Test
This commit is contained in:
parent
38da44ccec
commit
1515cf51e1
2 changed files with 17 additions and 6 deletions
|
@ -2,12 +2,17 @@ keys:
|
||||||
- &user_albert D98BBC6C9A27324654C2D8C464F6C4EB46C4543A
|
- &user_albert D98BBC6C9A27324654C2D8C464F6C4EB46C4543A
|
||||||
- &host_nixos-vm-01 fa79d269a8a6944d3f7f73525a8b15a68b98e6ee
|
- &host_nixos-vm-01 fa79d269a8a6944d3f7f73525a8b15a68b98e6ee
|
||||||
- &host_nixos-rpi4-01 b8313b59194b577cb5a0187bbfd686dae3a80e78
|
- &host_nixos-rpi4-01 b8313b59194b577cb5a0187bbfd686dae3a80e78
|
||||||
|
- &host_nixos-rpi4-02 166ed206738ba44b3428629dc1f2ed98cbef1a6a
|
||||||
|
- &host_nixos-rpi4-03 769021d2a24bf6e4d1c72791fc302f9a3cfb5171
|
||||||
|
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets/secrets.yaml
|
- path_regex: secrets/secrets.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp:
|
- pgp:
|
||||||
- *user_albert
|
- *user_albert
|
||||||
- *host_nixos-rpi4-01
|
- *host_nixos-rpi4-01
|
||||||
|
- *host_nixos-rpi4-02
|
||||||
|
- *host_nixos-rpi4-03
|
||||||
- *host_nixos-vm-01
|
- *host_nixos-vm-01
|
||||||
|
|
||||||
- path_regex: secrets/tailscale.yaml
|
- path_regex: secrets/tailscale.yaml
|
||||||
|
@ -15,4 +20,6 @@ creation_rules:
|
||||||
- pgp:
|
- pgp:
|
||||||
- *user_albert
|
- *user_albert
|
||||||
- *host_nixos-rpi4-01
|
- *host_nixos-rpi4-01
|
||||||
|
- *host_nixos-rpi4-02
|
||||||
|
- *host_nixos-rpi4-03
|
||||||
- *host_nixos-vm-01
|
- *host_nixos-vm-01
|
16
setup.sh
16
setup.sh
|
@ -2,9 +2,12 @@
|
||||||
# First setup:
|
# First setup:
|
||||||
|
|
||||||
user=albert
|
user=albert
|
||||||
read -p "Hostname: " host;
|
read -p "Hostname: " hostname;
|
||||||
|
|
||||||
# run as root:
|
# run as root:
|
||||||
|
# eIf on the raspberry pi image:
|
||||||
|
# sudo nix-channel --add https://nixos.org/channels/nixpkgs-unstable
|
||||||
|
# sudo nix-channel --update
|
||||||
sudo nix-shell -p git --run git clone https://git.sysctl.io/albert/nix /etc/nixos/git
|
sudo nix-shell -p git --run git clone https://git.sysctl.io/albert/nix /etc/nixos/git
|
||||||
sudo git clone https://git.sysctl.io/albert/nix /etc/nixos/git
|
sudo git clone https://git.sysctl.io/albert/nix /etc/nixos/git
|
||||||
sudo ln -s /etc/nixos/git/flake.nix /etc/nixos/flake.nix
|
sudo ln -s /etc/nixos/git/flake.nix /etc/nixos/flake.nix
|
||||||
|
@ -23,7 +26,8 @@ gpg --import $gpgKey
|
||||||
echo -e "5\ny\n" | gpg --command-fd 0 --expert --edit-key 64F6C4EB46C4543A trust
|
echo -e "5\ny\n" | gpg --command-fd 0 --expert --edit-key 64F6C4EB46C4543A trust
|
||||||
|
|
||||||
# Setup SOPS
|
# Setup SOPS
|
||||||
sudo nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o /etc/nixos/git/keys/hosts/$(host).asc"
|
sudo nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o /etc/nixos/git/keys/hosts/$(hostname).asc"
|
||||||
|
# Update your .sops.yaml with this key
|
||||||
cd /etc/nixos/git
|
cd /etc/nixos/git
|
||||||
nix-shell
|
nix-shell
|
||||||
sops-update secrets/secrets.yaml
|
sops-update secrets/secrets.yaml
|
||||||
|
@ -31,13 +35,13 @@ sops-update secrets/secrets.yaml
|
||||||
# Set up ssh keys
|
# Set up ssh keys
|
||||||
ssh-keygen -t rsa -b 8192 -f ~/.ssh/id_rsa -N ""
|
ssh-keygen -t rsa -b 8192 -f ~/.ssh/id_rsa -N ""
|
||||||
echo "" >> /etc/nixos/git/keys/ssh/keys.txt
|
echo "" >> /etc/nixos/git/keys/ssh/keys.txt
|
||||||
echo "# $user@$host" >> /etc/nixos/git/keys/ssh/keys.txt
|
echo "# `whoami`@`hostname`" >> /etc/nixos/git/keys/ssh/keys.txt
|
||||||
cat .ssh/id_rsa.pub >> /etc/nixos/git/keys/ssh/keys.txt
|
cat /home/albert/.ssh/id_rsa.pub >> /etc/nixos/git/keys/ssh/keys.txt
|
||||||
|
|
||||||
|
|
||||||
# Add all changes to git and and push
|
# Add all changes to git and and push
|
||||||
git add keys/hosts/$(host).asc
|
git add keys/hosts/`hostname`.asc
|
||||||
git commit -am "Setup of host: $host"
|
git commit -am "Setup of: `whoami`@`hostname`"
|
||||||
git push
|
git push
|
||||||
|
|
||||||
echo "Complete. Reboot to complete the config"
|
echo "Complete. Reboot to complete the config"
|
Loading…
Reference in a new issue