diff --git a/Makefile b/Makefile index 5668c684..3813ec43 100644 --- a/Makefile +++ b/Makefile @@ -61,17 +61,30 @@ get_age_public_key: # ############################################################################ -.PHONY: ask-path secrets - -ask-path: - @echo "Enter the path to the secrets.yaml file: " - @read SECRETS_PATH; \ - echo "You entered: $$SECRETS_PATH" +.PHONY: secrets secrets: - ask-path - @echo "Creating secrets..." - @nix --experimental-features 'nix-command flakes' run nixpkgs#sops secrets.yaml > $(SECRETS_PATH) + @echo "Enter the path where the encrypted secrets.yaml file will be saved: " + @read SECRETS_PATH; \ + if [ "$${SECRETS_PATH:0:1}" != "/" ]; then \ + SECRETS_PATH="$(CURDIR)/$$SECRETS_PATH"; \ + fi; \ + DIR_PATH=$$(dirname $$SECRETS_PATH); \ + if [ ! -d "$$DIR_PATH" ]; then \ + echo "The directory $$DIR_PATH does not exist. Do you want to create it? [y/N]:"; \ + read CONFIRM; \ + if [ "$$CONFIRM" != "y" ] && [ "$$CONFIRM" != "Y" ]; then \ + echo "Exiting. Directory not created."; \ + exit 1; \ + fi; \ + mkdir -p $$DIR_PATH; \ + echo "Directory $$DIR_PATH created."; \ + fi; \ + echo "The encrypted secrets.yaml will be created at: $$SECRETS_PATH"; \ + cd $$SECRETS_PATH + echo "Creating and encrypting secrets.yaml..."; \ + nix --experimental-features 'nix-command flakes' run nixpkgs#sops secrets.yaml \ + echo "Encrypted secrets.yaml created at: $$SECRETS_PATH" ############################################################################ diff --git a/hosts/common/secrets.yaml b/hosts/common/secrets.yaml new file mode 100644 index 00000000..a94cba7b --- /dev/null +++ b/hosts/common/secrets.yaml @@ -0,0 +1,39 @@ +administrator-password: ENC[AES256_GCM,data:0p7PnnzcYX4O8lQ=,iv:fi0yBT7L8d/W4jKPoyLzvZEmhHUAJ9fPhfkfwRuSDcI=,tag:e8hMJIyKfWJenhmalq7yPg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1t8mqf0rjwrwg23v9q5rstdhxdvq0la58tue6sq3d44jev5dgfqjscnryge + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAySGJQS281OVlDU2daYUN4 + UFBpcjNpdENXZlc1Y3U3TTV5cDViQlVQSzJFClZOdGF4K2ZXcVJpQ3VjL242czNr + dWZTUTU4emE5dXRjWWtwSndyVE1PcjAKLS0tIFMrdzhoT2ZtL0ZDMFdlR0VvSFZM + WVdJUE15V2o0MmQ0R0w3c0R6WEFiTjQKFZdD4K7GkVYvm0sGFlQhQIka1kq+9NdS + VhKWaDwwlE35O4nFwDMr/wqAsG2yaViQFhFH08nbTJglUHnuVuJYyQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1z579g6gth8cxtqvha7ms98mpshy5n5hssc637jeqaan78rf0mppq4u93cv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdVRkeXpUNnlCcXlDQlp2 + TTFnenFRbEZjMVA5ajRFbkl5MC9JL3pnS0JNCngzbWRQY051ZnFJL2pCTEpVNmgy + UnFDcTZ4d2NKSnZFTmI1dE9UUllrYU0KLS0tIE04WUlvRjFzcVY4cDhkSU8vUHAr + bmZOc2RaMkVQdUliRTRVTjM4dXRSMWsKDJDy4PGp/OjCyp+hgSRm7x42ZxsCEDFO + y4JI9mOEwjfA5lg6dkyUvLEnGi3uwNBd5NKGDFVstDOjjcti77uA+w== + -----END AGE ENCRYPTED FILE----- + - recipient: age1t8mqf0rjwrwg23v9q5rstdhxdvq0la58tue6sq3d44jev5dgfqjscnryge + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkdU55eTBpeHdFTnJNaVVH + ZFMxa1hoN0I2S0pwT0dYcFl0MHhUaEZvekhFCmlEUHZOcFJZVDFhSnJuaEgvNW56 + RFc0UFM2bFgrMmRjMThoemRTNHlYSDQKLS0tIEU0Nlp5K200dHpSRWRrS09JZVR4 + RW9mTStkTGdvTnh3dWZoYkZyMGFJT2cKGhX2E9JI3fTK940S2vvnhsJ77+xn+wzQ + YR354bHkIwIxl/yzgRxt02oVDFudyo/ruZ77oh9wHpn+ISv2FQ7A8g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-02-26T17:08:57Z" + mac: ENC[AES256_GCM,data:OJ/L4DPHCCWhqKhZ5O9rSmiycStJJj6Y7o1KJlz/fplBbweJ2Jnvz/jpPNJGbSBTjZj521vpF5qYYNu3gADImSUiecpbFSmJf/4MeCuUTf9SOC5gnSpVb/1RXFkpmXZoEAZk3FFZlyU3MrIb5dDQBL9fkUFnhtfyjwGUn1qqXIg=,iv:KvC0qHFWx34eNEFvBR1bkTOP0Mq4mxtxDW5kgmh6wHs=,tag:M/+mmR2yngxK5dfzY8TCvw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/hosts/common/users/administrator/default.nix b/hosts/common/users/administrator/default.nix index ec2e9327..43a85bb9 100644 --- a/hosts/common/users/administrator/default.nix +++ b/hosts/common/users/administrator/default.nix @@ -11,7 +11,7 @@ in # users.mutableUsers = false; users.users.administrator = { isNormalUser = true; - shell = "${pkgs.zsh}/bin/bash"; + shell = "${pkgs.zsh}/bin/zsh"; extraGroups = [ "wheel" "video" diff --git a/hosts/frametop/ssh_host_rsa_key.pub b/hosts/frametop/ssh_host_rsa_key.pub index 857e647a..bff0f7a4 100644 --- a/hosts/frametop/ssh_host_rsa_key.pub +++ b/hosts/frametop/ssh_host_rsa_key.pub @@ -1 +1 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZMsEfq2O3vLzvAqsL1BTmL9bOfmwMfBU/rkJy8JxbtELE+sRLrEgSfoOFt5Zc9LHIqKoFo4qjtjXTA6u45rDWbBg3mCfDCCU5kNrTwqi8acXxqNp61SgaTlzopPGp24L0MyCYvDxDa8YNsBxWjFXYuginwhDQ4Y+a2tiR8OdM2BTOtYzY7rd2qMKVasUjgXeBfVxojiWEqCvio02SJ3myLCSe+KA6vYoVepccKGgebX5pXOMH0SecHLd6CMrH0pZkDU0se95aV2bFdKQgX9sAeg4E2p+4Hwq3SAkhWjGqAmJH/meSB5PrWD+OpGA8zwU4t+PXI7NfKAnqAg5cfHeZ9xmV3KPa6+5dJ+JckHzU6ABqdnRPSuaae3oJny2khsnCit0dS6zv5Gvhuc+rT1j2if/gZuDPsbKf8087ZcmoOojmzDS69U16yEONA9WhaXecKX2xRRBKtOiilOSAruG1BZRORPV55KPQ92LjmrEPB9bz02HzznZTMw9SAGB6xlc= administrator@woody +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZMsEfq2O3vLzvAqsL1BTmL9bOfmwMfBU/rkJy8JxbtELE+sRLrEgSfoOFt5Zc9LHIqKoFo4qjtjXTA6u45rDWbBg3mCfDCCU5kNrTwqi8acXxqNp61SgaTlzopPGp24L0MyCYvDxDa8YNsBxWjFXYuginwhDQ4Y+a2tiR8OdM2BTOtYzY7rd2qMKVasUjgXeBfVxojiWEqCvio02SJ3myLCSe+KA6vYoVepccKGgebX5pXOMH0SecHLd6CMrH0pZkDU0se95aV2bFdKQgX9sAeg4E2p+4Hwq3SAkhWjGqAmJH/meSB5PrWD+OpGA8zwU4t+PXI7NfKAnqAg5cfHeZ9xmV3KPa6+5dJ+JckHzU6ABqdnRPSuaae3oJny2khsnCit0dS6zv5Gvhuc+rT1j2if/gZuDPsbKf8087ZcmoOojmzDS69U16yEONA9WhaXecKX2xRRBKtOiilOSAruG1BZRORPV55KPQ92LjmrEPB9bz02HzznZTMw9SAGB6xlc= administrator@frametop diff --git a/hosts/woody/ssh_host_ed25519_key.pub b/hosts/woody/ssh_host_ed25519_key.pub index fc2b8d85..7bbd2c4e 100644 --- a/hosts/woody/ssh_host_ed25519_key.pub +++ b/hosts/woody/ssh_host_ed25519_key.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+GFRs3psesCwnY5kLAmtRKRbUXrTUcOUNsdaCTuLyW administrator@frametop +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+GFRs3psesCwnY5kLAmtRKRbUXrTUcOUNsdaCTuLyW administrator@woody