From 50bd09d1d8f83b6047e060160cc77d89eba5b050 Mon Sep 17 00:00:00 2001 From: Youwen Wu Date: Fri, 27 Dec 2024 19:26:51 -0800 Subject: [PATCH] feat: move user secrets to user dir and add github ssh secret --- reference/hosts/demeter/default.nix | 2 - reference/modules/default.nix | 5 + reference/secrets/nixos/default.nix | 16 +++ .../secrets/nixos/github_ssh_priv_key.age | Bin 0 -> 3955 bytes .../{ => nixos}/nix_config_github_pat.age | 0 reference/secrets/nixos/secrets.nix | 11 ++ reference/users/youwen/hm.nix | 113 +++--------------- reference/users/youwen/neomutt.nix | 102 ++++++++++++++++ .../{ => users/youwen}/secrets/default.nix | 21 +--- .../secrets/github_cli_secret_config.age | Bin .../youwen/secrets/github_ssh_priv_key.age | Bin 0 -> 3955 bytes .../youwen}/secrets/mutt_app_password.age | 0 .../{ => users/youwen}/secrets/secrets.nix | 2 +- .../youwen}/secrets/tincan_app_password.age | 0 .../youwen}/secrets/youwen@ucsb.edu.tokens | Bin .../youwen}/secrets/youwen_ucsb_client_id.age | Bin .../secrets/youwen_ucsb_client_secret.age | 0 .../youwen}/secrets/youwenw_app_password.age | 0 18 files changed, 156 insertions(+), 116 deletions(-) create mode 100644 reference/secrets/nixos/default.nix create mode 100644 reference/secrets/nixos/github_ssh_priv_key.age rename reference/secrets/{ => nixos}/nix_config_github_pat.age (100%) create mode 100644 reference/secrets/nixos/secrets.nix create mode 100644 reference/users/youwen/neomutt.nix rename reference/{ => users/youwen}/secrets/default.nix (55%) rename reference/{ => users/youwen}/secrets/github_cli_secret_config.age (100%) create mode 100644 reference/users/youwen/secrets/github_ssh_priv_key.age rename reference/{ => users/youwen}/secrets/mutt_app_password.age (100%) rename reference/{ => users/youwen}/secrets/secrets.nix (96%) rename reference/{ => users/youwen}/secrets/tincan_app_password.age (100%) rename reference/{ => users/youwen}/secrets/youwen@ucsb.edu.tokens (100%) rename reference/{ => users/youwen}/secrets/youwen_ucsb_client_id.age (100%) rename reference/{ => users/youwen}/secrets/youwen_ucsb_client_secret.age (100%) rename reference/{ => users/youwen}/secrets/youwenw_app_password.age (100%) diff --git a/reference/hosts/demeter/default.nix b/reference/hosts/demeter/default.nix index 50ef0cf..a5686af 100644 --- a/reference/hosts/demeter/default.nix +++ b/reference/hosts/demeter/default.nix @@ -8,8 +8,6 @@ [ ./configuration.nix ../../modules - ../../secrets - ../../users/youwen/nixos.nix self.nixosModules.liminalOS { home-manager.users.youwen = { diff --git a/reference/modules/default.nix b/reference/modules/default.nix index fbe70a8..d245f7e 100644 --- a/reference/modules/default.nix +++ b/reference/modules/default.nix @@ -1,5 +1,10 @@ { config, ... }: { + imports = [ + ../secrets/nixos + ../users/youwen/nixos.nix + ]; + nix.extraOptions = '' !include ${config.age.secrets.nix_config_github_pat.path} ''; diff --git a/reference/secrets/nixos/default.nix b/reference/secrets/nixos/default.nix new file mode 100644 index 0000000..f6e409f --- /dev/null +++ b/reference/secrets/nixos/default.nix @@ -0,0 +1,16 @@ +{ + age.secrets = { + nix_config_github_pat = { + file = ./nix_config_github_pat.age; + owner = "youwen"; + group = "users"; + mode = "0440"; + }; + # github_ssh_priv_key = { + # file = ./github_ssh_priv_key.age; + # mode = "600"; + # owner = "root"; + # # path = "${config.home.homeDirectory}/.ssh/github_ssh_priv_key"; + # }; + }; +} diff --git a/reference/secrets/nixos/github_ssh_priv_key.age b/reference/secrets/nixos/github_ssh_priv_key.age new file mode 100644 index 0000000000000000000000000000000000000000..87a16a1e14466d60b5c22b3a8e54aa43a0effc04 GIT binary patch literal 3955 zcmYk)_d^Vf!vOFi>p}?`Pb#vn+~_8W+t=;ATCTggJ-U5IW>I)5@jRp|Z}@zqiujOtz0Bk^T2u!827^ffvOxeL;elqeGQ?z-2EvR8 zyp#>#p%SQ+L@gA=QX%6LKoEQ=8{$;Tz;Krdt;Z=5D3=u}u`_jiA%~#CK`kzpElvT4 zaK&hyk<4Qku5D}?Lyvksp8vqCw(QHF$8DbNLF9boID1w1baRBjbs76Q< zMc`3Xs+k7IYZXep9ik@?MNl~$VR7ixG_5ucuQLElY#5QNgHpIKLOhhu7TK(7ih`n~ zYe5#V+#)0Z6(}VHDR$^wpm?y&z;h7AU@M;>N3fhQBtwh>*tHJ30t!mBV89$C*kXmN z5@3o%gPF)-sK_WyoEnIcJIPE@0!wJ1Yh8AzSc@{yGz5@D#*|4}Gyn__p;^?X2sKH06XS_60pE%zBwz?g4V(=4|22#@ z1eu@!#9O4iP#sMo)Hon=f<+;P+p%V?5eie{Bs>fil^~)JEO9c493uq6h*Uci1S69{ zB$`=8(aY#682}405<^)?5nLlOvNWPZqh6t>u~;01jYx;`cp8=x3+9H>u_%kq!8XIW zFh?8{8Oq=q6G&K;#6l0~e7Y3vSx6&XQtMiBKFsfq~#=}-(C zTgr@3s-PCJS#MXM1xl$<4pAo6r*(s)p!mR&8M;vQVbu=(Q}wcdYsUTBZ-JSGfV^|$>X>}vQ6uSLP+3Z>P`61vy~nVe%~XdFBkAwp%~S|LU(iHm_!!9p__XXNR` z5VM3UkO5S1hQo=LBO(8LM8+Fo9J9-gV`-!YvQ#GEkp&X8gF@!vAPxo_5E2p+=u}|Y zE~dh%M!;-JA(N`cv)NR0JSx;=a7v|8El$SZ07+mV+aUuOgZf3VpH~4C&9v=%LCB@k z%1VC!lAF7}n(4c?;acw=R%6Te$~yy}(dSluga^JOrp%wcyyvD*OIksxx9Gvtq3#&> zEAEXRHq9&j3U<*X>B+JEDR=4rHhJbg8!dZ!^6Q$w%ezh|jbL*=tik-c@S60he+6La z@}^x|GqJAdf~j4XT4Pt{1y_CuAK1tS6xXyavy-NVtR6hHr=)H>Wj*EzvM0aiwSBaz zq;SrTDZh#@62)bE)j#X*R)qOKJ*qjl&-dq_OPmvZ`x-Qz0XsZ1ZU($Xea*Cz%Rr@) z-(^&Var21e6JNN8{`~@bQWv(burZW@Mr=Okm zY#I|1_J<`Xi2Ew+A?>JseZj!PMXZjmfl1VR$^Y@vt&OKlt-in2tQYhx%jkWvxH-5v z*)!>7x~hCKk(EERL9J`@h=~vEE`%PulKO?dj=ke_^Gow%Ne9rgB>Y1QK~&&KCsw@l z?7D64)lUt0157HuPuNZXLvog_NjM=KMIWyXFS+a)o;<$@8MsZ|IP7c=zZK2P&P!ds z?beqFJi~A6Tky%;tghynVc(A9sf4=n?&()9zBrm?UfJfmC2_|?rHG$FhZOI-613_D zZ+SAX7Jhs|Z%^F(RY4(qbNG>0+0!okh&KOR{V(Qg#pbZn{F)N}R?}n94ViCpZ9!z3 zj|2ar{>%8~^JVFi@!9>flZEr_;M59u>&I2Cdu#VIP`&Dkf%f|wL03aVs@Jsh{#`7+ zvl{Pp!V$HVy)5tjp6z$?Je6-W9~%166E{lxOO|#7toqB`Kk>i^Q&x4bIZ-=&0Q%e` zmlN>F)|4{f^H&2!GuY6*PVIfX;`F;W9$mFf8DBz|Ulf-P9W=g}x%=Fwq(x7jtz_4i z%BB@&Sf$=Ky-(KlPF;U3sy+2uj%9k`9Pi-yBM*{Z#}wWRjl%El(s_3^mSZBnhNJ`` zQ1!`c5Fc(@?9gUj`2NaGC*0gme$hx;jwai`+?ecu#b#95@;}bIn;q?s^}F7*MLw!Nd!0mp`g9f#BEs^8mR=A_-r^Lpah7vrR?Ag{jd z-E;RK;U!iv3|=>QE5tPK7kt-&(}x?PgxlBeo(m7iUu=La+faWc>z43+W$L!zB+%Bw zeW!yu$hlu0_MNuG0xu-;ysU$?&GMCI$XZhSwKd1C7k_)63A9Uoji?V<@>TN5cT31_ zsn4HT#||Xl%5S(;P=1IM?UO%tKE-|FGp%4pR>fxw?@sB7={5BfS92cFNGp9BoCnLO zA%F0c^j`N|-92$D^>r%qzaHX`TuDQIdUpU~S>%+$EkPOc;oN|X>`U)F?_0~MBUa#p z%O;E)xuDX!B{g6H={aq~%tb>Ly`5W*goaCZAyLmrY>$r@ik=}!)G0}ML82hG=*oXh zPxcgsMZ;H}pl>+*s`cyWv6Nq=TRjidTwT%XHuw2v;pgqWdGkwpkt`~uHZxLt=tyGd z?W(anj>)g)<&?7r0`>F1;kNbcF4LWcktdq`sv!} z)BgnI`=@DPkq^WJTPoR&wszPBbY`z4Z*k=x=QUp&JUqOH=3=_xDUt2=CErLF zI)4USkl*$jM&9#LVb1@NGUJ%Zdqd7cift7Ojz2b*X-wf*0=nE-+6% zU%i6nmFOQid*0{t=L5aJ-+f#6tSun8`f1jVK?c2MfL&AZqU#2s-}BYMLTYe!bWf2* zl<)hl^N-KDrMh>uJ2l~s+`QriEjx`=c5eH~+jqQ0@S{wWzj^GdOg`{dKN zpQ}Fa5c1Dt#IBHTU&(s05*6FtHfvfcWGP3}xuw?k*K?1?u@C>L91s3eG_+(|TH2>6 znYr_vRd#kUtiPsNpbGlYELs}%a%}T$P44KE;TZ1e<=Z@*Xj?03?+QSp*T@5q_wA)O zQ&*3B=%E#PVMCYe$+bMNJM?bnNzUwzb7tN1ox2mbX3Hy|tQnf;9fv%sH(9+_)QApr zpO`zHeU794N1Rz66Zi7__`DPy@?%)*#IAHx>_G(8`|P@o>%P6V!;d$w{I7!_Q@K07 z%^~$1$QnU}bP-48Ym3K$)`m;k_ti0Ntjh})9Wy2P)?5hINI#yovi1-S8gPHFIUDhk zxRMb97+@BUwP4m{v|X13sC(UWaw3ba<|i^A?f|{Em`+{>DhgLDRUQu{q1u!I_0xGJ@cq0 z*_OUo;aX@%!Qq?|Gth+K2@|~FxO7JJLMNVL}t#o6J36E^Mo7rO!McwRUiI1 z{`0i|qao*xws*Ts@8L5m$Ai(X+J8s8X4G zu&})5C}&Ae;5{slf7T0+A)S6N+S@3P@7CG)$w+gP<7V-&5ITXSt8YQX!9|GOG-sV8T0 z`&#*2f5EX8u3YQt99-HVLP@SW?xu0)i0`rI>V9Q*@VBR_e-Bo?*e$3Zal0QJ(>Z&v K@eI!09QS`MY|B*u literal 0 HcmV?d00001 diff --git a/reference/secrets/nix_config_github_pat.age b/reference/secrets/nixos/nix_config_github_pat.age similarity index 100% rename from reference/secrets/nix_config_github_pat.age rename to reference/secrets/nixos/nix_config_github_pat.age diff --git a/reference/secrets/nixos/secrets.nix b/reference/secrets/nixos/secrets.nix new file mode 100644 index 0000000..a0f5907 --- /dev/null +++ b/reference/secrets/nixos/secrets.nix @@ -0,0 +1,11 @@ +let + youwen = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrIRHcvh0fxYNc0sukl8nSGRU8z1RjRmuc20iuk9TUqAxeew+0pSvY9lU4vshhrcGUe2OKIxgKJ76xdfGRw5ofmmd5Fr4If6tzWAWdE6Jr3J/w58YL6/ISOyRwjTserjWFIaO41y9OuLzf3UtzBF/1zexnGwq2lMJ7MAi0JNJ5O+umgrcnF1BDWyw7ymVkiQTruJ3LV2XgJDpOKQlFnVGKgYyMgVGeGYjiZO9Sj8edq1ZFeEH1jN5TnAdnqsiwhFgZpCrBxFFZKohuQLyH+QaOmBsdgSZwsg4Prndtxp5GTrknupPCgEWJ1rgvykEchYajeWQLxyeW/O/4iSST7VLKS7dgzUHZ5Dxf/QP1iCSeJqCIIJssuIslMK1vYmJZYk098ZDlLrFCLepQqy0YGvZe4OVP4BK4UNu5DKKLTpPNwDnyf1NSNTT2q2TsWXKWBDl1eurX9MBR24ZQEoP0gvcnTKr+2rheOTWJ5asDswEWphp5zQxBjztPGe55H0zjnqk= youwen@demeter"; + users = [ youwen ]; + + demeter = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdcVbgUyQb+W3UjmYb3K9l9jkq/NkTSWAGFUJczJ07kEAg9nUUEfU6RGMCzCEbwWsVpNZysRfef6nxerQBcKiRz/bLUocFl/80ZoylQuxkWU8cvGdImFCtP76YKoVNwuHS0R31Qi90zQLnxs1oLmULSACH6Mw7+suYkVtH1prQdUHdx2bcOPqFk8Qpm8WuRNHxEbrFNuHNarHF3XHo/iIgJh8OeMbwE+MtoZCSfPMEnWGg4nKal3fQ3GO21wUyIZIZrSCMiYKzfvWrlLhd8rkKbGp+VRNe3m5q7k5p+pGSJMYHTRaGwOGY92L+GJOjjr/HrloINiEMC82zmUWctXQhK+4ni3ssPmOesEblfr9tXfwU0Xh0zNhqeljw/ptaZrM3k/yMW4h1DgI9BeBwcNcYqaHLwX6IqG5b8XxI+/JQniQmZIZM+kBx6GyZFrPxM84XWxhwjRKnn4oBU8kVn3RBlNwz3AFIjGpOh86Rd343X8Q6JbrMT/z17bL6StKXZfUFqgOWEs/JJEHT/DWKL2zF2ppqa5ZuJhzevrtKfAxomURXnQ77MPCUtbo2PFHmcl3fUD+yS2GD/8a492rUlCG2d5FS7KfW3L9rQwTnNBqQMGUu1Uc6qz5LWLEF7yoBtdKKZ3Y4lyPP3/lAQPs5j0Jx+coBdySca3xrmmvMj4/aIQ== root@nixos"; + systems = [ demeter ]; +in +{ + "nix_config_github_pat.age".publicKeys = users ++ systems; + "github_ssh_priv_key.age".publicKeys = users ++ systems; +} diff --git a/reference/users/youwen/hm.nix b/reference/users/youwen/hm.nix index 804f9fd..2679674 100644 --- a/reference/users/youwen/hm.nix +++ b/reference/users/youwen/hm.nix @@ -1,13 +1,11 @@ -{ osConfig, pkgs, ... }: -let - inherit (osConfig.age) secrets; - gpgSig = "8F5E6C1AF90976CA7102917A865658ED1FE61EC3"; - oauth = pkgs.fetchurl { - url = "https://raw.githubusercontent.com/neomutt/neomutt/a3b70e7edf84048e47e002e34388a4bc896e44ac/contrib/oauth2/mutt_oauth2.py"; - hash = "sha256-5mN+W1q9i9XiEtRTYIH0/qXpvfmkxOs71g9wM5vtfbU="; - }; -in +{ config, osConfig, ... }: { + + imports = [ + ./secrets + ./neomutt.nix + ]; + home = { username = "youwen"; homeDirectory = "/home/youwen"; @@ -22,100 +20,21 @@ in userEmail = "youwenw@gmail.com"; signing = { signByDefault = true; - key = gpgSig; + key = "8F5E6C1AF90976CA7102917A865658ED1FE61EC3"; }; }; - home.packages = [ - # a script to automatically refresh oauth token for gsuite - (pkgs.writeShellScriptBin "activate-neomutt-oauth" '' - ${pkgs.python39}/bin/python ${oauth} youwen@ucsb.edu.tokens \ - --provider google \ - --verbose \ - --test \ - --authorize \ - --authflow localhostauthcode \ - --client-id "''$(cat ${secrets.youwen_ucsb_client_id.path})" \ - --client-secret "''$(cat ${secrets.youwen_ucsb_client_secret.path})" - '') - ]; - - programs.neomutt = { + programs.ssh = { enable = true; - editor = "nvim"; - sidebar.enable = true; - sort = "reverse-date-received"; - vimKeys = true; - checkStatsInterval = 60; - - # without this, neomutt won't use the cache because the messages directory - # doesn't exist - extraConfig = '' - set my_create_cache_folders = `mkdir -p ~/.cache/neomutt/messages` - - macro index,pager \cs " ${pkgs.urlscan}/bin/urlscan" "call urlscan to extract URLs out of a message" - macro attach,compose \cs " ${pkgs.urlscan}/bin/urlscan" "call urlscan to extract URLs out of a message" - ''; - }; - - accounts.email.accounts = { - "youwenw" = { - address = "youwenw@gmail.com"; - flavor = "gmail.com"; - userName = "youwenw"; - primary = true; - realName = "Youwen Wu"; - gpg.encryptByDefault = true; - gpg.signByDefault = true; - gpg.key = gpgSig; - folders.drafts = "[Gmail]/Drafts"; - neomutt = { - enable = true; - mailboxType = "imap"; + matchBlocks = { + "code.youwen.dev" = { + host = "code.youwen.dev"; + port = 222; }; - passwordCommand = "cat ${secrets.youwen_app_password.path}"; - }; - - "tincan" = { - address = "tincangto@gmail.com"; - flavor = "gmail.com"; - userName = "tincangto"; - realName = "Youwen Wu"; - folders = { - drafts = "[Gmail]/Drafts"; - trash = "[Gmail]/Trash"; + "github" = { + host = "github.com"; + identityFile = config.age.secrets.github_ssh_priv_key.path; }; - neomutt = { - enable = true; - mailboxType = "imap"; - }; - passwordCommand = "cat ${secrets.tincan_app_password.path}"; - }; - - "youwen_ucsb" = { - address = "youwen@ucsb.edu"; - flavor = "gmail.com"; - userName = "youwen_ucsb"; - realName = "Youwen Wu"; - gpg.encryptByDefault = true; - gpg.signByDefault = true; - gpg.key = "D26A00824013D524BDF11126093F1185C55B84A2"; - folders.drafts = "[Gmail]/Drafts"; - neomutt = { - enable = true; - mailboxType = "imap"; - - extraConfig = '' - unset passwordCommand - set imap_user = "youwen@ucsb.edu" - set imap_authenticators="oauthbearer:xoauth2" - set imap_oauth_refresh_command = "${pkgs.python39}/bin/python ${oauth} youwen@ucsb.edu.tokens" - - set smtp_authenticators = ''${imap_authenticators} - set smtp_oauth_refresh_command = ''${imap_oauth_refresh_command} - ''; - }; - passwordCommand = ""; }; }; } diff --git a/reference/users/youwen/neomutt.nix b/reference/users/youwen/neomutt.nix new file mode 100644 index 0000000..6f06b10 --- /dev/null +++ b/reference/users/youwen/neomutt.nix @@ -0,0 +1,102 @@ +{ config, pkgs, ... }: +let + inherit (config.age) secrets; + oauth = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/neomutt/neomutt/a3b70e7edf84048e47e002e34388a4bc896e44ac/contrib/oauth2/mutt_oauth2.py"; + hash = "sha256-5mN+W1q9i9XiEtRTYIH0/qXpvfmkxOs71g9wM5vtfbU="; + }; +in +{ + programs.neomutt = { + enable = true; + editor = "nvim"; + sidebar.enable = true; + sort = "reverse-date-received"; + vimKeys = true; + checkStatsInterval = 60; + + # without this, neomutt won't use the cache because the messages directory + # doesn't exist + extraConfig = '' + set my_create_cache_folders = `mkdir -p ~/.cache/neomutt/messages` + + macro index,pager \cs " ${pkgs.urlscan}/bin/urlscan" "call urlscan to extract URLs out of a message" + macro attach,compose \cs " ${pkgs.urlscan}/bin/urlscan" "call urlscan to extract URLs out of a message" + ''; + }; + + accounts.email.accounts = { + "youwenw" = { + address = "youwenw@gmail.com"; + flavor = "gmail.com"; + userName = "youwenw"; + primary = true; + realName = "Youwen Wu"; + gpg.encryptByDefault = true; + gpg.signByDefault = true; + gpg.key = "8F5E6C1AF90976CA7102917A865658ED1FE61EC3"; + folders.drafts = "[Gmail]/Drafts"; + neomutt = { + enable = true; + mailboxType = "imap"; + }; + passwordCommand = "cat ${secrets.youwen_app_password.path}"; + }; + + "tincan" = { + address = "tincangto@gmail.com"; + flavor = "gmail.com"; + userName = "tincangto"; + realName = "Youwen Wu"; + folders = { + drafts = "[Gmail]/Drafts"; + trash = "[Gmail]/Trash"; + }; + neomutt = { + enable = true; + mailboxType = "imap"; + }; + passwordCommand = "cat ${secrets.tincan_app_password.path}"; + }; + + "youwen_ucsb" = { + address = "youwen@ucsb.edu"; + flavor = "gmail.com"; + userName = "youwen_ucsb"; + realName = "Youwen Wu"; + gpg.encryptByDefault = true; + gpg.signByDefault = true; + gpg.key = "D26A00824013D524BDF11126093F1185C55B84A2"; + folders.drafts = "[Gmail]/Drafts"; + neomutt = { + enable = true; + mailboxType = "imap"; + + extraConfig = '' + unset passwordCommand + set imap_user = "youwen@ucsb.edu" + set imap_authenticators="oauthbearer:xoauth2" + set imap_oauth_refresh_command = "${pkgs.python39}/bin/python ${oauth} youwen@ucsb.edu.tokens" + + set smtp_authenticators = ''${imap_authenticators} + set smtp_oauth_refresh_command = ''${imap_oauth_refresh_command} + ''; + }; + passwordCommand = ""; + }; + }; + + home.packages = [ + # a script to automatically refresh oauth token for gsuite + (pkgs.writeShellScriptBin "activate-neomutt-oauth" '' + ${pkgs.python39}/bin/python ${oauth} youwen@ucsb.edu.tokens \ + --provider google \ + --verbose \ + --test \ + --authorize \ + --authflow localhostauthcode \ + --client-id "''$(cat ${secrets.youwen_ucsb_client_id.path})" \ + --client-secret "''$(cat ${secrets.youwen_ucsb_client_secret.path})" + '') + ]; +} diff --git a/reference/secrets/default.nix b/reference/users/youwen/secrets/default.nix similarity index 55% rename from reference/secrets/default.nix rename to reference/users/youwen/secrets/default.nix index f4cdc4f..9cb685e 100644 --- a/reference/secrets/default.nix +++ b/reference/users/youwen/secrets/default.nix @@ -1,41 +1,30 @@ +{ config, ... }: { age.secrets = { youwen_app_password = { file = ./youwenw_app_password.age; - owner = "youwen"; - group = "users"; mode = "600"; }; youwen_ucsb_client_id = { file = ./youwen_ucsb_client_id.age; - owner = "youwen"; - group = "users"; mode = "600"; }; youwen_ucsb_client_secret = { file = ./youwen_ucsb_client_secret.age; - owner = "youwen"; - group = "users"; mode = "600"; }; tincan_app_password = { file = ./tincan_app_password.age; - owner = "youwen"; - group = "users"; mode = "600"; }; github_cli_secret_config = { file = ./github_cli_secret_config.age; - owner = "youwen"; - group = "users"; mode = "600"; - path = "/home/youwen/.config/gh/hosts.yml"; + path = "${config.home.homeDirectory}/.config/gh/hosts.yml"; }; - nix_config_github_pat = { - file = ./nix_config_github_pat.age; - owner = "youwen"; - group = "users"; - mode = "0440"; + github_ssh_priv_key = { + file = ./github_ssh_priv_key.age; + mode = "600"; }; }; } diff --git a/reference/secrets/github_cli_secret_config.age b/reference/users/youwen/secrets/github_cli_secret_config.age similarity index 100% rename from reference/secrets/github_cli_secret_config.age rename to reference/users/youwen/secrets/github_cli_secret_config.age diff --git a/reference/users/youwen/secrets/github_ssh_priv_key.age b/reference/users/youwen/secrets/github_ssh_priv_key.age new file mode 100644 index 0000000000000000000000000000000000000000..87a16a1e14466d60b5c22b3a8e54aa43a0effc04 GIT binary patch literal 3955 zcmYk)_d^Vf!vOFi>p}?`Pb#vn+~_8W+t=;ATCTggJ-U5IW>I)5@jRp|Z}@zqiujOtz0Bk^T2u!827^ffvOxeL;elqeGQ?z-2EvR8 zyp#>#p%SQ+L@gA=QX%6LKoEQ=8{$;Tz;Krdt;Z=5D3=u}u`_jiA%~#CK`kzpElvT4 zaK&hyk<4Qku5D}?Lyvksp8vqCw(QHF$8DbNLF9boID1w1baRBjbs76Q< zMc`3Xs+k7IYZXep9ik@?MNl~$VR7ixG_5ucuQLElY#5QNgHpIKLOhhu7TK(7ih`n~ zYe5#V+#)0Z6(}VHDR$^wpm?y&z;h7AU@M;>N3fhQBtwh>*tHJ30t!mBV89$C*kXmN z5@3o%gPF)-sK_WyoEnIcJIPE@0!wJ1Yh8AzSc@{yGz5@D#*|4}Gyn__p;^?X2sKH06XS_60pE%zBwz?g4V(=4|22#@ z1eu@!#9O4iP#sMo)Hon=f<+;P+p%V?5eie{Bs>fil^~)JEO9c493uq6h*Uci1S69{ zB$`=8(aY#682}405<^)?5nLlOvNWPZqh6t>u~;01jYx;`cp8=x3+9H>u_%kq!8XIW zFh?8{8Oq=q6G&K;#6l0~e7Y3vSx6&XQtMiBKFsfq~#=}-(C zTgr@3s-PCJS#MXM1xl$<4pAo6r*(s)p!mR&8M;vQVbu=(Q}wcdYsUTBZ-JSGfV^|$>X>}vQ6uSLP+3Z>P`61vy~nVe%~XdFBkAwp%~S|LU(iHm_!!9p__XXNR` z5VM3UkO5S1hQo=LBO(8LM8+Fo9J9-gV`-!YvQ#GEkp&X8gF@!vAPxo_5E2p+=u}|Y zE~dh%M!;-JA(N`cv)NR0JSx;=a7v|8El$SZ07+mV+aUuOgZf3VpH~4C&9v=%LCB@k z%1VC!lAF7}n(4c?;acw=R%6Te$~yy}(dSluga^JOrp%wcyyvD*OIksxx9Gvtq3#&> zEAEXRHq9&j3U<*X>B+JEDR=4rHhJbg8!dZ!^6Q$w%ezh|jbL*=tik-c@S60he+6La z@}^x|GqJAdf~j4XT4Pt{1y_CuAK1tS6xXyavy-NVtR6hHr=)H>Wj*EzvM0aiwSBaz zq;SrTDZh#@62)bE)j#X*R)qOKJ*qjl&-dq_OPmvZ`x-Qz0XsZ1ZU($Xea*Cz%Rr@) z-(^&Var21e6JNN8{`~@bQWv(burZW@Mr=Okm zY#I|1_J<`Xi2Ew+A?>JseZj!PMXZjmfl1VR$^Y@vt&OKlt-in2tQYhx%jkWvxH-5v z*)!>7x~hCKk(EERL9J`@h=~vEE`%PulKO?dj=ke_^Gow%Ne9rgB>Y1QK~&&KCsw@l z?7D64)lUt0157HuPuNZXLvog_NjM=KMIWyXFS+a)o;<$@8MsZ|IP7c=zZK2P&P!ds z?beqFJi~A6Tky%;tghynVc(A9sf4=n?&()9zBrm?UfJfmC2_|?rHG$FhZOI-613_D zZ+SAX7Jhs|Z%^F(RY4(qbNG>0+0!okh&KOR{V(Qg#pbZn{F)N}R?}n94ViCpZ9!z3 zj|2ar{>%8~^JVFi@!9>flZEr_;M59u>&I2Cdu#VIP`&Dkf%f|wL03aVs@Jsh{#`7+ zvl{Pp!V$HVy)5tjp6z$?Je6-W9~%166E{lxOO|#7toqB`Kk>i^Q&x4bIZ-=&0Q%e` zmlN>F)|4{f^H&2!GuY6*PVIfX;`F;W9$mFf8DBz|Ulf-P9W=g}x%=Fwq(x7jtz_4i z%BB@&Sf$=Ky-(KlPF;U3sy+2uj%9k`9Pi-yBM*{Z#}wWRjl%El(s_3^mSZBnhNJ`` zQ1!`c5Fc(@?9gUj`2NaGC*0gme$hx;jwai`+?ecu#b#95@;}bIn;q?s^}F7*MLw!Nd!0mp`g9f#BEs^8mR=A_-r^Lpah7vrR?Ag{jd z-E;RK;U!iv3|=>QE5tPK7kt-&(}x?PgxlBeo(m7iUu=La+faWc>z43+W$L!zB+%Bw zeW!yu$hlu0_MNuG0xu-;ysU$?&GMCI$XZhSwKd1C7k_)63A9Uoji?V<@>TN5cT31_ zsn4HT#||Xl%5S(;P=1IM?UO%tKE-|FGp%4pR>fxw?@sB7={5BfS92cFNGp9BoCnLO zA%F0c^j`N|-92$D^>r%qzaHX`TuDQIdUpU~S>%+$EkPOc;oN|X>`U)F?_0~MBUa#p z%O;E)xuDX!B{g6H={aq~%tb>Ly`5W*goaCZAyLmrY>$r@ik=}!)G0}ML82hG=*oXh zPxcgsMZ;H}pl>+*s`cyWv6Nq=TRjidTwT%XHuw2v;pgqWdGkwpkt`~uHZxLt=tyGd z?W(anj>)g)<&?7r0`>F1;kNbcF4LWcktdq`sv!} z)BgnI`=@DPkq^WJTPoR&wszPBbY`z4Z*k=x=QUp&JUqOH=3=_xDUt2=CErLF zI)4USkl*$jM&9#LVb1@NGUJ%Zdqd7cift7Ojz2b*X-wf*0=nE-+6% zU%i6nmFOQid*0{t=L5aJ-+f#6tSun8`f1jVK?c2MfL&AZqU#2s-}BYMLTYe!bWf2* zl<)hl^N-KDrMh>uJ2l~s+`QriEjx`=c5eH~+jqQ0@S{wWzj^GdOg`{dKN zpQ}Fa5c1Dt#IBHTU&(s05*6FtHfvfcWGP3}xuw?k*K?1?u@C>L91s3eG_+(|TH2>6 znYr_vRd#kUtiPsNpbGlYELs}%a%}T$P44KE;TZ1e<=Z@*Xj?03?+QSp*T@5q_wA)O zQ&*3B=%E#PVMCYe$+bMNJM?bnNzUwzb7tN1ox2mbX3Hy|tQnf;9fv%sH(9+_)QApr zpO`zHeU794N1Rz66Zi7__`DPy@?%)*#IAHx>_G(8`|P@o>%P6V!;d$w{I7!_Q@K07 z%^~$1$QnU}bP-48Ym3K$)`m;k_ti0Ntjh})9Wy2P)?5hINI#yovi1-S8gPHFIUDhk zxRMb97+@BUwP4m{v|X13sC(UWaw3ba<|i^A?f|{Em`+{>DhgLDRUQu{q1u!I_0xGJ@cq0 z*_OUo;aX@%!Qq?|Gth+K2@|~FxO7JJLMNVL}t#o6J36E^Mo7rO!McwRUiI1 z{`0i|qao*xws*Ts@8L5m$Ai(X+J8s8X4G zu&})5C}&Ae;5{slf7T0+A)S6N+S@3P@7CG)$w+gP<7V-&5ITXSt8YQX!9|GOG-sV8T0 z`&#*2f5EX8u3YQt99-HVLP@SW?xu0)i0`rI>V9Q*@VBR_e-Bo?*e$3Zal0QJ(>Z&v K@eI!09QS`MY|B*u literal 0 HcmV?d00001 diff --git a/reference/secrets/mutt_app_password.age b/reference/users/youwen/secrets/mutt_app_password.age similarity index 100% rename from reference/secrets/mutt_app_password.age rename to reference/users/youwen/secrets/mutt_app_password.age diff --git a/reference/secrets/secrets.nix b/reference/users/youwen/secrets/secrets.nix similarity index 96% rename from reference/secrets/secrets.nix rename to reference/users/youwen/secrets/secrets.nix index eb4389f..99bb449 100644 --- a/reference/secrets/secrets.nix +++ b/reference/users/youwen/secrets/secrets.nix @@ -11,5 +11,5 @@ in "youwen_ucsb_client_secret.age".publicKeys = users ++ systems; "tincan_app_password.age".publicKeys = users ++ systems; "github_cli_secret_config.age".publicKeys = users ++ systems; - "nix_config_github_pat.age".publicKeys = users ++ systems; + "github_ssh_priv_key.age".publicKeys = users ++ systems; } diff --git a/reference/secrets/tincan_app_password.age b/reference/users/youwen/secrets/tincan_app_password.age similarity index 100% rename from reference/secrets/tincan_app_password.age rename to reference/users/youwen/secrets/tincan_app_password.age diff --git a/reference/secrets/youwen@ucsb.edu.tokens b/reference/users/youwen/secrets/youwen@ucsb.edu.tokens similarity index 100% rename from reference/secrets/youwen@ucsb.edu.tokens rename to reference/users/youwen/secrets/youwen@ucsb.edu.tokens diff --git a/reference/secrets/youwen_ucsb_client_id.age b/reference/users/youwen/secrets/youwen_ucsb_client_id.age similarity index 100% rename from reference/secrets/youwen_ucsb_client_id.age rename to reference/users/youwen/secrets/youwen_ucsb_client_id.age diff --git a/reference/secrets/youwen_ucsb_client_secret.age b/reference/users/youwen/secrets/youwen_ucsb_client_secret.age similarity index 100% rename from reference/secrets/youwen_ucsb_client_secret.age rename to reference/users/youwen/secrets/youwen_ucsb_client_secret.age diff --git a/reference/secrets/youwenw_app_password.age b/reference/users/youwen/secrets/youwenw_app_password.age similarity index 100% rename from reference/secrets/youwenw_app_password.age rename to reference/users/youwen/secrets/youwenw_app_password.age