Testing
This commit is contained in:
parent
be50b769fc
commit
1df9fb9d37
5 changed files with 40 additions and 92 deletions
|
@ -1,65 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
pushd /etc/nixos/git
|
|
||||||
|
|
||||||
# Home-Manager Setup
|
|
||||||
echo ">>> Setting up Home Manager..... "
|
|
||||||
sudo mkdir /nix/var/nix/profiles/per-user/albert
|
|
||||||
|
|
||||||
# For some reason the syncthing folder takes this over and makes it owned by root
|
|
||||||
sudo mkdir /home/albert/.config
|
|
||||||
sudo chown albert:albert /home/albert/.config
|
|
||||||
sudo chown -R albert:root /nix/var/nix/profiles/per-user/albert
|
|
||||||
home-manager switch -b backup --flake /etc/nixos/git
|
|
||||||
source ~/.bashrc
|
|
||||||
|
|
||||||
# Import and trust the GPG key
|
|
||||||
echo ">>> Setting up user GPG key..... "
|
|
||||||
gpg --import ~/keys.pgp
|
|
||||||
echo -e "5\ny\n" | gpg --command-fd 0 --expert --edit-key albert@sysctl.io trust
|
|
||||||
|
|
||||||
# Setup SOPS
|
|
||||||
echo "Setting up SOPS keys..... "
|
|
||||||
echo ">>> !!!!!"
|
|
||||||
echo ">>> !!!!!"
|
|
||||||
echo ">>> !!!!!"
|
|
||||||
echo ">>> !!!!! Copy this signature to .sops.yaml: "
|
|
||||||
|
|
||||||
# Currently only RSA keys are allowed
|
|
||||||
sudo ssh-to-pgp \
|
|
||||||
-comment "Generated `date +%Y.%m.%d`" \
|
|
||||||
-email "root@`hostname`" \
|
|
||||||
-i /etc/ssh/ssh_host_rsa_key \
|
|
||||||
-o /etc/nixos/git/keys/hosts/$(hostname).asc
|
|
||||||
|
|
||||||
echo ">>> !!!!!"
|
|
||||||
echo ">>> !!!!!"
|
|
||||||
echo ">>> !!!!!"
|
|
||||||
|
|
||||||
# Set up ssh keys
|
|
||||||
echo ">>> Setting up SSH Keys..... "
|
|
||||||
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -N ""
|
|
||||||
echo "" >> ./keys/ssh/keys.txt
|
|
||||||
echo "# (`date`) `whoami`@`hostname`" >> ./keys/ssh/keys.txt
|
|
||||||
cat /home/albert/.ssh/id_ed25519.pub >> ./keys/ssh/keys.txt
|
|
||||||
|
|
||||||
# echo ">>> Setting up Distributed Build SSH Keys..... "
|
|
||||||
# sudo ssh-keygen -t ed25519 -f /root/.ssh/id_ed25519 -N ""
|
|
||||||
# echo "" >> ./keys/ssh/builder-keys.txt
|
|
||||||
# echo "# (`date`) root@`hostname`" >> ./keys/ssh/builder-keys.txt
|
|
||||||
# sudo cat /root/.ssh/id_ed25519.pub >> ./keys/ssh/builder-keys.txt
|
|
||||||
|
|
||||||
# Add all changes to git and and push
|
|
||||||
echo ">>> Pushing to git..... "
|
|
||||||
git add keys/hosts/`hostname`.asc
|
|
||||||
git commit -am "Setup: `hostname`"
|
|
||||||
git push
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo
|
|
||||||
echo ">>> Complete. Once '.sops.yaml' is updated, "
|
|
||||||
echo ">>> run 'update-secrets' and reboot."
|
|
||||||
echo
|
|
||||||
echo
|
|
||||||
echo ">>> Reminder: Upload these changes to git"
|
|
||||||
|
|
||||||
popd
|
|
|
@ -10,19 +10,19 @@ sudo mkdir /home/albert/.config
|
||||||
sudo chown albert:albert /home/albert/.config
|
sudo chown albert:albert /home/albert/.config
|
||||||
sudo chown -R albert:root /nix/var/nix/profiles/per-user/albert
|
sudo chown -R albert:root /nix/var/nix/profiles/per-user/albert
|
||||||
home-manager switch -b backup --flake /etc/nixos/git
|
home-manager switch -b backup --flake /etc/nixos/git
|
||||||
source ~/.bashrc
|
# source ~/.bashrc
|
||||||
|
|
||||||
# Import and trust the GPG key
|
# Import and trust the GPG key
|
||||||
echo ">>> Setting up user GPG key..... "
|
# echo ">>> Setting up user GPG key..... "
|
||||||
drive=$(lsblk -o serial,name | grep NGN130R000980P2202 | awk {'print $2'})
|
# drive=$(lsblk -o serial,name | grep NGN130R000980P2202 | awk {'print $2'})
|
||||||
sudo mkdir -p /tmp/drive
|
# sudo mkdir -p /tmp/drive
|
||||||
sudo cryptsetup luksOpen /dev/${drive}3 usb-luks
|
# sudo cryptsetup luksOpen /dev/${drive}3 usb-luks
|
||||||
sudo mount /dev/mapper/usb-luks /tmp/drive
|
# sudo mount /dev/mapper/usb-luks /tmp/drive
|
||||||
gpg --import /tmp/drive/gpg/albert@sysctl.io/keys.pgp
|
# gpg --import /tmp/drive/gpg/albert@sysctl.io/keys.pgp
|
||||||
sudo umount /tmp/drive
|
# sudo umount /tmp/drive
|
||||||
sudo rmdir /tmp/drive
|
# sudo rmdir /tmp/drive
|
||||||
sudo cryptsetup luksClose /dev/mapper/usb-luks
|
# sudo cryptsetup luksClose /dev/mapper/usb-luks
|
||||||
echo -e "5\ny\n" | gpg --command-fd 0 --expert --edit-key albert@sysctl.io trust
|
# echo -e "5\ny\n" | gpg --command-fd 0 --expert --edit-key albert@sysctl.io trust
|
||||||
|
|
||||||
# Setup SOPS
|
# Setup SOPS
|
||||||
echo "Setting up SOPS keys..... "
|
echo "Setting up SOPS keys..... "
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
ssh-add > /dev/null &> /dev/null
|
ssh-add > /dev/null &> /dev/null
|
||||||
'';
|
'';
|
||||||
|
|
||||||
loginShellInit = ''ssh-add'';
|
loginShellInit = ''ssh-add > /dev/null &> /dev/null'';
|
||||||
interactiveShellInit = ''
|
interactiveShellInit = ''
|
||||||
if not set -q TMUX && not set -q DISABLE_TMUX
|
if not set -q TMUX && not set -q DISABLE_TMUX
|
||||||
if tmux has-session -t Main
|
if tmux has-session -t Main
|
||||||
|
@ -28,6 +28,16 @@
|
||||||
body = "__fish_default_command_not_found_handler $argv[1]";
|
body = "__fish_default_command_not_found_handler $argv[1]";
|
||||||
onEvent = "fish_command_not_found";
|
onEvent = "fish_command_not_found";
|
||||||
};
|
};
|
||||||
|
# GPG related functions
|
||||||
|
encrypt = ''
|
||||||
|
set output $argv-$(ddate).enc
|
||||||
|
gpg --encrypt --armor --output $output -r $PGP_KEY_ID "$argv" && echo "Encrypted: $argv -> $output"
|
||||||
|
'';
|
||||||
|
decrypt = ''
|
||||||
|
set output $(echo $argv | rev | cut -c16- | rev)
|
||||||
|
gpg --decrypt --output $output && echo "Decrypted: $argv -> $output"
|
||||||
|
'';
|
||||||
|
|
||||||
update_secrets = ''
|
update_secrets = ''
|
||||||
pushd /etc/nixos/git
|
pushd /etc/nixos/git
|
||||||
nix develop -c \
|
nix develop -c \
|
||||||
|
@ -42,26 +52,15 @@
|
||||||
popd
|
popd
|
||||||
'';
|
'';
|
||||||
# Build ISOs/SD Card Images
|
# Build ISOs/SD Card Images
|
||||||
nixos-build-all-images-verbose = ''
|
|
||||||
echo "Building Linode image..."
|
|
||||||
nixos-build-linode-img-verbose
|
|
||||||
echo "Building Raspberry Pi image..."
|
|
||||||
nixos-build-pi-img-verbose
|
|
||||||
echo "Building ISO Console image..."
|
|
||||||
nixos-build-console-verbose
|
|
||||||
echo "Building ISO Desktop image..."
|
|
||||||
nixos-build-desktop-verbose
|
|
||||||
ls -lah ~/ | grep nixos
|
|
||||||
'';
|
|
||||||
nixos-build-all-images = ''
|
nixos-build-all-images = ''
|
||||||
echo "Building Linode image..."
|
echo "Building Linode image..."
|
||||||
nixos-build-linode-img
|
nixos-build-linode-img $argv
|
||||||
echo "Building Raspberry Pi image..."
|
echo "Building Raspberry Pi image..."
|
||||||
nixos-build-pi-img
|
nixos-build-pi-img $argv
|
||||||
echo "Building ISO Console image..."
|
echo "Building ISO Console image..."
|
||||||
nixos-build-console
|
nixos-build-console $argv
|
||||||
echo "Building ISO Desktop image..."
|
echo "Building ISO Desktop image..."
|
||||||
nixos-build-desktop
|
nixos-build-desktop $argv
|
||||||
ls -lah ~/ | grep nixos
|
ls -lah ~/ | grep nixos
|
||||||
'';
|
'';
|
||||||
nixos-build-pi-img-verbose = ''
|
nixos-build-pi-img-verbose = ''
|
||||||
|
@ -141,6 +140,11 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
shellAliases = {
|
shellAliases = {
|
||||||
|
|
||||||
|
# GPG Related
|
||||||
|
sign = "gpg --armor --clearsign";
|
||||||
|
verify = "gpg --verify";
|
||||||
|
|
||||||
prime-select = "nvidia-offload";
|
prime-select = "nvidia-offload";
|
||||||
screenshot = ''grim -g "$(slurp)" | wl-copy -t image/png'';
|
screenshot = ''grim -g "$(slurp)" | wl-copy -t image/png'';
|
||||||
|
|
||||||
|
|
|
@ -12,9 +12,16 @@
|
||||||
|
|
||||||
programs.bash.sessionVariables = {
|
programs.bash.sessionVariables = {
|
||||||
# SOPS comma delimited list of GPG keys allowed to edit files
|
# SOPS comma delimited list of GPG keys allowed to edit files
|
||||||
|
# TODO Update old key fingerprints
|
||||||
SOPS_PGP_FP = "D98BBC6C9A27324654C2D8C464F6C4EB46C4543A";
|
SOPS_PGP_FP = "D98BBC6C9A27324654C2D8C464F6C4EB46C4543A";
|
||||||
|
TEST = "Hello World.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
programs.fish.shellInit = ''
|
||||||
|
set SOPS_PGP_FP "4A89D6B44B7E423B647C7AE848FBC3335A26DED6"
|
||||||
|
set PGP_KEY_ID "48FBC3335A26DED6"
|
||||||
|
'';
|
||||||
|
|
||||||
sops = {
|
sops = {
|
||||||
gnupg.home = "~/.gnupg/";
|
gnupg.home = "~/.gnupg/";
|
||||||
gnupg.sshKeyPaths = [];
|
gnupg.sshKeyPaths = [];
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Comment: 4A89 D6B4 4B7E 423B 647C 7AE8 48FB C333 5A26 DED6
|
||||||
|
Comment: Albert Copeland <albert@sysctl.io>
|
||||||
|
|
||||||
mQINBGY0tJkBEACq+55CkqrHmqF+YHWrIgSbmmLfpo5OZTBlqfDQmrubuP8Kc1Io
|
mQINBGY0tJkBEACq+55CkqrHmqF+YHWrIgSbmmLfpo5OZTBlqfDQmrubuP8Kc1Io
|
||||||
Nq3EBWQOhWt0VeZ0hYpI9c5z3Oy2U9gF8NZDbXk6IEBBBxwlwF/l2LPT9oO/rHyR
|
Nq3EBWQOhWt0VeZ0hYpI9c5z3Oy2U9gF8NZDbXk6IEBBBxwlwF/l2LPT9oO/rHyR
|
||||||
|
|
Loading…
Reference in a new issue