youwen5/liminalOS
1
0
Fork 0
mirror of https://github.com/youwen5/nixos.git synced 2025-01-18 05:02:10 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

feat: overhaul key management for agenix

Browse source
This commit is contained in:
Youwen Wu 2024-12-27 20:12:15 -08:00
parent 39cbcd9c76
commit 4f510f7418
Signed by: youwen5
GPG key ID: 865658ED1FE61EC3
12 changed files with 48 additions and 96 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
reference/secrets/authorized_keys.nix Normal file
View file

@ -0,0 +1,13 @@
rec {
users = builtins.attrValues {
youwen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIwqDFdb/cs5K9gsgP0ogyuq5pv9hSxsyPnDcWc5wRKs";
runner = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEEBFBqlbHn3gMuV0i8U48xctZUWXkmHsCK1O6LRpXpj";
};
systems = builtins.attrValues {
demeter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4BRdoxPnmlhMD1kI7qXwVE//6h1XWUnkwpzDuJaAyC";
gallium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzDKscmZIz7GF0nfKpnKHq63/fwzx2PXir0mUtRDOgu";
};
all = users ++ systems;
}

BIN
reference/secrets/nixos/github_ssh_priv_key.age
View file

Binary file not shown.

37
reference/secrets/nixos/nix_config_github_pat.age
View file

@ -1,27 +1,12 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-rsa 4p6DaQ -> ssh-ed25519 ouRmYQ LcJhXf7RDzV69B18oyBQalIa7PuxKvgWf8WsQqS2QXQ
bQrpj5stBmy83Fk3M0sIno+WvcuNcc45JBUjlodontzHOig5ZduC26G8HXuegMVV FEAVwjc/S8FzBtBlVTNmnYiEBeqLJ1BgFlGGCCSKAFA
RWgv2Go/S2Rpbyq+u+l8acDmWfNRQyhpi20d+Erei4pYIBP0NvRntdCUDqcJNlI5 -> ssh-ed25519 lpWvhA gPmCbveLyfreFJBiSiwaA0PUwaPoWR3oxj6bcDCR32c
pFr6QbnUC6GI+zqobaRVJ3bg9DsNDb/HZHIkmZjLvO6uD2muAdLY9UdOQh0O/bKm z9PqoqZB4oExgdGHFczW/GfFXCwUAdX2y/6+OrAsvW4
1ZBAiBdtT3gZ2TWGk25XpCe+2If+aTsEHDBGOtjsofcaQgNG/+GEvpwSFopX80Nm -> ssh-ed25519 KcJLrw L0AgAq8eYHi4/DmkqpTa6zPachBjzALJDPmTw0ZvZkc
IrfS9DB+bm0WHt6gh/5wRpyYteIv7+Bd/M3pa00OYXbWDjFBmulXGb8UQ4RNJiJz OSeCrAA5cqyO+vldzWhtXqqbn/BMQRkvZMjB5hnDF2E
7ETRMHe50NTqxyOZC0iJ6GIr7zEbbpwEM5BCoat8R4VPZs5zJ8OUG2G0QfwD29nA -> ssh-ed25519 0Pd3rA VwOeP0xx3Dl1pFDeBnqLfMjuvHJo9JLNv1HWP4pYIyo
TlHVZT2wJP4xrjdmS9wUofLknRsEFxNWEjenibhrCSz837RS+z/Pvi4/+PTVwpQs u00jU8gTl5i9CcPEm8erkzVv8arX5FnMZS3hCYA1TPE
afQRK27wbMZpFkfxaZz5q6Xn+qWCFh8H8X0Ke78ycm4LvC0wjTR0DE705JC6F67c --- kpytaizU3BFiS+wK5Pwb2t09GtV4EZSc0AZexkFxxRE
X<EFBFBD>á(7!ñ@ž%¼Á{â\Dþ'¼–ì¼>åÑš<C391>صÎ
-> ssh-rsa pv6HEg ­Hk%h&¿%\$–èìñ=ÊQvìÀ($V/ò×´hËÕÕãOŠöüEÜîÛllb¸—® >݇ì O4ÆU(ä®Ù|᎑þÇ*ß·¦1M<>ÅcËÎ4ûs 9W“±T”ú&Ë.5©+»ʲ×BIQ
aKV2D6LoyPgaHnCQxsRDZ7dz1wuyz6VCNocsdZluwxwuO3z+SFhrc/4gg4iL6iMF
ENr2MznrXddXBWdhap9L6RmJt4YbjSolxBmI/cHwCmFGZEeAPsOjX21bdCCHB7D9
8lf0Fqjs4D1SC5djPqTFQJV8AIvkdsTF53bf9ZnN1s28Tpvvx/x4kwhiqR9v7DGc
gi4K0ClBW711+wvzzkPAnn0oklYrbcuZNGwTW7t8TG+hmF2o0aHB1kJ4ngMn6LUb
E5WlIy3ykYlGCd0sfognRYIrQwjqq4VQACmnQ+Fh/F43GxWCTruF5GejcRew1zDu
+W+L9Z4A+rR/5E5Xjt4isGFYxEsnyYwH5Dvj1M1ANAU8VMS1H30YTAuL57WXih9p
RrWadNdW1uxvZHysyEWDa9j3wBbh0b0HhDYJAtFeJcB8IAzNnyBLXWFYukISZ6Rc
qylG2DhtzqdyUi08socUQ/okL0FIbbMLT69faPbgkJk+w5iTCL8ZA9AMMKnN9a3z
11nXmgqTf1zTJe5Z6o9C3eLMiKlWvIrJ+WMbedBy/h6Qp9IdNnGEk6FCjrV1lxlr
UIvpSEsOa7vscKKiAaRcQ+Uq7Kqn2OORdcPJXJd5n817ziAOtglX6K2OSpIoAnOY
KE7xOTN+fQq5Yw61UaP3Nl25Zns5u4sQAzhHjIBmoEw
--- cZ6bbJKB4uN0RX9l0MWaH0Hgr81cGxhnMTgSuVKUfI4
qÀRpŒ[µ0*CÕ»Ï;o ø·Š½Q ¨ <0A>><3E>
ѦBóu<EFBFBD>æ[j˜"/†=±.€VÝnmx°¦†öƒÍŽÁ
û:TTŸƒºjŸ<6A>­"+<2B><>ÝׄiPM€O¸)Î$\ëV¦Ñ0Ñ_Ƚ§€N暈^€‹Ó*Y(d“R;€-ûÍ™™Z'o\øY¨5-

10
reference/secrets/nixos/secrets.nix
View file

@ -1,11 +1,7 @@
let let
youwen = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrIRHcvh0fxYNc0sukl8nSGRU8z1RjRmuc20iuk9TUqAxeew+0pSvY9lU4vshhrcGUe2OKIxgKJ76xdfGRw5ofmmd5Fr4If6tzWAWdE6Jr3J/w58YL6/ISOyRwjTserjWFIaO41y9OuLzf3UtzBF/1zexnGwq2lMJ7MAi0JNJ5O+umgrcnF1BDWyw7ymVkiQTruJ3LV2XgJDpOKQlFnVGKgYyMgVGeGYjiZO9Sj8edq1ZFeEH1jN5TnAdnqsiwhFgZpCrBxFFZKohuQLyH+QaOmBsdgSZwsg4Prndtxp5GTrknupPCgEWJ1rgvykEchYajeWQLxyeW/O/4iSST7VLKS7dgzUHZ5Dxf/QP1iCSeJqCIIJssuIslMK1vYmJZYk098ZDlLrFCLepQqy0YGvZe4OVP4BK4UNu5DKKLTpPNwDnyf1NSNTT2q2TsWXKWBDl1eurX9MBR24ZQEoP0gvcnTKr+2rheOTWJ5asDswEWphp5zQxBjztPGe55H0zjnqk= youwen@demeter"; keys = import ../authorized_keys.nix;
users = [ youwen ];
demeter = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdcVbgUyQb+W3UjmYb3K9l9jkq/NkTSWAGFUJczJ07kEAg9nUUEfU6RGMCzCEbwWsVpNZysRfef6nxerQBcKiRz/bLUocFl/80ZoylQuxkWU8cvGdImFCtP76YKoVNwuHS0R31Qi90zQLnxs1oLmULSACH6Mw7+suYkVtH1prQdUHdx2bcOPqFk8Qpm8WuRNHxEbrFNuHNarHF3XHo/iIgJh8OeMbwE+MtoZCSfPMEnWGg4nKal3fQ3GO21wUyIZIZrSCMiYKzfvWrlLhd8rkKbGp+VRNe3m5q7k5p+pGSJMYHTRaGwOGY92L+GJOjjr/HrloINiEMC82zmUWctXQhK+4ni3ssPmOesEblfr9tXfwU0Xh0zNhqeljw/ptaZrM3k/yMW4h1DgI9BeBwcNcYqaHLwX6IqG5b8XxI+/JQniQmZIZM+kBx6GyZFrPxM84XWxhwjRKnn4oBU8kVn3RBlNwz3AFIjGpOh86Rd343X8Q6JbrMT/z17bL6StKXZfUFqgOWEs/JJEHT/DWKL2zF2ppqa5ZuJhzevrtKfAxomURXnQ77MPCUtbo2PFHmcl3fUD+yS2GD/8a492rUlCG2d5FS7KfW3L9rQwTnNBqQMGUu1Uc6qz5LWLEF7yoBtdKKZ3Y4lyPP3/lAQPs5j0Jx+coBdySca3xrmmvMj4/aIQ== root@nixos";
systems = [ demeter ];
in in
{ {
"nix_config_github_pat.age".publicKeys = users ++ systems; "nix_config_github_pat.age".publicKeys = keys.all;
"github_ssh_priv_key.age".publicKeys = users ++ systems; "github_ssh_priv_key.age".publicKeys = keys.all;
} }

BIN
reference/users/youwen/secrets/github_cli_secret_config.age
View file

Binary file not shown.

BIN
reference/users/youwen/secrets/github_ssh_priv_key.age
View file

Binary file not shown.

21
reference/users/youwen/secrets/secrets.nix
View file

@ -1,16 +1,13 @@
let let
youwen = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrIRHcvh0fxYNc0sukl8nSGRU8z1RjRmuc20iuk9TUqAxeew+0pSvY9lU4vshhrcGUe2OKIxgKJ76xdfGRw5ofmmd5Fr4If6tzWAWdE6Jr3J/w58YL6/ISOyRwjTserjWFIaO41y9OuLzf3UtzBF/1zexnGwq2lMJ7MAi0JNJ5O+umgrcnF1BDWyw7ymVkiQTruJ3LV2XgJDpOKQlFnVGKgYyMgVGeGYjiZO9Sj8edq1ZFeEH1jN5TnAdnqsiwhFgZpCrBxFFZKohuQLyH+QaOmBsdgSZwsg4Prndtxp5GTrknupPCgEWJ1rgvykEchYajeWQLxyeW/O/4iSST7VLKS7dgzUHZ5Dxf/QP1iCSeJqCIIJssuIslMK1vYmJZYk098ZDlLrFCLepQqy0YGvZe4OVP4BK4UNu5DKKLTpPNwDnyf1NSNTT2q2TsWXKWBDl1eurX9MBR24ZQEoP0gvcnTKr+2rheOTWJ5asDswEWphp5zQxBjztPGe55H0zjnqk= youwen@demeter"; keys = import ../../../secrets/authorized_keys.nix;
users = [ youwen ]; inherit (keys) users;
demeter = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdcVbgUyQb+W3UjmYb3K9l9jkq/NkTSWAGFUJczJ07kEAg9nUUEfU6RGMCzCEbwWsVpNZysRfef6nxerQBcKiRz/bLUocFl/80ZoylQuxkWU8cvGdImFCtP76YKoVNwuHS0R31Qi90zQLnxs1oLmULSACH6Mw7+suYkVtH1prQdUHdx2bcOPqFk8Qpm8WuRNHxEbrFNuHNarHF3XHo/iIgJh8OeMbwE+MtoZCSfPMEnWGg4nKal3fQ3GO21wUyIZIZrSCMiYKzfvWrlLhd8rkKbGp+VRNe3m5q7k5p+pGSJMYHTRaGwOGY92L+GJOjjr/HrloINiEMC82zmUWctXQhK+4ni3ssPmOesEblfr9tXfwU0Xh0zNhqeljw/ptaZrM3k/yMW4h1DgI9BeBwcNcYqaHLwX6IqG5b8XxI+/JQniQmZIZM+kBx6GyZFrPxM84XWxhwjRKnn4oBU8kVn3RBlNwz3AFIjGpOh86Rd343X8Q6JbrMT/z17bL6StKXZfUFqgOWEs/JJEHT/DWKL2zF2ppqa5ZuJhzevrtKfAxomURXnQ77MPCUtbo2PFHmcl3fUD+yS2GD/8a492rUlCG2d5FS7KfW3L9rQwTnNBqQMGUu1Uc6qz5LWLEF7yoBtdKKZ3Y4lyPP3/lAQPs5j0Jx+coBdySca3xrmmvMj4/aIQ== root@nixos";
systems = [ demeter ];
in in
{ {
"youwenw_app_password.age".publicKeys = users ++ systems; "youwenw_app_password.age".publicKeys = users;
"youwen_ucsb_client_id.age".publicKeys = users ++ systems; "youwen_ucsb_client_id.age".publicKeys = users;
"youwen_ucsb_client_secret.age".publicKeys = users ++ systems; "youwen_ucsb_client_secret.age".publicKeys = users;
"tincan_app_password.age".publicKeys = users ++ systems; "tincan_app_password.age".publicKeys = users;
"github_cli_secret_config.age".publicKeys = users ++ systems; "github_cli_secret_config.age".publicKeys = users;
"github_ssh_priv_key.age".publicKeys = users ++ systems; "github_ssh_priv_key.age".publicKeys = users;
"youwen_dev_ssh_priv_key.age".publicKeys = users ++ systems; "youwen_dev_ssh_priv_key.age".publicKeys = users;
} }

BIN
reference/users/youwen/secrets/tincan_app_password.age
View file

Binary file not shown.

BIN
reference/users/youwen/secrets/youwen_dev_ssh_priv_key.age
View file

Binary file not shown.

BIN
reference/users/youwen/secrets/youwen_ucsb_client_id.age
View file

Binary file not shown.

31
reference/users/youwen/secrets/youwen_ucsb_client_secret.age
View file

@ -1,26 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-rsa 4p6DaQ -> ssh-ed25519 ouRmYQ 1+lNK5IbFFikjqTNo3iMTnAigc4IuK9o5QLwTuC5RwQ
p0c0dK2Vlgj+nPitibtXJuzRr3g5crae4CS/6OH18WQkqb8tzaWRw1ZXxS/7nxGD h42XZCru60LAGVtDZ7W+flmLkz6PK43jWBi9/Lq92kQ
MCk8PcVEhgdysS1cwrgrycpUp02LMxUp1zTc8ML0Cemv93hnaVINgNGb9DWiGBXH -> ssh-ed25519 lpWvhA 4lgTQgn/iIdicT2wobAhiKR7axBe0MHZKqqeAsN0Aww
v8//XUeNpBs4oGkC9RWb9HDgBlgzpTH0XYUwqDBRT9ltn5nki5YvxM4powiOf8IG +9hwc6P68HkzVWHtlHs7Y7WDSWSesolxIGSheFfl4zI
SdUTE2hbRYhaQOEm5A41z4XQ+WAKlehwP2wn0yJDrW8rDXjSK5PEHyhONXJX1QuM --- pmooYxJ75vGwgekLA0gwndejezn6NW8kpuxZTfX7Kzk
XvS60Vz/vWqyVnUL5UdsW1XjXdQRu9kn8vzDUINeUeqXN2A89xVlYovH3n9dVzFs ùŸOˆà9Ó9ü;8Ñ¢Ž¯pz¾73ººNóR†Bs´™4#ÈÖ!táÍÑóÎÈG!ü¯Gg<1D>ÅWŠ&ŠRs
J2Bq6HhDAMl1TxbEIVcL/ufYjDK+tBkDa66SYtBV/FeIIAMGQ2Kbw+OwLqbjehZN
p7/TGAlKc+HsMVm455l7rTOqSSfJHKik2iFBGhVXoSF+fZu3stOqdnHAk13164+s
/9U/50xgyUNEMmVYdebvtBY2DCWqvgwIMXtm3RUItizyrc1gQLLy/3/mlDiWBPu+
-> ssh-rsa pv6HEg
jpXa6cht5Ys/XSorbSdXKEahM4VgyseILKd2zIDQEF28tbQgpvzojVxctAjK7YFa
ZVqmwdA+9vK1KEUg/qEfqqkaqo6MlnBgmUTe0VRMbvW45G6eN0/ky5hC3Mz5FUUn
G1AxOTCkThSx1/4+JjcsvlUZsXrKe627grrgZu2891XsISTjBxu/+Iiaok9f8rvL
q/JGkg2YL1DlcV4ZecEIHSNq5ysEp9had6SJz9e1/hSAWZVnTCyZc2gYn0ZUUKx5
gRD/PQpdgIvG1SJcn3snDkiAyolYLzhJ6BQUfnVIX77Q6nkwooUXbYq2fOEUMZVp
vHhpOrwBC1J+hgr+V6lGUtkui20Uqz6ouVKHxtcLEauxVVJPGiid0mSAsvFbcewx
my5N9lYJYjMNw45kOAMgOragA246qM3ciVK2r6mq8ZPqY1t3UdmObMkrSysnn8Ks
yNzB+MG3SHuLtS5q9Ex0epRq6ttKUCLWbfhcRsQ/+1WQSH98xTNR7q+6t/YLnnUj
OZn09I3ZhLUk5hHraSdpuSB10f+SBqSroC54SChut/9VFk3kcolm4/rnldxwVvAg
HZ6PGjEszP/qQzqsTivcxAmAZzQ2tJlpUWF6olmEnn8O9Qw/a4uOPhPj406OUJzI
G6PV6OewbsjoJVKVAkC0BoM2Lg2P0pCilUa4MvlnwR4
--- pQ2bkSw35IPQjKNrfnj8Uvvb3lVDc6IuJpcbLwFmI7A
p©'W? ÿ¨F˜
¶q8»KØ(XÛp@2ŽzàÞu8³r¬œ6þ~(IO¶Öü9÷qÆKW˃kpªIaÀ

32
reference/users/youwen/secrets/youwenw_app_password.age
View file

@ -1,27 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-rsa 4p6DaQ -> ssh-ed25519 ouRmYQ HA4fOUuNkgvdhayKRgFBN5Onx8JaiviH/B5dyhWkYjo
G3vtF60a5f1UJt2RcDTYTQimSLwGKECFJhzHNbtZMc/UGlV0NiEWd2rbr/7OZ8r3 JbRU9MDFgWQKRodFBcgQhw9ZgWVsGlFybC7QkmPGDgg
NEQjex4/Q4xH3cvaorcz2k2cO2smAwO+pDR44HLe7688N4OIYGBSnJ5wYJcpBmWg -> ssh-ed25519 lpWvhA RzVnFcTiWPXIOYodeaya9SonrgcosDvEQUWONIQd+GM
AJMOSaCFPJE5y2R38+9CGPPJIaUZqjvVzhEXjY5bUuiGp+af2sjoWi6PkG3f+7UK vebx1nyZwN1/ZoQ/y3pQ4idOzmAFE+E1y0v7ulEw1b0
KjIVcBPyHoUy1IV9teSja9wPjHuaV/hVaPjvz/tTL4RbmsMQ/31VQjjTfX+tGIfO --- ebSru9WM9TLwhc8ezWE/vfn5kMBxlJm+ny2ylAn148g
VeY87+r/RG5aYcukV5SC9wH1PELKAgtlN98IXofXuy8SlasFkBfFgDgA7ihdNAig ]ü/=³_#†,ު¼ààÎu VWš—=2L:Vo,çÏ$)Ô´Şqúzò{İzr£j
OL5tInwds3NucozRBKfCSFcn7aOdKoAvuEto9MKpGg4Y78a4ERnL1oktkglir8VS
0jGl0yb1XBjYNMPAX0EIkQjTpr6D+KQeAI76/JPliVJUZ8Wq1BX2Z+RStB6nDOtt
HQcCtKxbOVwb64WBn8eb9hMM83PJSardNHNcREwlGbhnkc06CcM49hK/vJrxts99
-> ssh-rsa pv6HEg
Y+1vBBwaHsCXdZKRbGbYp2mWztFZBguLRbi0bMzvmtBOrxqYCtGJbRhNmBGHMqg5
EKl8ei/pFgn7n5B34/JCLXvgWko120Wy3kCSDMxm+GnI8n8LKQZQgPlX++fWGsXh
GUkoR5VPZ6kuWDNpO11ll8cBNKwDD7VwVwUNMGRIen2EC2efKw7GbCdgx9vcmuyZ
MQnQK2cqq99UjdeIAj0SqcoH+ro6qy+QFafoxOrNCksR9uVG7Kn7AFe/ZKk/DPO5
CbuaaCrzI9G0qpLwYMf5GkMMrpP/9j8xVgMIHFRi/xxw3hnSTmxTFEpzZtfYboyA
QXEBWloH70lzukAu2cOslEAzbwSVCkkpm3Sw0LRjl6oXeV5uGWPW/Q929oW9Jqtf
57FIdPXd3H4xkFVuuFrKXcVdyqU5WRfw/y/Y4mJouQDs1gxYs7zlg2oeoY6nw9Mr
+Yo1cya3bg2DmiIl03VuzU7XDxDQF1/MLDvBfy5fpEapMJC9Rj+scSI75SHSiGOw
pOQWmN7AkzvLmB7c7oblvShGQ8GULmtTTd/nPe7u/sJcWucVWEOu8EzOnjnWuF1N
M7uhn+sOXSuJPhrAFq68JpWq7Bu+rWvLnAsXYtwRfrDprFU/On+NT4YiFop314hg
/IuPprAkYS5okHbnNMri3PNHvfsusIXFDJELkkT3o6k
--- 6BSSYjyfkhihYDsLHPnwg32tVau6KY6MQ8SIcf6LP3g
ôcD%‡Á¬ù4@—=F
.‰]®x![ŸY´`}1†Í1|2¨
 ²žpÛN¨