diff --git a/.sops.yaml b/.sops.yaml index a70fc952..ea220022 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,7 @@ keys: - &user-albert D98BBC6C9A27324654C2D8C464F6C4EB46C4543A - &host-nixos-laptop ca375f85e93f5327eca3e0af996236957c887168 - - &host-nixos-rpi4-01 KEY_GOES_HERE + - &host-nixos-rpi4-01 b8313b59194b577cb5a0187bbfd686dae3a80e78 creation_rules: - path_regex: secrets/secrets.yaml key_groups: diff --git a/README.md b/README.md index b9cd0c44..2b6e8372 100644 --- a/README.md +++ b/README.md @@ -114,9 +114,9 @@ Completed ToDo List [here](complete.md) --- # GPG Keys -1. Import the user private key: `gpg import gpg/users/albert/privkey.asc` +1. Import the user private key: `gpg --import gpg/users/albert/privkey.asc` 2. Mark it as trusted: `gpg --edit-key albert@sysctl.io`, then type `trust`, then `5` -3. On each new machine, run `nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o HOSTNAME.asc"` +3. On each new machine, run `sudo nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o $(hostname).asc"` * This will output the identifier you add to `.sops.yaml` * Move `HOSTNAME.asc` to `keys/hosts/` and upload to git and rename accordingly. diff --git a/keys/hosts/nixos-rpi4-01.asc b/keys/hosts/nixos-rpi4-01.asc index 743024df..abafd510 100644 --- a/keys/hosts/nixos-rpi4-01.asc +++ b/keys/hosts/nixos-rpi4-01.asc @@ -1 +1,28 @@ -Filler \ No newline at end of file +-----BEGIN PGP PUBLIC KEY BLOCK----- + +xsFNBAAAAAABEACu7xxwe0e0gn3aEZIeszdMxFTMWUzpsyxZbw+wUyMs326DwqDk +vkwtUVRO5vkDQjA7h+Fd+m0ZRILfJJzetgM3B+RjyqFt5sqkHjM43WiGmtXxdozK +o0A+yT0J9We1oLXInCfBXN/txl+IStrXJuwF4w0QeW3oLlS7q6yyNOZvm+iwfi8+ +4it+F172unBiX4LJvghFw3z8NXHxKwpcSEytg7aQtnpzy2+TLWQEnB1RfzFZKNZH +mHgvlShwHcGIrh8haNwvpFoGpXi3zHrD9ZIN9cKCkmkDHizQKslLCW9V3NWcIXre ++gVM2nWEC5Jn+Db83xACr6M1r88aE0ASVpq6jQA5adRYRrJxPsD2lPyth+6aPd/h +Q7AhzRFVPA90ecjaZ3XV+JPp0Gwe2HLY4MumOzb9kPN4gVQ3KOH0ur3jVOL1hzl5 +bZc/HnMpPtzYwEUUN28sGF7z+JN7/ACnW9Y3/mELrmrBseObEkkucuia8C3QQywA +CZGLdn0d+wGaXeeEpHVNjnt8vnniDqnBp/AeaPdSC9RyNVZoJ90OdSKqAz59kea9 +ILww37XUwy//Ash7INfQesdLQHdtoXCJ8MZENjQ4Y2uijL0uploSdtOjZ5CMg8ig +S5/wbVwKznCpdVE3T3z3jD0vfviaJN/IVAxjm3hUSUYFXGQjslcjbEZ2gwARAQAB +zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT +AQgAFgUCAAAAAAkQv9aG2uOoDngCGw8CGQEAALTSEABAIgeeyHVGj+Og1Qsch2fu +p11cR4bHpgh5YRw5klApnlcXtTcGTBNPXCdVpIcD/ceguqY4OIykT3IlAKwLTE7r +mV8mfcUZ/VCTHgTp++5cIHoxw9omOClnQ2aDmELK9dLEjyAUonxkVJZegZfZVsaw +3Uf+cHxtV5lpeNEmyzISaCs37Kb5pyI4pzBxwwbxSJmU/vTn8i7LLLwsn9Vxom8E +OBMRi9vt9fdiaITtKloGUDXHNL2DVtV3+18Kq0sLQ3eRfuHU+9o63qFmf3fqnk6q +eWW6E0iygvWn2YWnmgVyoQyvGK/m582ZagKTdA1xjZ1WqipxzscarY9wrDdt0uuZ +RrABL73b6UWy4Zfay+8AOOMaQyN801O/bBrqKwn2k4/lBG5fufOemAsIRF4PRzr4 +p2PSaQiyu05RsE2hsGF3cKCNqtR/Eyxn6lq9+t4J1sKzvWcs0vZJQRjcZyDnpGjR +9iZW/ybu/0/p6LGp3t/kEmM8wzQXoA4GsJfeFlxUMVfpWPUBxhSRAoV1uPEvG/+n +N7h/aMg6o2Num3zfxJoh19thRXUV/OiMfdDk+5cQci5FN7x7paJfCbIJ5ROVhIw6 +nDcPL9l/0dxLFOSofqgoW14dMfwrFEWLsQNQLbXBxrE9Vp4wbR5lQ2Pc+elVtjb9 +ggYqx13s4YRdCaKc3AK7cA== +=c+Sb +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/nixos/default.nix b/nixos/default.nix index d1719ece..cab6fb7f 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -44,6 +44,8 @@ gnupg jq eza + cryptsetup + parted ]; # Select internationalisation properties.