/git/keys/ssh/keys.txt cat /home/albert/.ssh/id_rsa.pub >> /etc/nixos/git/keys/ssh/keys.txt
# Add all changes to git and and push # Add all changes to git and and push
git add keys/hosts/$(host).asc git add keys/hosts/`hostname`.asc
git commit -am "Setup of host: $host" git commit -am "Setup of: `whoami`@`hostname`"
git push git push
echo "Complete. Reboot to complete the config" echo "Complete. Reboot to complete the config"