From a537a36f7bde0c4b57f277f4a990798d419f3f44 Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Tue, 18 Mar 2025 11:28:40 -0500 Subject: [PATCH] sops --- hosts/nas/apps/nextcloud/default.nix | 2 +- hosts/nas/home.nix | 23 +++++++++++++++++++++-- hosts/nas/sops.nix | 16 ---------------- hosts/nas/users.nix | 7 ------- 4 files changed, 22 insertions(+), 26 deletions(-) diff --git a/hosts/nas/apps/nextcloud/default.nix b/hosts/nas/apps/nextcloud/default.nix index b462668..5c0f596 100755 --- a/hosts/nas/apps/nextcloud/default.nix +++ b/hosts/nas/apps/nextcloud/default.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: let adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path; - smtppassword = builtins.readFile config.sops.secrets."jallen-nas/nextcloud/smtppassword".path; + smtppassword = "egzo mltu kkoc hrfe";#builtins.readFile config.sops.secrets."jallen-nas/nextcloud/smtppassword".path; nextcloudUserId = config.users.users.nix-apps.uid; nextcloudGroupId = config.users.groups.jallen-nas.gid; nextcloudPackage = pkgs.unstable.nextcloud30; diff --git a/hosts/nas/home.nix b/hosts/nas/home.nix index fb9aefa..276d0f9 100755 --- a/hosts/nas/home.nix +++ b/hosts/nas/home.nix @@ -29,14 +29,33 @@ in defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; validateSopsFiles = false; secrets = { - "ssh-keys-public/desktop-nixos" = { + "ssh-keys-public/jallen-nas" = { path = "/home/admin/.ssh/id_ed25519.pub"; mode = "0644"; }; - "ssh-keys-private/desktop-nixos" = { + "ssh-keys-private/jallen-nas" = { path = "/home/admin/.ssh/id_ed25519"; mode = "0600"; }; + "ssh-keys-public/desktop-nixos" = { + path = "/home/admin/.ssh/authorized_keys"; + mode = "0600"; + }; + + "ssh-keys-public/desktop-nixos-root" = { + path = "/home/admin/.ssh/authorized_keys2"; + mode = "0600"; + }; + + "ssh-keys-public/desktop-windows" = { + path = "/home/admin/.ssh/authorized_keys3"; + mode = "0600"; + }; + + "ssh-keys-public/macbook-macos" = { + path = "/home/admin/.ssh/authorized_keys4"; + mode = "0600"; + }; }; }; diff --git a/hosts/nas/sops.nix b/hosts/nas/sops.nix index d6253f1..029a370 100755 --- a/hosts/nas/sops.nix +++ b/hosts/nas/sops.nix @@ -92,22 +92,6 @@ ${config.sops.secrets."jallen-nas/paperless/authentik-client-secret".path} ''; - sops.secrets."ssh-keys-public/desktop-nixos" = { - mode = "0644"; - }; - - sops.secrets."ssh-keys-public/desktop-nixos-root" = { - mode = "0644"; - }; - - sops.secrets."ssh-keys-public/desktop-windows" = { - mode = "0644"; - }; - - sops.secrets."ssh-keys-public/macbook-macos" = { - mode = "0644"; - }; - sops.secrets."ssh-keys-public/jallen-nas-root" = { path = "/root/.ssh/id_ed25519.pub"; mode = "0600"; diff --git a/hosts/nas/users.nix b/hosts/nas/users.nix index e666839..23c8df2 100644 --- a/hosts/nas/users.nix +++ b/hosts/nas/users.nix @@ -2,12 +2,6 @@ let user = "admin"; passwordFile = config.sops.secrets."jallen-nas/admin_password".path; - authorizedKeyFiles = [ - config.sops.secrets."ssh-keys-public/desktop-nixos".path - config.sops.secrets."ssh-keys-public/desktop-nixos-root".path - config.sops.secrets."ssh-keys-public/desktop-windows".path - config.sops.secrets."ssh-keys-public/macbook-macos".path - ]; in { @@ -39,7 +33,6 @@ in ]; hashedPasswordFile = passwordFile; shell = pkgs.zsh; - openssh.authorizedKeys.keyFiles = authorizedKeyFiles; packages = with pkgs; [ cachix fastfetch