base: add sops keys for everyone and everything

This commit is contained in:
h7x4 2024-04-01 23:45:29 +02:00
parent 06bd93e5d1
commit fde69ca283
No known key found for this signature in database
GPG Key ID: 9F2F7D8250F35146
3 changed files with 10 additions and 0 deletions

View File

@ -17,6 +17,10 @@ creation_rules:
key_groups: key_groups:
- age: - age:
- *host_jokum - *host_jokum
- *host_ildkule
- *host_bekkalokk
- *host_bicep
- *user_danio - *user_danio
- *user_felixalb - *user_felixalb
- *user_eirikwit - *user_eirikwit

View File

@ -84,6 +84,12 @@
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
}; };
sops.age = {
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
# nginx return 444 for all nonexistent virtualhosts # nginx return 444 for all nonexistent virtualhosts
systemd.services.nginx.after = [ "generate-snakeoil-certs.service" ]; systemd.services.nginx.after = [ "generate-snakeoil-certs.service" ];

0
secrets/common.yaml Normal file
View File