yadunut/nix
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

add inventory and move keys

Browse Source
This commit is contained in:
Yadunand Prem
2025-10-30 15:44:44 +08:00
parent 163d844af3
commit 2dd8d861d9
3 changed files with 28 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
inventory.nix Normal file
View File

@@ -0,0 +1,22 @@
{
nodes = {
nut-gc2 = {
hostname = "nut-gc2";
zerotierIp = "10.222.0.87";
sshHostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN2WBYhGKSXSYWwISsY1osfliVSS9J+W6uHBid5i2qey root@nut-gc2";
};
penguin = {
hostname = "penguin";
zerotierIp = "10.222.0.249";
sshHostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0NLOa9NNz7r3QODU0Oe/a5m+PFzcpM20aLwf+0wojT root@penguin";
};
};
# User SSH public keys (named) for authorization and agenix recipients.
userKeys = {
yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG yadunut";
"penguin-yadunut" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEg5wsPLOZvU6lT8cMUsStQqalh/Hw5u104QhOYPS8E yadunut@penguin";
};
}

5
lib/default.nix
View File

@@ -7,9 +7,8 @@
mkUser = mkUser =
attrs: attrs:
let let
sshKeys = [ inv = import ../inventory.nix;
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG" sshKeys = builtins.attrValues inv.userKeys;
];
in in
{ {
openssh.authorizedKeys.keys = sshKeys; openssh.authorizedKeys.keys = sshKeys;

18
secrets/secrets.nix
View File

@@ -1,19 +1,9 @@
let let
mbp-yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG yadunut"; inv = import ../inventory.nix;
penguin-yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEg5wsPLOZvU6lT8cMUsStQqalh/Hw5u104QhOYPS8E yadunut@penguin"; users = builtins.attrValues inv.userKeys;
users = [ systems = builtins.map (n: n.sshHostKey) (builtins.attrValues inv.nodes);
mbp-yadunut
penguin-yadunut
];
penguin-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0NLOa9NNz7r3QODU0Oe/a5m+PFzcpM20aLwf+0wojT root@penguin";
gc2-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN2WBYhGKSXSYWwISsY1osfliVSS9J+W6uHBid5i2qey root@nut-gc2";
systems = [
penguin-host
gc2-host
];
in in
{ {
"k3s.age".publicKeys = users ++ systems; "k3s.age".publicKeys = users ++ systems;
"btrbk-keyfile.age".publicKeys = systems ++ [ mbp-yadunut ]; "btrbk-keyfile.age".publicKeys = systems ++ [ inv.userKeys.yadunut ];
} }