From 53f162839a8ea42055ce424ba1a9587ba9c82819 Mon Sep 17 00:00:00 2001 From: Malte Brandy Date: Wed, 30 May 2018 02:28:11 +0200 Subject: [PATCH] Add secrecy --- hosts/apollo/secret/{pw-maralorn => pw-me} | Bin system/admin.nix | 13 ++++--------- system/secret/default.nix | Bin 186 -> 1486 bytes 3 files changed, 4 insertions(+), 9 deletions(-) rename hosts/apollo/secret/{pw-maralorn => pw-me} (100%) diff --git a/hosts/apollo/secret/pw-maralorn b/hosts/apollo/secret/pw-me similarity index 100% rename from hosts/apollo/secret/pw-maralorn rename to hosts/apollo/secret/pw-me diff --git a/system/admin.nix b/system/admin.nix index 9fce08ea..e47beb6b 100644 --- a/system/admin.nix +++ b/system/admin.nix @@ -1,23 +1,18 @@ let - keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+jbK/gzzarMHQc9R++i+llMHIh34lXr7FjIyjCdVjnLjKDE3mdJ6mh7JTJc9njn7s+6kZ7FAoDWe9QValR0OUlE3TRAD3wtu0Kud7LUPsR961Go84yRw3mVMZpJFJHYb4p2bTPcMMgFnj8+b5RfWJ1GU5gMOT7EIkpmytpien/IvBig8dzNQ152YQU9xiQ9dZspsMiSMP0pt5mU5tqGGA/5WCXgUPk19OhhEkak/VMNFPnRysk5ofmYWbitShciMAnTx1UHyDYCzbiHHN8Ud9UxkSVoR+q9RYbMfXsW04z5z8sRna1xDo8N9c3bZgcUXIBlIVBJPOaABpXO6+Ke3X pegasus" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+r1uf2Wuw3CwXS8HaU5fl99LL74Xnblr0SWoUGKHKoRqgtNg/a+Z++l87UhqBGm9eYuFLSYGRzzQiffGbtfRT/18G/pixiPYPQCOQp7lWRguGjs4ejGzgIy9CrAXEKDwI6294tvX/8WiQLckROYE2gVKyA70yM0QmlozwqU9mzsky81EwDOtltsQGbBTswVuzNHqMgZsDTg+aBd66qUSRWMgh3PfvQyJPd+EUrsQzdt6lTx1A/Vg2oPXP3xZIKpbgQzDXxtzz1a7H/QYkJkkjefAFeMa3Z+PpP4zFV0Wnrn3Ny4sC4kjgywt1CPwJX7WnrZxpQ3cmg3G/08MAl+wp maralorn@apollo" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvKq3AkhHDKTPMKhXZfZhLhgwqk186h1R/j2rDNYPqsh73AnfiyTZQQqX4O7chkFCEFsBmDrpaOg1fnzIA0OGYIx02KwUQa8W/1eC4AsgDVQGdRCVKNQ+LFrtFQB0yjzO1zzXMpp3/BhfkwftyrAPP431icum/bMgpfz+QexeSbmmQUXVydcSK02YLJHbDwaF2FxTD1gfoLcCdW36VCp6xBPDVrvlp6z9mU+TZS0UxG8ruh3Q9FFGQqJ6NTy14dj4H5pHW9toFB3uDqBltfoN6azW+DylyxgM6/0PwQn3rALmPv3Ye/Wp/p12o0YhFXWbFRhnrSv1zomU/xjSm0LXz brandy@fb04217" ]; - pw-file = "/etc/nixos/local/pw-maralorn"; in { users.users = { - maralorn = { - description = "Malte Brandy"; + "${me}" = { + description = "${me.name}"; isNormalUser = true; uid = 1000; extraGroups = [ "wheel" "systemd-journal" "networkmanager" "docker" ]; openssh.authorizedKeys.keys = keys; - passwordFile = pw-file; + passwordFile = "${me.pw-file}"; }; root = { openssh.authorizedKeys.keys = keys; - passwordFile = pw-file; + passwordFile = "${me.pw-file}"; }; }; } diff --git a/system/secret/default.nix b/system/secret/default.nix index 5bcc019cbb29b8630127fbbf8101ae2ee5444949..f3c12ad668527e61c20ae834159d416cb8172132 100644 GIT binary patch literal 1486 zcmV;<1u^;nM@dveQdv+`0K4;wF6q|Fpipu0(kF|B#;|*oQ3t_4-%WMvv+xtu?ornd7~2P7BCC;sEXML!+M;UCXx=O#69& z(c*;);B*2C8E)^sHYy*Lwm3Lg!d01=Q=nJ3fQ(xHTn&jsEiHtEX-Yn%_bMW+Wx0xx$hEbOYAA)K5oMX}*a7vGI893!U~2&<9#Dqr@LC0_O5)BrMep35Skc zD8ah;X83>qzipS|n>i#@?AoxlNxY?>4RF>41w_ZJz@9==7ZFy(rC4q9!?GrVn!4W- zF|GM4SMKGajM>g>J=N()Fu*9j&~0)T!<>jCO3BjY?RA=nH8{Txip~=RtUmRhGnwNo zU?k%;18x=!ohJVFQVfDJ6EhfC6{E_1F2A_WC@m&uM8QvIQMTNWmcY(nzyt7s3o66M z@(=1yox=!#ea(%`qTRb~y^tf*N25D!YznN#u6LgaKH9x0rfP>z&URl3QoL1>Qi&Xa zCK8at|BgU;NOPpo-4?B66~Cegw|?6;MC)*+%dG#P;9kuTRn|GHO+ohD6I1Yl_&R~{ z!@}|_{W3kHH6TS1?>Yo`)+L0~8ayL6bPomuw4s+_dCWG10%_Ox0o9LgvIRfEm-b35 z4TZ%OMbYyvRb52LwF?i&@EY1)^fjF)eGFlxkgo_u$<;%+QFCnuK^Z3pl}fYNt0|pU zb2Dw%{S?u=c8$Q0?qXv>pg5W`iIRN2p1;_zm8%p*ig*pJ=9tfieZz>3cvFpMXC=ia7!zE1P_~o+$Xjw^9M+sRK zGs-Tjbf+kkVEyVCZxlEl1@_0b^vT+{nVDhB_?~eRI z%)onU%WDDl=}V`cv`+On z4Mr=iPD-g_{rPRD9q0XMnx%PnTpFCt!~{_*_QkZw2Bmi2>cbNPO=z;rBUO+-QIB_- zsF(LjjY6&BqN5|UbcL1%rZ{kPTyF8bbW2-ln6YTIb=D(j&zDO(oSIQAaZ}K%BN;zR8?pf0 zss?l^dd^Jw+U`pis$=LTZh;I7vxD7FdV2p40odcak$u{q9qf#nR}B)}1=$FB^a@EM zDL&7m!!4_iitSqP79c!9=oqdD@AgA*lE0Jo(}kD6V&_Mq5uE@ literal 186 zcmV;r07d@*M@dveQdv+`0MGt#_pTp6ig7v*CW(|qsAX|qfC6AVPPfwet2nPp?%Lyv zyw_=Kuo<4|zXvBnLV{{Q5)+}jgYT#cIs}{b?@6M&mj(MGP$XeFRfs^{&!;SaaVZ}mgrM4xXJRFL0PtEz~u4)Nu-_LRDEh`!kP!7%p@}~#yeKICp+}+a~ op1WT%nv?ECu7s-fV$^Mq6q^jW>P8ql7O*r7@nyC+k0!t&2fuVz>;M1&