mirror of
https://github.com/itme-brain/nixos.git
synced 2026-03-24 00:29:43 -04:00
Compare commits
No commits in common. "cf9b8b1951e998fe8b333a53404233a3c8954924" and "5ccbc214a1b5286b56350e7a07d50c21861ad361" have entirely different histories.
cf9b8b1951
...
5ccbc214a1
32 changed files with 157 additions and 298 deletions
|
|
@ -1,14 +0,0 @@
|
|||
{ lib, pkgs, config, ... }:
|
||||
|
||||
with lib;
|
||||
{
|
||||
options = {
|
||||
machines = mkOption {
|
||||
description = "Machine Configurations";
|
||||
type = types.attrs;
|
||||
default = {
|
||||
keys = import ./keys { inherit lib; };
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
{ lib }:
|
||||
|
||||
with builtins;
|
||||
let
|
||||
extractName = filename:
|
||||
let
|
||||
# Remove .key extension
|
||||
noKey = lib.removeSuffix ".key" filename;
|
||||
# Remove .pub/.priv/.public/.private markers
|
||||
noMarkers = replaceStrings
|
||||
[ ".pub" ".priv" ".public" ".private" ]
|
||||
[ "" "" "" "" ]
|
||||
noKey;
|
||||
in noMarkers;
|
||||
|
||||
constructKeys = dir: (
|
||||
listToAttrs (
|
||||
map (subdir: {
|
||||
name = subdir;
|
||||
value = listToAttrs (
|
||||
map (file: {
|
||||
name = extractName file;
|
||||
value = readFile "${dir}/${subdir}/${file}";
|
||||
}) (filter (file:
|
||||
(readDir "${dir}/${subdir}").${file} == "regular" &&
|
||||
lib.hasSuffix ".key" file
|
||||
) (attrNames (readDir "${dir}/${subdir}")))
|
||||
);
|
||||
}) (filter (node: (readDir dir).${node} == "directory") (attrNames (readDir dir)))
|
||||
)
|
||||
);
|
||||
in
|
||||
constructKeys ./.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
# Desktop Keys
|
||||
|
||||
ssh.pub.key - ~/.ssh/id_rsa
|
||||
|
|
@ -3,7 +3,6 @@
|
|||
{
|
||||
imports = [
|
||||
../../../user/config
|
||||
../../config
|
||||
./hardware.nix
|
||||
./system.nix
|
||||
./modules/disko
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ in
|
|||
isNormalUser = true;
|
||||
extraGroups = config.user.groups
|
||||
++ [ "video" "audio" "kvm" "libvirtd" "dialout" ];
|
||||
openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.graphone}" ];
|
||||
openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.android}" ];
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -94,7 +94,20 @@ in
|
|||
enable = true;
|
||||
allowedTCPPorts = [ 22 80 443 ];
|
||||
};
|
||||
nameservers = [ "192.168.0.154" ];
|
||||
nameservers = [ "127.0.0.1" ];
|
||||
};
|
||||
|
||||
services.dnsmasq = {
|
||||
enable = true;
|
||||
settings = {
|
||||
# Only specific subdomains go to local server
|
||||
address = [
|
||||
"/git.ramos.codes/192.168.0.154"
|
||||
"/frigate.ramos.codes/192.168.0.154"
|
||||
"/test.ramos.codes/192.168.0.154"
|
||||
];
|
||||
server = [ "1.1.1.1" "8.8.8.8" ];
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@
|
|||
{
|
||||
imports = [
|
||||
../../../user/config
|
||||
../../config
|
||||
./hardware.nix
|
||||
./system.nix
|
||||
];
|
||||
|
|
|
|||
|
|
@ -8,19 +8,6 @@
|
|||
nginx.enable = true;
|
||||
forgejo.enable = true;
|
||||
frigate.enable = false;
|
||||
immich.enable = true;
|
||||
|
||||
backup = {
|
||||
enable = true;
|
||||
recipients = [
|
||||
"${config.user.keys.age.yubikey}"
|
||||
"${config.machines.keys.desktop.ssh}"
|
||||
];
|
||||
paths = [ "/root/.config/rclone" ];
|
||||
destination = "gdrive:backups/server";
|
||||
schedule = "daily";
|
||||
keepLast = 2;
|
||||
};
|
||||
};
|
||||
|
||||
users.users = {
|
||||
|
|
@ -28,7 +15,7 @@
|
|||
isNormalUser = true;
|
||||
extraGroups = config.user.groups;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"${config.machines.keys.desktop.ssh}"
|
||||
"${config.user.keys.ssh.desktop}"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
@ -111,26 +98,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
services.dnsmasq = {
|
||||
enable = true;
|
||||
settings = {
|
||||
# All *.ramos.codes subdomains -> local server
|
||||
address = "/.ramos.codes/192.168.0.154";
|
||||
# Except www, http, https and bare domain -> forward to upstream
|
||||
server = [
|
||||
"/www.ramos.codes/1.1.1.1"
|
||||
"/http.ramos.codes/1.1.1.1"
|
||||
"/https.ramos.codes/1.1.1.1"
|
||||
"/ramos.codes/1.1.1.1"
|
||||
"1.1.1.1"
|
||||
"8.8.8.8"
|
||||
];
|
||||
cache-size = 1000;
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedUDPPorts = [ 53 ];
|
||||
|
||||
services.fail2ban = {
|
||||
enable = true;
|
||||
maxretry = 5;
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@
|
|||
{
|
||||
imports = [
|
||||
../../../user/config
|
||||
../../config
|
||||
./hardware.nix
|
||||
./system.nix
|
||||
];
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
${config.user.name} = {
|
||||
isNormalUser = true;
|
||||
extraGroups = config.user.groups;
|
||||
openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.yubikey}" ];
|
||||
openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.primary}" ];
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@
|
|||
{
|
||||
imports = [
|
||||
../../../user/config
|
||||
../../config
|
||||
./hardware.nix
|
||||
./system.nix
|
||||
];
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ with lib;
|
|||
extraGroups = config.user.groups
|
||||
++ [ "video" "audio" "kvm" "libvirtd" "dialout" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"${config.user.keys.ssh.yubikey}"
|
||||
"${config.user.keys.ssh.primary}"
|
||||
"${config.user.keys.ssh.work}"
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@
|
|||
{
|
||||
imports = [
|
||||
../../../user/config
|
||||
../../config
|
||||
./system.nix
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,7 +9,8 @@
|
|||
isNormalUser = true;
|
||||
extraGroups = config.user.groups;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"${config.user.keys.ssh.yubikey}"
|
||||
"${config.user.keys.ssh.primary}"
|
||||
"${config.user.keys.ssh.windows}"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,96 +0,0 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.system.backup;
|
||||
|
||||
recipientArgs = concatMapStrings (r: "-r '${lib.strings.trim r}' ") cfg.recipients;
|
||||
|
||||
# Convert absolute paths to relative for tar, preserving structure
|
||||
# e.g., /var/lib/forgejo -> var/lib/forgejo
|
||||
tarPaths = map (p: removePrefix "/" p) cfg.paths;
|
||||
|
||||
backupScript = pkgs.writeShellScript "backup" ''
|
||||
set -euo pipefail
|
||||
|
||||
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
|
||||
BACKUP_NAME="backup-$TIMESTAMP.tar.age"
|
||||
TEMP_DIR=$(mktemp -d)
|
||||
trap "rm -rf $TEMP_DIR" EXIT
|
||||
|
||||
echo "Starting backup: $BACKUP_NAME"
|
||||
echo "Paths: ${concatStringsSep " " cfg.paths}"
|
||||
|
||||
export PATH="${pkgs.age-plugin-yubikey}/bin:$PATH"
|
||||
${pkgs.gnutar}/bin/tar -C / -cf - ${concatStringsSep " " tarPaths} | \
|
||||
${pkgs.age}/bin/age ${recipientArgs} -o "$TEMP_DIR/$BACKUP_NAME"
|
||||
|
||||
${pkgs.rclone}/bin/rclone --config /root/.config/rclone/rclone.conf copy "$TEMP_DIR/$BACKUP_NAME" "${cfg.destination}"
|
||||
|
||||
# Prune old backups
|
||||
${pkgs.rclone}/bin/rclone --config /root/.config/rclone/rclone.conf lsf "${cfg.destination}" | \
|
||||
sort -r | \
|
||||
tail -n +$((${toString cfg.keepLast} + 1)) | \
|
||||
while read -r old; do
|
||||
${pkgs.rclone}/bin/rclone --config /root/.config/rclone/rclone.conf delete "${cfg.destination}/$old"
|
||||
done
|
||||
|
||||
echo "Backup complete"
|
||||
'';
|
||||
|
||||
in
|
||||
{
|
||||
options.modules.system.backup = {
|
||||
enable = mkEnableOption "Encrypted backups";
|
||||
|
||||
paths = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = "Absolute paths to include in backup (structure preserved)";
|
||||
};
|
||||
|
||||
recipients = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = "Age public keys for encryption";
|
||||
};
|
||||
|
||||
destination = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "Rclone destination";
|
||||
};
|
||||
|
||||
schedule = mkOption {
|
||||
type = types.str;
|
||||
default = "daily";
|
||||
description = "Systemd calendar expression";
|
||||
};
|
||||
|
||||
keepLast = mkOption {
|
||||
type = types.int;
|
||||
default = 3;
|
||||
description = "Number of backups to keep";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.rclone ];
|
||||
|
||||
systemd.services.backup = {
|
||||
description = "Encrypted backup";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = backupScript;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.timers.backup = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnCalendar = cfg.schedule;
|
||||
Persistent = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -19,7 +19,7 @@ in
|
|||
isSystemUser = true;
|
||||
group = "git";
|
||||
home = "/var/lib/forgejo";
|
||||
shell = "${pkgs.bash}/bin/bash";
|
||||
shell = "${pkgs.git}/bin/git-shell";
|
||||
};
|
||||
|
||||
users.users.nginx = mkIf nginx.enable {
|
||||
|
|
@ -28,7 +28,6 @@ in
|
|||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/lib/forgejo 0750 git git -"
|
||||
"d /var/lib/forgejo/.ssh 0700 git git -"
|
||||
"d /var/lib/forgejo/custom 0750 git git -"
|
||||
"d /var/lib/forgejo/data 0750 git git -"
|
||||
];
|
||||
|
|
@ -39,36 +38,14 @@ in
|
|||
group = "git";
|
||||
stateDir = "/var/lib/forgejo";
|
||||
|
||||
settings = {
|
||||
DEFAULT = {
|
||||
APP_NAME = "Git Server";
|
||||
APP_SLOGAN = "";
|
||||
};
|
||||
|
||||
server = {
|
||||
DOMAIN = "git.${domain}";
|
||||
ROOT_URL = "https://git.${domain}/";
|
||||
PROTOCOL = "http+unix";
|
||||
HTTP_ADDR = socketPath;
|
||||
SSH_DOMAIN = "git.${domain}";
|
||||
SSH_PORT = 22;
|
||||
START_SSH_SERVER = false;
|
||||
LANDING_PAGE = "explore";
|
||||
};
|
||||
|
||||
service = {
|
||||
REGISTER_MANUAL_CONFIRM = true;
|
||||
DISABLE_REGISTRATION = false;
|
||||
DEFAULT_ALLOW_CREATE_ORGANIZATION = false;
|
||||
};
|
||||
|
||||
admin = {
|
||||
DISABLE_REGULAR_ORG_CREATION = true;
|
||||
};
|
||||
|
||||
auth = {
|
||||
ENABLE_BASIC_AUTHENTICATION = true;
|
||||
};
|
||||
settings.server = {
|
||||
DOMAIN = "git.${domain}";
|
||||
ROOT_URL = "https://git.${domain}/";
|
||||
PROTOCOL = "http+unix";
|
||||
HTTP_ADDR = socketPath;
|
||||
SSH_DOMAIN = "git.${domain}";
|
||||
SSH_PORT = 22;
|
||||
START_SSH_SERVER = false;
|
||||
};
|
||||
|
||||
database = {
|
||||
|
|
@ -77,10 +54,6 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
modules.system.backup.paths = [
|
||||
"/var/lib/forgejo"
|
||||
];
|
||||
|
||||
services.nginx.virtualHosts."git.${domain}" = mkIf nginx.enable {
|
||||
useACMEHost = domain;
|
||||
forceSSL = true;
|
||||
|
|
|
|||
|
|
@ -1,38 +0,0 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.system.immich;
|
||||
nginx = config.modules.system.nginx;
|
||||
domain = "ramos.codes";
|
||||
port = 2283;
|
||||
|
||||
in
|
||||
{
|
||||
options.modules.system.immich = {
|
||||
enable = mkEnableOption "Immich Photo Server";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.immich = {
|
||||
enable = true;
|
||||
port = port;
|
||||
host = "127.0.0.1";
|
||||
mediaLocation = "/var/lib/immich";
|
||||
machine-learning.enable = false;
|
||||
};
|
||||
|
||||
modules.system.backup.paths = [
|
||||
"/var/lib/immich"
|
||||
];
|
||||
|
||||
services.nginx.virtualHosts."photos.${domain}" = mkIf nginx.enable {
|
||||
useACMEHost = domain;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -14,7 +14,7 @@ in
|
|||
name = "bryan";
|
||||
email = "bryan@ramos.codes";
|
||||
shell = bash;
|
||||
keys = import ./keys { inherit lib; };
|
||||
keys = import ./keys;
|
||||
|
||||
groups = [ "wheel" "networkmanager" "home-manager" "input" ];
|
||||
bookmarks = import ./bookmarks;
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
# Age Keys
|
||||
|
||||
yubikey.pub.key - Cold storage backup for age encryption
|
||||
|
|
@ -1 +0,0 @@
|
|||
age1yubikey1qfapxqnnkh92zkgayzzm9n0gtpkwaqcvrzy4d4xa4rxnjua8vjhy72hh9r9
|
||||
|
|
@ -1,17 +1,13 @@
|
|||
{ lib }:
|
||||
|
||||
with builtins;
|
||||
let
|
||||
extractName = filename:
|
||||
extractName = string:
|
||||
let
|
||||
# Remove .key extension
|
||||
noKey = lib.removeSuffix ".key" filename;
|
||||
# Remove .pub/.priv/.public/.private markers
|
||||
noMarkers = replaceStrings
|
||||
[ ".pub" ".priv" ".public" ".private" ]
|
||||
[ "" "" "" "" ]
|
||||
noKey;
|
||||
in noMarkers;
|
||||
metadata = [
|
||||
"pub" "public" "priv" "private"
|
||||
"key" "file" "." "_" "-" "pk"
|
||||
];
|
||||
in
|
||||
replaceStrings metadata (builtins.map (_: "") metadata) string;
|
||||
|
||||
constructKeys = dir: (
|
||||
listToAttrs (
|
||||
|
|
@ -21,10 +17,7 @@ let
|
|||
map (file: {
|
||||
name = extractName file;
|
||||
value = readFile "${dir}/${subdir}/${file}";
|
||||
}) (filter (file:
|
||||
(readDir "${dir}/${subdir}").${file} == "regular" &&
|
||||
lib.hasSuffix ".key" file
|
||||
) (attrNames (readDir "${dir}/${subdir}")))
|
||||
}) (filter (node: (readDir "${dir}/${subdir}").${node} == "regular") (attrNames (readDir "${dir}/${subdir}")))
|
||||
);
|
||||
}) (filter (node: (readDir dir).${node} == "directory") (attrNames (readDir dir)))
|
||||
)
|
||||
|
|
|
|||
|
|
@ -1,5 +0,0 @@
|
|||
# PGP Keys
|
||||
|
||||
yubikey.pub.key -
|
||||
work.pub.key -> bryan.ramos@concurrent-rt.com
|
||||
ccur.pub.key -> ?
|
||||
109
src/user/config/keys/pgp/windows.pub.key
Normal file
109
src/user/config/keys/pgp/windows.pub.key
Normal file
|
|
@ -0,0 +1,109 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBGcvfPEBEADDOLjLG3Ay0EmvbC8OySQElS9NkdUeq9XU01CDcqo9iH4S84dR
|
||||
cApM9YocnC4foqFy/mJ5RtDPDq2Bwkt80OVe3uv9ZUwC6Mx9ZKOqUDNC5nNaA9kx
|
||||
bByVbaKFQH6WAJWM83W52NUoQFdpkFrgn1dwMP/Q/DMJKOh10lMI11ziG2o1DNpf
|
||||
SYhXb10qD7z1s96RRpWlyY0C64yHZtZ7kyhzlo3zxUOGy3Xrrkv+2f0n+sBBHRfP
|
||||
QFB7h8HduUYZJ8u+CuTS0Fl1rd1K5MVGxQrW1OfWKGUHyggPP3tlc2eSAntWQ1W3
|
||||
o7ret4yoNRMe8XfYcWMG9Eoc8U1/VsPO4YTQgMqZrICja9XeldTBoBbkmMePZO0r
|
||||
XKm1TN8vbzZvHaON1+MISJGx6j5evmfs6vz70IE1DWJ9H0IG6L/SwZLFxeg6MU+C
|
||||
5xh/IC59CwFJJrLqcXutqnxbu5brXauiIzlVucJ9p1nwODkQPeDcLHTU6P5m6FkC
|
||||
8PLxKvCWh+uuy8jZay9C4uoYfiKgM4/ixLKYoDPm3J26JWZU7prsY91/yYUmfc9T
|
||||
fb/uMWpsrVmdOrCrTIFyT4xPYFDn1L44j5qV3ofq3OQpq8lu/EmDmH/PTmWwLz4i
|
||||
cs2E+4uROlKqYYmkyaL4GopWk5LyzS9ToHKQBT3Io4y2QdYlnPCckOAIpwARAQAB
|
||||
tClCcnlhbiBSYW1vcyAod2luZG93cykgPGJyeWFuQHJhbW9zLmNvZGVzPokCTAQT
|
||||
AQoANgQLCQgHBBUKCQgFFgIDAQACHgUCF4AWIQTPP4g9xyNrKgYe2zzureX+FD+y
|
||||
HAUCZy99VgIbAQAKCRDureX+FD+yHOpqD/4xJwk1IZV/9MLPaJv0K/Isu0K1jynE
|
||||
5O7iPedXurSbl38tPP92/8QOBzPT/xBGCuECVZyjpyNJzhs11e+HcRXLZN+dUb32
|
||||
eWwtylibc+yVGpms+aVfwXpL0YtGD/rX/942v+nF1iLNz6JSLudS5JSLywIVZpI5
|
||||
scguBPd7CkM1lmiSp/vDhs1dzMnJHWdoP2OnTOYxsRYIuMBhMU8aGSnEDHzszZTe
|
||||
An0ytlPbZry2SOSzDG/EsSxrWHu0PQXkZ6/OjlMXMiPbEqrgvFnCfTmc0Pf0ETRX
|
||||
SInNr49ezjygpBhFS02tGemg+M6PlRns40rdZtT9/XizkqoqnerUYqrfJ3ST/W4U
|
||||
hx7GpJGgx+PrtySFaHpbWTos5AndTWjkEkMZN2hzUqWQCd3B8HQHOSebp9prEQl0
|
||||
nYTaFSpZoGYeGD9JyLw5mErfDdHrOict58mq5WDOrREYbZMqLUOFx0Z7N5M1uDYK
|
||||
Jbk2itHVJNwyBfAZZ9ZFeE1Id7DBMdK+EDP4xqz0oPYwnpvex4+W0Ke28AKRATMV
|
||||
+BeDBZKCXhqoScqhDsddmBpu5wjKVuz+QdNP/yKUjk8JqMi1sR6l1WMp0aeCSunf
|
||||
hqVCIMrGZvEVHOhKQNWs4ySWPCLKoBpsz/tycih06LOiJXuQhqJ9Vq6XxufPvFXB
|
||||
8Tj1wWqk9rhHobkCDQRnL32EARAAwSU64xTvvcXGZF0Nn3/q1hPvUtMeuBNuzRzl
|
||||
CviHI8I1oQJ2uLFfZWV3f+Rb4uNyoSWh94ZGAx4qD23WuZNr44JUGfu2wf7UPD9D
|
||||
IOVAVc8V1nC6Q9+DawLB7orrHD3bnaZRg260KoRNSJEqlJgM4uQtt1aXa5ltWJCd
|
||||
I6TknwVqYRmHYTykYsvD1nMSyQI3NfhIB/aSY+7oS9doDisCXi9wSoX4tMAIWbDV
|
||||
CC1J6U/WmKBLx+i8VCmiJRFU3g+5TUceNqITEv0UGioDBXTErBOeQiskGRCz03yw
|
||||
2h9hneGP/0vqwKZNUhYvATueTtzpaIigCwkSAiHTd7yyd0tnZMMOBwFVtFbb2l/A
|
||||
dPUIhOfOtybfYT4nHmrWBtkigNb7Vr/cO3SPyiVTeLon9g2Oi6arSjGSS+BO76xF
|
||||
N6HXpwTFqRcZD6ZW+6fu5mBsnHzwIYG9YR1/NW9z/3kXeJdas0O78JM1sVEAuU47
|
||||
gfM+1RSbs3CueIk32WM4B49qZ+HvwoVQIs/9933/ioohxmkN6tc8oBdoMPsa0hTM
|
||||
BWawuUfx/nqF9n/vaMK3btSPtz9VyBXxl9dc5kYBgO8FHqIeswig3KlssDYEwbVh
|
||||
u2z4SzNtLU1yVbdakbwRUACveK8F3bQ45DwsM0gEqy+rEcnkycuZSHGZ5bguCEpN
|
||||
MUUcwJMAEQEAAYkEawQYAQoAIBYhBM8/iD3HI2sqBh7bPO6t5f4UP7IcBQJnL32E
|
||||
AhsCAkAJEO6t5f4UP7IcwXQgBBkBCgAdFiEE9/MujKBsmqq1yXgU5dNUMpELN6wF
|
||||
AmcvfYQACgkQ5dNUMpELN6zDgA/5AUxKgQ9ujNoFWMTlRVKUU/Rmsojg+pMW276J
|
||||
XNWDNpENt32ozZr2+X/d0qZKgqRgraccXGknejrXNgmWJuk1wcyXUuUqmU4C53vC
|
||||
R0bsmtegNk/fMP4BNkR9oWvo4GavxrQeu6FcauTS8FOEj3oxxdiPhEtQTY1rpRw5
|
||||
lvO0YsluUa1glUlwlkW0q5bAc2VMs7n/fJkX3dQUIobGfFBEMEXmy/Qnf9S42Dv5
|
||||
etO+iLMQvCcS3jNudYhJpbcuFaMLKg57kdZrnMoDRlfF5jSxlxU8YsZQA0oQRFD8
|
||||
aQAgTAV9SGWIEowaehLmTMhGNvzThD3RXeUnX3tFd3eLWGqN/qPACwUofBCJEgxK
|
||||
7XBzhJmVrCvszR34fuQceK3RI4VGI3biMltGmqZnfuR0enR483dU3fQ/fASVuSB7
|
||||
a8GHCYDZ1ilhpDa+WAAMiCV4HLflwqPxDpEdMGH6yhBwKutX9ig/ytGIxsL9+t5E
|
||||
KfFYuONtSmBQxCfWIp3+vQzVIlmEG5JB6w9SF4NG5tCBQBQ5Uw13N6SwbU/psJ1z
|
||||
u9CvTFCCz3hmJmH4VTRniaKqidJnIQS0gTrgNbc5hjGO2P2XxEK1Og3K3sU054cO
|
||||
OnmsweDX8XswN9IQRJrN+sBous/YIrTA3Jk7Cmi1P268OIDpjErnUfISvJxfpq+6
|
||||
ahs3pHfweA/4+wSj2lSiEMCWC3Sog7368Ej+rw2CP4MUb13rX8+o7fvodZqvX68v
|
||||
qMpKvEOEgwmzx/622yaxxbUj/d5UeI4rH5xFJ/P2NJBazLlUdU9Q657XWXdTM4ET
|
||||
r3KnjNhQdKoUW8wwVcsQ+RSKH5jIWzfQmJXMfeafuS+76VkWNPipZDKx12tqxHZf
|
||||
VUjVWknLcryXYSRW0OPTgu0bsS5JA8ZTWSq+zSjYpksfVm1j/jxcmuF7vgy4T1wv
|
||||
STFEDqNBuAwxOWHxnsqGSF6ayM7iwMYtqAzlfybvHl0BTaj/Zz4FWqfShBh2TcTG
|
||||
8spt1l50dIaMJbQJHFE+VKSO4zu/cGGMnLINWIjgAiI1KFd2oehNx5q/dOaK0TAs
|
||||
m57RPwnZ1vFuRCKB0OtMDapdDmIXGg3QrSuxtsBXkkCS9N/X0FF6+XyM25fZ045G
|
||||
h0gPUU1G/lz6F6yYGEE9ly87VOTkpwcPeZJSHdBBM4MdO+urm9vqTdstD/dJuOOV
|
||||
B7ZKIKcir9mJ2yyaLx9eMKeiPz1mLHWT297QEg/iRW8MMkaV0HWRgtciUlzVzI86
|
||||
k+nGpbP8kqBzh7K0tbqSiy+8GpTyTL+3SjS4Ed3SHaxq5H8fUp+Fh3xBPHGOiA1/
|
||||
/ywCBysht4o6eKxfTC70fr6Egvng7qhh2NxS7pjsMNA2KMtCkfPjVbkCDQRnL32e
|
||||
ARAAtQUAFWyMlOTxzlSskcGtQTCPcQFJMo6XhomppSvWPhGl6lOof8QxAcX6XENG
|
||||
0qYcy1o2VpLHYB4dFPhvsgU0nvG4HIfejXqOnLsOg5pZduwCqH6dzJxbLU3Vq5Kr
|
||||
hYf/pgIoG7/JwRbf7kUFoZHoOPV5MrYWrfpypM0StUYBAygx/MCtM4W6ep5spWNL
|
||||
Qkg/hSuXCI/HdGk0+3yapSaQ+6J1wSlWn9lYNDD9micB4MIFLFt6MAARtJcuGCZ2
|
||||
OSVAKd69n76jT2m+AGi1nIa//gR9YSSDjdQgUKA/rIxQ4VyzlInworch46Cm256l
|
||||
1e2dp4TZNx0CtvUDd3NIGB67ghTU59v+e5NaJGqaH/bL+7gL2JJOo6NnHOGihuBD
|
||||
LWaqEqDvdquIT1FDn2nEEVknHvqDsLsedP6wjhuXHFcRnGyIVngujGfwUKjGGT3q
|
||||
tDVa/U+9bcIV2Fl78d6zdQ5Z/4IJgmopNT2ygm3rDJO1lwh+drP5cIgWCUhsox+Z
|
||||
dL8Htrs77Tglfc4UVGr7lJjduu0t7c9InElRy+W6nPUdleAzj8EAALPnohhnXGQC
|
||||
Mh7ImUkgOv8OJadrcIkixoGn/rEmy3Xmai+9y06m+OJ9QY6Th2sM6tWWyIw/g0IM
|
||||
FOvZlmINdD8J1RErLmpY+WYV95h2vDz5jxZujhSknYCjY7EAEQEAAYkCNgQYAQoA
|
||||
IBYhBM8/iD3HI2sqBh7bPO6t5f4UP7IcBQJnL32eAhsMAAoJEO6t5f4UP7IcY84P
|
||||
/RqUCS4hF6cwMRyAHQ2s3AZETodKmaZFucShIcMh0f+3aN/6Si2s44NFukbGHzhf
|
||||
S/4YUUwryoXyW8E7BV2+L65rBknIsuTUiwIeqBDwb3ySWB3CubHA+OBThPx85ElV
|
||||
pyjW/ctR/UDEFyF7Fml+DW5gkhuw6dYiFoKj1gPyGsdsvi7Z35zh6PyFPg95Cvr9
|
||||
KncfrVizNCcFSaLX4hYRlD/i+NwI4jEr4j+AqcNnIiHE7Bpg6gG2qkYbMJR/kma5
|
||||
9+Jrmp40In1TygKCqLEvGS25k6Sk5Sysh27ltWQHGaMeMv+tVqWWvbyfPgxQH6Lx
|
||||
08rCHz9GMcgRrVOtaoBrm82wEZiL5PO/ra3rx/xne1VZn+QWaRTWDwYEpsEmz8kY
|
||||
+rqRGiaHgqEHqa9h37OdkISZUhz3zQAcvGM/G/9j5ci92m/3Ck7f7IZ4yMTksEkn
|
||||
Hdu4wJXXRm4av7mIyYeTC+vmLqM8vhlRqveF2jKkLiB3yH1YvUrYJ0wjbsrRqmHg
|
||||
VRrINN3vgsQQ+PdzYvKMHgJcjQBwYqMxQHgxjniyYR+6y/sDF6GUjf5OEXqTFxFg
|
||||
eSy684gp8Rl4F+i/v+k6So3l4P1GngpEZg7dVMVSKuTezD73L1bR3jiSQYURLR19
|
||||
nRILXk1ktcbVqjo/kF2HFKFuHlOekqlhD/YFFsJ6LN4ZuQINBGcvfggBEAC3eMlv
|
||||
WWybrwoDwbwVnPgoUHq7DFATgzO5cW9bHvEOkp74Bi0dZtpgGF1od9m2MdJ9P+PW
|
||||
d6w6sHIP5/a08XCZLXBm+qPQxJkSy+zsNqlHMyqlUFcgmC1r7+R5h7yMrz0MN8ib
|
||||
567D755TbPkqi+MR3zg8kZERD015eeZfpLIrNfcDVv4VuDUxuXSLZ3d8XF756BCR
|
||||
TyW0Jypmsg80MPyujWdrRI51FvZxwxF2y7Om8Y/ktywu9BgjRGdZ4XyRQmJhpmNR
|
||||
/a7/tL5OsJsw/r5IMPJqPMoTWatDzbmfyxG34TP9XM/DhOfd9t7c3RDZVeWCWb8s
|
||||
WpzaKNn/vyoETf6IljfHLpXi973xCH/fHPqLyCP0Dt/JCVFeba6s9MOlkfmsydRP
|
||||
KA9TS+Pgqc6IBS/h3UkGcL/NJtTyWZdrM4zL9PJBipHVVuOvHzfeiHUdhw/1zoOK
|
||||
2FsMUmoWmfMXEWBWN4KHw9Wx45gxe686eI9eoS60NHwyZ6zvNLvms2Z8j33DOHVL
|
||||
CXxZL20pqqRaNHbYeESGkHr0HRvMURrZjgMhVnFWVJvVQHg4+LkRhO8RJtIRmRVr
|
||||
l3QPOl5bjIX/2PYwkdZP/ht5edjYQY8YJNtZZuKVU13DRXkxxNM1Epe1izqA8Ye/
|
||||
cdE26op/P7B/C83gxzMBcY4y13avF+39JOivTwARAQABiQItBBgBCgAhFiEEzz+I
|
||||
PccjayoGHts87q3l/hQ/shwFAmcvfggDGyAEAACLmRAAsP9Z9mjjls+IiZPYwPzj
|
||||
Z88XcoHtWMbU+gbnZDE9vKcesjbM5706gHXqT+FiVxfEN1aGxZtGdpYvTycveoYM
|
||||
Nx3CJvQP5dQYX8tNcOCU0Xs/TYDrt/5KGitDJhpLXQBzXNSpypEraYRchNc0twj7
|
||||
YMj0EOrFChojH5K93JJM07zSwDig1/9B04pguSegGliiyTuSeS573P2mmOGjn4D1
|
||||
uEbOGUZcOTPvaOub01GXOFyXKlU52sDgexe6vMnqZ2WbkrBF2+26cdCJUyRsRizu
|
||||
QmZPN/ZyOmD1VgZ91geKz4A33Qpq5QuwORfFgJYnXIHQfozy3rd5T705/l9jd8M6
|
||||
3/y4x4oT48tB3jpV/n+PwcklUdWA9UtpwPpLxlcb276RB+AT4OYE8VL7ZlfwGFnQ
|
||||
o6XfOWhJAxtgOPzpCH+Zmps0xN5btWWJvSOTjytXO1D0F6rmLBIpdYFhX/hiVoxY
|
||||
JUsYwKqorjZ7xoscieynf3Xn+hOkr5tJbBTdXwOWlFZNzl76dbOWHQWcJCnk9EVt
|
||||
2XRZWCuscFStOCcFVfewm6h36s52K2dDU719OSnaAgxpiDInbfJSrWWLtNWnWK4s
|
||||
lBW1khV3mIsVOVdwFBGWToBjNb435E7XieFflvW8q9eNIONCGhHWIh14PzcdU5Pf
|
||||
HRncE+dM4PA+Ge8YbBCL6pU=
|
||||
=X5C7
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# SSH Keys
|
||||
|
||||
yubikey.pub.key -> PGP derived from `pgp.yubikey.pub.key`
|
||||
work.pub.key - ?
|
||||
graphone.pub.key -> For Android `pass`
|
||||
1
src/user/config/keys/ssh/android.pub.key
Normal file
1
src/user/config/keys/ssh/android.pub.key
Normal file
|
|
@ -0,0 +1 @@
|
|||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJM1HutPcWXdeTaAXY7ha8SlgeZFtLJGwNa3Kd/DL/R38fq5+fkh3iCoHgv+iiKcordtVTMhbOsHhz3H+Jm274c="
|
||||
|
|
@ -1 +0,0 @@
|
|||
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJM1HutPcWXdeTaAXY7ha8SlgeZFtLJGwNa3Kd/DL/R38fq5+fkh3iCoHgv+iiKcordtVTMhbOsHhz3H+Jm274c=
|
||||
1
src/user/config/keys/ssh/primary.pub.key
Normal file
1
src/user/config/keys/ssh/primary.pub.key
Normal file
|
|
@ -0,0 +1 @@
|
|||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDl4895aB9P5p/lp8Hq5rHun4clvhyTSHFi3U2d6OOBoW5Fm+VcQnW/xbjmCBsXk5BdiowsBxQhwnzdfz/KJL7J5RobomUEaVRwb9UwT88eJveLp14BG8j2J3SjfyhrCX+4jkPx0bPQk1HGcuYY+tPEXf1q/ps88Dhu0CARBIzYQOTYY6b1qWzxpDoFZGHjKG8g5iY6FIu65yKKvvVy1f8IgZ3l3IpwBWVamxgkTcYY0QYSrmzo1n7TXxwrWbvenAqBsQ0cBPs+gVa3uIr+1TJl0Az5SElBVGu3LvUdlk58trtPUj6TQR3YUkg7Vjll7WHOdqhux5ZQNhjkOsHerf0Tw86e6cEzgeTuIbQHIb0LcsUunwKcuh2+au7RO599cvHn0+xZE5MZBxloDDaJ3JsiliM8kyPP/U3ERj03cWLW7BqbT+sfjAOl21RCzk0iQxk1wt/8VmtCr9Adv7IyrtaYvf/bwRP+g+9ldmzKGt8Mdb605uVzZ70H/LLm17f40Te+QHaex5by/6p6cuwEEZtgIg53Wpglu0rA6UxrBfQEHKl/Jt3FLeE0mnEyYkkR2MnHNtyWRIXtuqYZMAm2Ub1pFHH7jQV1gGiDVTw6a2eIwK21a/hXtRjFUpFd1nB1n+KNfJBE4zT3wm3Ud7mKw/6rWnoRyhYZvGXkFdp+iEs49Q=="
|
||||
1
src/user/config/keys/ssh/windows.pub.key
Normal file
1
src/user/config/keys/ssh/windows.pub.key
Normal file
|
|
@ -0,0 +1 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCo2BuGY1zz2UjY7/4Rq6rse3dDbxkSA+GyqI2xJi86dqzpmnsQPDYCM61xBNGIJWCQRSRPvNMhQjL8zFo2+u3EyFZXP7twO9mtZCyo5guBRUYuzoCNMtxHt7ZERVei2NI+T7ZmU34L1cuo+fSluhC62hGGD8mMO/wQURO9CwXN+JGAgP5jxLnHKfS6xP7FHDvH7XbbgiC1M7B1B7mCyjzLadQqQebkmJYDnKcdz424VBljxVHlrSjDU0wsnBNpj/nP4eTsnzL+dGTWxkLwUzCDeSIvNoFjSe617iGfYK7y9imZsIb6zAUY7zwFqCN9co9PRJzBDKKhygFNkoZ9/OjIRm0MXWEn7eFsiaO7mB+tSoGCgi+/R34tRaaelmDS6D09HdWBgnOSsqW8VIa1YhAuDzSk3p0UQrSNSTuwMLh5fwDF8fpZ5c7M4U6oJzzfRp/ssWuq6XUnrVt43OqlacgCctFzRcdyZjQedF//ucUoG5dudmvYOGX9NnYEuIYdGtMVneMzsoGTycSi7fAtLC7ORyj6Q3LiOR+rEE+t+Wvw7pmnzmc2PH/C3yVBZhLGPgR+rH0NIjPQa6TnX8Y2NOCn4T4vL7LGxVfVOYoMzRcgYdB1JmrUxz6TweBX3IIpkbV+EmGpq3f0vhJAF1kE6fsrcrw/jWzIIVbymV0fim+ZGQ== bryan@ramos.codes
|
||||
|
|
@ -1 +0,0 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDl4895aB9P5p/lp8Hq5rHun4clvhyTSHFi3U2d6OOBoW5Fm+VcQnW/xbjmCBsXk5BdiowsBxQhwnzdfz/KJL7J5RobomUEaVRwb9UwT88eJveLp14BG8j2J3SjfyhrCX+4jkPx0bPQk1HGcuYY+tPEXf1q/ps88Dhu0CARBIzYQOTYY6b1qWzxpDoFZGHjKG8g5iY6FIu65yKKvvVy1f8IgZ3l3IpwBWVamxgkTcYY0QYSrmzo1n7TXxwrWbvenAqBsQ0cBPs+gVa3uIr+1TJl0Az5SElBVGu3LvUdlk58trtPUj6TQR3YUkg7Vjll7WHOdqhux5ZQNhjkOsHerf0Tw86e6cEzgeTuIbQHIb0LcsUunwKcuh2+au7RO599cvHn0+xZE5MZBxloDDaJ3JsiliM8kyPP/U3ERj03cWLW7BqbT+sfjAOl21RCzk0iQxk1wt/8VmtCr9Adv7IyrtaYvf/bwRP+g+9ldmzKGt8Mdb605uVzZ70H/LLm17f40Te+QHaex5by/6p6cuwEEZtgIg53Wpglu0rA6UxrBfQEHKl/Jt3FLeE0mnEyYkkR2MnHNtyWRIXtuqYZMAm2Ub1pFHH7jQV1gGiDVTw6a2eIwK21a/hXtRjFUpFd1nB1n+KNfJBE4zT3wm3Ud7mKw/6rWnoRyhYZvGXkFdp+iEs49Q==
|
||||
|
|
@ -7,7 +7,7 @@ let
|
|||
pass-audit
|
||||
pass-otp
|
||||
pass-update
|
||||
#pass-tomb
|
||||
pass-tomb
|
||||
]);
|
||||
|
||||
in
|
||||
|
|
|
|||
|
|
@ -18,7 +18,12 @@ in
|
|||
};
|
||||
publicKeys = [
|
||||
{
|
||||
text = "${config.user.keys.pgp.yubikey}";
|
||||
text = "${config.user.keys.pgp.primary}";
|
||||
trust = 5;
|
||||
}
|
||||
] ++ optionals (osConfig.networking.hostName == "desktop") [
|
||||
{
|
||||
text = "${config.user.keys.pgp.windows}";
|
||||
trust = 5;
|
||||
}
|
||||
] ++ optionals (osConfig.networking.hostName == "workstation") [
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue