diff --git a/flake.lock b/flake.lock index 1da4f02..0d9e9f4 100644 --- a/flake.lock +++ b/flake.lock @@ -58,11 +58,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1686226982, - "narHash": "sha256-nLuiPoeiVfqqzeq9rmXxpybh77VS37dsY/k8N2LoxVg=", + "lastModified": 1686412476, + "narHash": "sha256-inl9SVk6o5h75XKC79qrDCAobTD1Jxh6kVYTZKHzewA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a64b73e07d4aa65cfcbda29ecf78eaf9e72e44bd", + "rev": "21951114383770f96ae528d0ae68824557768e81", "type": "github" }, "original": { @@ -74,11 +74,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1685758009, - "narHash": "sha256-IT4Z5WGhafrq+xbDTyuKrRPRQ1f+kVOtE+4JU1CHFeo=", + "lastModified": 1686392259, + "narHash": "sha256-hqSS9hKhWldIZr1bBp9xKhIznnGPICGKzuehd2LH0UA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "eaf03591711b46d21abc7082a8ebee4681f9dbeb", + "rev": "ef24b2fa0c5f290a35064b847bc211f25cb85c88", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1686237827, - "narHash": "sha256-fAZB+Zkcmc+qlauiFnIH9+2qgwM0NO/ru5pWEw3tDow=", + "lastModified": 1686331006, + "narHash": "sha256-hElRDWUNG655aqF0awu+h5cmDN+I/dQcChRt2tGuGGU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "81ed90058a851eb73be835c770e062c6938c8a9e", + "rev": "85bcb95aa83be667e562e781e9d186c57a07d757", "type": "github" }, "original": { @@ -120,11 +120,11 @@ ] }, "locked": { - "lastModified": 1686341580, - "narHash": "sha256-JumpdYiL/ssIPArxY+3KI1Fyi1C9ggJEYdF34/DTEts=", + "lastModified": 1686449378, + "narHash": "sha256-zPHl5NNhydRKiGhFl9oJ7BJqd7DfPYApE83QQsV9avE=", "owner": "asonix", "repo": "nixos-rockchip", - "rev": "7ebd16810ab4ba77c3ffab09db50a980e3dee9a3", + "rev": "55f848fc3e6f661bc596a639626a45360fb53a8f", "type": "github" }, "original": { @@ -151,11 +151,11 @@ "rockchip": "rockchip" }, "locked": { - "lastModified": 1686342717, - "narHash": "sha256-aPhcv5ZQ3LuTMvRF7snPX7ev5nuHuv42ucs9QD6Pqt4=", + "lastModified": 1686450523, + "narHash": "sha256-rG6fgWifjGoMbpntqFDXwLs/+/2eoKaUPI9i9WNdOT8=", "ref": "asonix/nabam-sd-image", - "rev": "5e2fd84b853a91adeb3163f805ab56d56f856b10", - "revCount": 45, + "rev": "d544a81345757d64f4c6c0efc3a77ebe249c9f40", + "revCount": 46, "type": "git", "url": "https://git.asonix.dog/asonix/sd-images" }, @@ -173,11 +173,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1685848844, - "narHash": "sha256-Iury+/SVbAwLES76QJSiKFiQDzmf/8Hsq8j54WF2qyw=", + "lastModified": 1686453485, + "narHash": "sha256-75iPAcS6xuw4SNfqLmFCi9wWG1JmDNKaC8l3WJUkmDk=", "owner": "Mic92", "repo": "sops-nix", - "rev": "a522e12ee35e50fa7d902a164a9796e420e6e75b", + "rev": "cb85e297937af1bd1434cf5f85a3f86a21dc8207", "type": "github" }, "original": { diff --git a/modules/shared/default.nix b/modules/shared/default.nix index 91a30b1..82956a5 100644 --- a/modules/shared/default.nix +++ b/modules/shared/default.nix @@ -1,8 +1,20 @@ +{ config, ... }: + { services.openssh.settings.PasswordAuthentication = false; sops = { age.keyFile = "/home/asonix/.config/sops/age/keys.txt"; age.generateKey = true; + + secrets.builderKey = { + format = "binary"; + sopsFile = ../../secrets/builderKey.bin; + }; }; + + nix.extraOptions = '' + builders = ssh://builder@192.168.5.10?ssh-key=${config.sops.secrets.builderKey.path} + builders-use-substitutes = false + ''; } diff --git a/secrets/builderKey.bin b/secrets/builderKey.bin new file mode 100644 index 0000000..fef5de0 --- /dev/null +++ b/secrets/builderKey.bin @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:KPc+VYXjcmubD9E8aQrP+efbERODF3U2SVP/O8sA57OIdBnfIsImnTkdYt50x8IlT1gt+luSNZ+fLVs4jjxuKPtoMs+t7LTRP0TJQDkYKVrwEyqxkKUE5e1jXtjPSLI8mMgBJipQy4rkONvCjSd58OdeV9EVFIBbxrS6EjmFRvTHxLf5vR08A0M0ACfwzStVZGi22gOpr98oYomoFbR7k4AlhR/RIvq7glwjg4OZRqRsbKFKIs9+qxnkIJN8TmwmLUfjzwxvHtIFM9/UXzLc27plmZeuhGdUvqPVxPz++otC0A/v9YpZGer6AM5TQbotCHVgaQ1jFATjTvbpu0O+iaeGVeC8qvDWnKTOMIOS+gC40lNyU+5u+dJ0WngpjJcXDwAuXJ62qewtiOhnFjKkXudwQk3G7BBe9skEX1ga6VUJQa3He6nAvt/0xsPtl2rdlVHMwztjgt9T6Tt+mCwvz94jTXj0DHequSwMybDX9Lr/LOELa7qJ0w9pVwo3Imy9LznUXGFrKKSbingFtL3/jSbY0Vfovqi1W2Hv,iv:X7nVHg0cm84MNBeFhmPNLsp9pEoGcw/0cZojFnfQn6U=,tag:21iM7c5kGhf3l7nX8SKkaQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age17yhtwnhqjssghc5qqamt0fqdu27zpqms8d8ghrc0txeevywfp3ssklfy57", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLVzZzdlIyNitENUxUaCtE\nbUhxOXFrQXNCQkdjTzZwNHo4MzNPbUI1WGdNCjBuSHE5b0Vvb2d0SFRXRnQ3Ums3\nOHNyK2VuUGRpak1URVVsdGtYQm41RXcKLS0tIEI2TksyWCs1V1RQeCtaczhmenNp\nV09nL1VudDN1ZnJMWmhXY0JiYVIvZmcKZ7CvSrWhXZIUo/fB5S0UR37OVMp9W/BS\ngzrBAvL/a7y3NPafovjsJh4rrd6DkvO4xSy5q341y+3rTnL+POSheQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age145uwrexj6ffaaxy7jg3j29gtchhwy0y0nttw06zeuxkqsy8rnpds7fh7xq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaK0xLVkNyelRwSWRKdG1U\nWjdCNUhaekZHYVJ2WDJlTkhuMThWYU5POFFVCktHaVF5MXByamNwREhIVmN0eEJp\nYzR5TjBuR0Vxbld6WkZKVEhKT3NmYkEKLS0tIDdvVHRJNndFTDlWbGYxeVQraENI\nd1pNME9HYkhoakdFWGJtTldBY2tLdEUKlcBcaMNBVtsdi6xCEtprC2U5hkJ3iOps\n7ZCx9orSKxqSck0BSVEj6W1YWB2qVC6aWhU77EphgTudMnM7iLK+zA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2023-06-12T16:34:05Z", + "mac": "ENC[AES256_GCM,data:n+qaQaqHp76hGsY1iI7RjwLPFqQHdc7iGqPwv8S58pXd2AFmJJqg8g+34Qh5VGPid4+A8MKXIqCFuXqUjzcFmum1oQp+m8uDLa8NwAI5UBXhGNoxA7VwSdlDPEJxzLaJuA+pvlZYHFMQnFnIQmUDyQwMy9LW8O97MiHKcWleKGk=,iv:x3diVVnx/hMbe4PFF8tOlyauEDmVB7unyRR4sDET2+M=,tag:vRp25j0XVU38DydlqAy3cw==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file