services/secrets: move age files to secrets/

nicekoishi · Sep 14, 2024 · 7f39ec7 · 7f39ec7
1 parent e01eaf5
commit 7f39ec7
Show file tree

Hide file tree

Showing 6 changed files with 39 additions and 9 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -1,5 +1,12 @@
+# https://github.com/NotAShelf/nyx/blob/d407b4d6e5ab7f60350af61a3d73a62a5e9ac660/.gitattributes
+# Always use LF line endings so that if a repo is accessed
+# in Unix via a file share from Windows, the scripts will
+# work as expected.
+*.sh text eol=lf
+
 *.envrc
 *.lock -diff
+*LICENSE -diff
 
 *.age binary
 *.age linguist-detectable=false

diff --git a/modules/system/core/environment/user.nix b/modules/system/core/environment/user.nix
@@ -1,6 +1,6 @@
 {pkgs, ...}: let
   keys = [
-    # polaris, cursed gpg to ssh key
+    # polaris, and one second... isn't this already on by default?
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMt/fj0+1c7Ktr9WQCqYHoi3jWSxV8/cwEUaT/92DA7q"
 
     # android phone, just for testing

diff --git a/modules/system/services/secrets/default.nix b/modules/system/services/secrets/default.nix
@@ -1,8 +1,9 @@
-{
-  # NOTE: move to separate folders if more than one!
+# NOTE: this is just the module configuration, for the actual secrets go back
+# ${self}/secrets is for the agenix cli tool only
+{self, ...}: {
   age.secrets = {
     tailscale-key = {
-      file = ./tailscale.age;
+      file = "${self}/secrets/tailscale.age";
       owner = "supeen";
       group = "users";
       mode = "400";

diff --git a/modules/system/services/secrets/tailscale.age b/modules/system/services/secrets/tailscale.age
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
@@ -0,0 +1,27 @@
+/*
+why is this necessary just to use the cli?
+is there a better way to do this?
+send help
+
+Let's document this here it I forget it for some reason
+
+For some unknown, dumb reason, I though that running `rm -rf ~/.ssh` would be a good idea.
+It wasn't, and so I had to find a way to recover my private key - it was stored on the gpg-agent still.
+Using `pgp2ssh`, you can derive it with just one command, and it has a flake as well!
+I just had some problems using a .gpg extension, but renaming it to priv.asc fixed it
+
+  `nix run github:pinpox/pgp2ssh`
+
+Also, here is the link to the repository it future me is feeling lazy (dumbass)
+  https://github.com/pinpox/pgp2ssh
+*/
+let
+  # User keys
+  supeen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGe2kpQYXqM0SG7QCiPN1vLeTehGL/l2BGYBrzDz8Ou6";
+
+  # Host keys
+  # agenix, why do I have to put this here if it's already my host key:?
+  polaris = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMt/fj0+1c7Ktr9WQCqYHoi3jWSxV8/cwEUaT/92DA7q";
+in {
+  "tailscale.age".publicKeys = [supeen polaris];
+}
diff --git a/secrets/tailscale.age b/secrets/tailscale.age