rekey + properly put <access>:<secret>

2022-12-23 03:28:19 -07:00 · 2022-12-23 03:28:19 -07:00 · 5d49888ac7
parent 4c1e532876
commit 5d49888ac7
5 changed files with 40 additions and 17 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +0,0 @@
-secrets/
--- a/nix-conf/secrets.nix
+++ b/nix-conf/secrets.nix
@ -0,0 +1,15 @@
+let 
+  # user-specific (~/.ssh/id_ed25519.pub)
+  users = {
+    "hungtr@bao" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+1+gps6phbZboIb9fH51VNPUCkhSSOAbkI3tq3Ou0Z";
+  };
+  # System-specific settings (/etc/ssh/ssh_hsot_ed25519_key.pub)
+  systems = {
+    "bao" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBuAaAE7TiQmMH300VRj/pYCri1qPmHjd+y9aX2J0Fs";
+  };
+  all = users // systems;
+  # stands for calculus
+  c_ = builtins;
+in {
+  "system/secrets/s3fs.age".publicKeys = c_.attrValues (all);
+}
--- a/nix-conf/system/flake.nix
+++ b/nix-conf/system/flake.nix
@ -16,6 +16,7 @@
      base_modules = [
        agenix.nixosModule
        {
+          age.secrets.s3fs.file = ./secrets/s3fs.age;
          environment.systemPackages = additionalPackages;
        }
      ];
@ -224,21 +225,19 @@
                  (lib.mapAttrsToList (name: value: "${name}${lib.optionalString (value != null) "=${value}"}") conf));
              in "${mount_dest} ${confToBackendArg backend_args} ${s3fs-exec}#${bucket}";
              personalStorage = [
-                # (autofs-s3fs_entry {
-                #   mount_dest = "hot";
-                #   backend_args = {
-                #     "-fstype" = "fuse";
-                #     use_cache = "/tmp";
-                #     del_cache = null;
-                #     allow_other = null;
-                #     url = "https://f5i0.ph.idrivee2-32.com";
-                #     # TODO: builtins.readFile requires a Git-controlled file
-                #     passwd_file = (pkgs.writeText "env.s3fs.idrive" (builtins.readFile 
-                #       ./../../secrets/env.s3fs
-                #     ));
-                #   };
-                #   bucket = "hungtr-hot";
-                # })
+                (autofs-s3fs_entry {
+                  mount_dest = "hot";
+                  backend_args = {
+                    "-fstype" = "fuse";
+                    use_cache = "/tmp";
+                    del_cache = null;
+                    allow_other = null;
+                    url = "https://f5i0.ph.idrivee2-32.com";
+                    # TODO: builtins.readFile requires a Git-controlled file
+                    passwd_file = config.age.secrets.s3fs.path;
+                  };
+                  bucket = "hungtr-hot";
+                })
              ];
              persoConf = pkgs.writeText "personal" (builtins.concatStringsSep "\n" personalStorage);
            in {
--- a/nix-conf/system/secrets/s3fs.age
+++ b/nix-conf/system/secrets/s3fs.age
@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 ahbzMg 6pTVLAgOY/JZVWiCFHLo8xQ4/CL6620IMaBRpqI8Wws
+CtJeQuy5VzKZhJnIH+/cjlKsAcg0RY2bhHTWVm+hUOY
+-> ssh-ed25519 glsjZQ we7RCgsnODTJ8rKYhU+9tu0DmLH+98mcQKQ3I2slikM
+G81lsFLQR9polxme1K/MU2d8Y01PrTqtzJnVq0EMJF0
+-> |-grease B\W,I9z ^Gx;$ Kk7!4,P
+0Jl5Lhx7R8YOs9S+hUtQDDpNIqBhC/MM0N7w1MCtwYtkIIIWKfY9jkJ7+Cew2Ee5
+Qb04jnE
+--- b7AXWRgK45a/91iwmwt5g+CWOlU/2f4nUDfXlg/bs9A
+¢²%;Þ3RmQÚ‹WhpÌ–VŠ;º×®¡¥VÍÚñ[zš9al¦±=cLêüva<>ëu7é,†tø±’ýUÜ¶h^&å‰Ö¿WåJP6-ÇÒ£
n‘-ˆ¿=™]
--- a/ssh/authorized_keys
+++ b/ssh/authorized_keys
@ -1,7 +1,7 @@
-sh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgmng5xL/auvI2F8ufFAfId2Ey55ONHjgnKKSEWLVWkPMutXT3BCnSglNAuEVRLX2zfzg3beQd80AHTow+qro5QWI/rYfeL1QPNEwoThbRFcvtWLTlgzBGA4ejjpIF9sCPNp0sXrrQRfxRP7w4b23BcRJQcsDoaEtKGKJZ2GQIoOafkYypwcunANb54EAouZTfHEPKDr26Gfw8usc2Sae32G/80QLBF2jGabyexJjNE3F6hdJTwq5iiqIVdSr4ue82zo3M8jBdtCMDGaOliI5RWSa9iuX9o2scCGDU69Gkw7ma+JHOP/e9Z8sUz03TkjPbEnGi3EC3YAHEoDzmwqTi07hppCuzacLB5NZ9UZ1g5PzBIZR8TJTONngT08EQyGrkNv2sUnn0dtBqve5tHR04NuXy65ym7Iwl2DDVbAL0NlM4gKWzOGZ2CnSLT0WmkG2sQKU37NmS2pBJ8RXJBatUFe4vQVzqlFj39iRGIBV5XR0I9xcxDfCxBHFs3aIqAqE= hwtr@hwtr-prince
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0Z5noQn3mHy5yiN3n6YyOKRhlQT6fx4NLmI/3d4vY6 root@Fel
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClSDhyOeehUOIMdRonTDD9h7kBbzC3c/QG650S7vfhLE67UNt5tuUjazQg7pFj3O/5WnyqCpBOMJoPaSZ0S5gGdo4h4xatPUBAGDjMygKhg4VA0x7Lr3Tbc1CF8dyuRKVlB+aIWLIyLHHPL5wDao7tnvmuCGKDyaV8XFaKpzRZqAlpfn8svR90Y4wNFYr1V+F+Y6r8reB1Rph6A9BY4niDKY0MbFhvTj6VJQf++1ji0FziACVpYI9aqAcZ4ngReUtgWiIsnq5UMfrEk0vYBG/3KsYElaRig76Bucz1fBA16iAgQua1hthPifsw8vmaK5k6Q3c2SOdc5PGF6IlTfSGJ root@Fel
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD49VHCU8S6zqNsaS0SFiVqULmOWtyVOIeteYSOznzTHJ0dVjXnamuj/uVsSXRkYIIdAkABWQm9WKELUC2SBBE7DgDj+Izv3cO7QkAJ9v1cxV1P1efrTytz8XtyX++XYygxXCwZ5zyqxhSF5ZW+FO0CNRx1cNisAhF6AMzoXRsyF1dqNioitXTN0xh0xx2mR0Bb3zy1kYNZVwn1uBYyd4Hz6CBgJ7Xi6d/STXWcmc0XnEJTllNSQNEpI6vJjL62JmUPubqDjVKh4awiPRPiw9By1FGaGVtHhOZ+8AvVMTps07GNVJ+XZi1DJLmeItpiCwYsWh96HCp3lup0onLzubpP pi@raspberrypi
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFQN5Ia8rTalnQgcvdxH2n7UNNT1Tq9UvNdJeg9ziJtUkKaC6H4NM4ArOEZ60izANOQX1crAD8hmBmz1Go8/4P3VXTYlTb7eDyZqLyncOe/shBXeVVLxJWzhEj60RTgecnmNYdtRAm+9INbPW/Bvcj8U2KyaykIXZGdjIuZ7TPruHjITxZYR+dkDOoVkJuYJMdYzxyHZpylPh+HjgDDvUG3oNJtj4ri5JKwLAMyq5t5S1JcLx4rXivrKREizUMMG8LzWSfjeByTzF8+lHtUdP94ygG02v/6Jod/g6taUQS9Yu+NDFqkKjRH3H9jgyd/DVGsRw5akBWbR81DATtTprx ssh-key-2022-12-15
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgmng5xL/auvI2F8ufFAfId2Ey55ONHjgnKKSEWLVWkPMutXT3BCnSglNAuEVRLX2zfzg3beQd80AHTow+qro5QWI/rYfeL1QPNEwoThbRFcvtWLTlgzBGA4ejjpIF9sCPNp0sXrrQRfxRP7w4b23BcRJQcsDoaEtKGKJZ2GQIoOafkYypwcunANb54EAouZTfHEPKDr26Gfw8usc2Sae32G/80QLBF2jGabyexJjNE3F6hdJTwq5iiqIVdSr4ue82zo3M8jBdtCMDGaOliI5RWSa9iuX9o2scCGDU69Gkw7ma+JHOP/e9Z8sUz03TkjPbEnGi3EC3YAHEoDzmwqTi07hppCuzacLB5NZ9UZ1g5PzBIZR8TJTONngT08EQyGrkNv2sUnn0dtBqve5tHR04NuXy65ym7Iwl2DDVbAL0NlM4gKWzOGZ2CnSLT0WmkG2sQKU37NmS2pBJ8RXJBatUFe4vQVzqlFj39iRGIBV5XR0I9xcxDfCxBHFs3aIqAqE= hwtr@hwtr-prince
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/UzKwmFsAlLoCXvOq2lsC1sr1BRDW5uPkdcYUfQ7z4JowL/pscoTV9zjfJd1hPBvHLBvn7gs7gWt0wNnJfD1Oor26VreHjhi1PZE2kovrEzjmPoz+GqMPciV+HF9XNIRwDiHlUNFPt9qJjAJXJCFhzcmT9q0JQuPlNgJtQ6+By7RgPuJczpf17IbxpheLcXqtOFcTHyRT01KijIPhAtWRlmG5dahVuu50EfpmHRYZ8nCJJqkuJ6uRbFaPE6mYLnXLSzJUdyakYnzWbCd5phpoGAuFyQZnS503CFZUOFCnNEN8QfO2DXihp7lvrzzpI6PgcpvpotSo9kYFiEuB+DRlBQcVMWL0lUk2J1JHJH83y3CxwH0pUc7E1k6FAZE4pv4x0KEvbZSvmb8jAGWZkn4HvZCwXR5wGVi22s6RCdIHvR2PCpAy+ZSjpM+2FJIqDHpxY/vo3ktM9rpeCSwp14F/iiw6nanVq/KZBpCZ2paMcAU4WreCFZiPdGsdiixYlts= hungtr@bao
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAW4E8L/zGkcqixJo1102ddqeexoBMHIhXRXpWR3dTmJtbaaVbo4+rHRsjHPvHif9CRfi+BQ8CHG3zmBjH7DZPZIRCVtkms1EDe1k/G3fEnfgYc6gboJfoTdLkVjNOtdStTi03dCA/riQqUKc7/v16R5ZXIAmNCnmMHelObCSDPzYg8psZAUk1ZZY//pnhp9JRPsC2JxsshN7HCNIED9aFgrJkvUt+wUVGjVHzyQwyR6J7m1yyoivTwdmYdulG7OriLeeNq8vkoDmLGgLSC+zKehzJYOZsH3EKuxuZjQ3J9tK/NseQOhsQglRHE/OvphMwT/J96gl9dZR/LQXp4S6hwLccTzFfs8rLaTOIK6CEpqBUuBonot/1vJP5j5E73hfkHwZO7TQKwfXtpRCxCl5Nm3cB2Y3kz5mArDiwWioVsX4qd0XR0F9MFtuTVTn2f4K/Gwr9P3XMkLWXU1+1KbQiWIg+Zf5DpQgBW5HWryZzsMcjyMC2I2BJCl6Q+V8ofSM= nixos@Felia