From 7f39ec75c14d8582804e7e0b187a91487430a975 Mon Sep 17 00:00:00 2001
From: Lucas Portela <contato.koish@gmail.com>
Date: Sat, 14 Sep 2024 18:34:20 -0300
Subject: [PATCH] services/secrets: move age files to secrets/

---
 .gitattributes                                |   7 +++++
 modules/system/core/environment/user.nix      |   2 +-
 modules/system/services/secrets/default.nix   |   7 +++--
 modules/system/services/secrets/tailscale.age |   5 ----
 secrets/secrets.nix                           |  27 ++++++++++++++++++
 secrets/tailscale.age                         | Bin 0 -> 384 bytes
 6 files changed, 39 insertions(+), 9 deletions(-)
 delete mode 100644 modules/system/services/secrets/tailscale.age
 create mode 100644 secrets/secrets.nix
 create mode 100644 secrets/tailscale.age

diff --git a/.gitattributes b/.gitattributes
index f1de662..6169e82 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,5 +1,12 @@
+# https://github.com/NotAShelf/nyx/blob/d407b4d6e5ab7f60350af61a3d73a62a5e9ac660/.gitattributes
+# Always use LF line endings so that if a repo is accessed
+# in Unix via a file share from Windows, the scripts will
+# work as expected.
+*.sh text eol=lf
+
 *.envrc
 *.lock -diff
+*LICENSE -diff
 
 *.age binary
 *.age linguist-detectable=false
diff --git a/modules/system/core/environment/user.nix b/modules/system/core/environment/user.nix
index e388c16..2308f03 100644
--- a/modules/system/core/environment/user.nix
+++ b/modules/system/core/environment/user.nix
@@ -1,6 +1,6 @@
 {pkgs, ...}: let
   keys = [
-    # polaris, cursed gpg to ssh key
+    # polaris, and one second... isn't this already on by default?
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMt/fj0+1c7Ktr9WQCqYHoi3jWSxV8/cwEUaT/92DA7q"
 
     # android phone, just for testing
diff --git a/modules/system/services/secrets/default.nix b/modules/system/services/secrets/default.nix
index 4c07462..914d92c 100644
--- a/modules/system/services/secrets/default.nix
+++ b/modules/system/services/secrets/default.nix
@@ -1,8 +1,9 @@
-{
-  # NOTE: move to separate folders if more than one!
+# NOTE: this is just the module configuration, for the actual secrets go back
+# ${self}/secrets is for the agenix cli tool only
+{self, ...}: {
   age.secrets = {
     tailscale-key = {
-      file = ./tailscale.age;
+      file = "${self}/secrets/tailscale.age";
       owner = "supeen";
       group = "users";
       mode = "400";
diff --git a/modules/system/services/secrets/tailscale.age b/modules/system/services/secrets/tailscale.age
deleted file mode 100644
index f545fb0..0000000
--- a/modules/system/services/secrets/tailscale.age
+++ /dev/null
@@ -1,5 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 Fz2FiA ZCSjlzJpl3pe7qsYusGjvq/BaUc2PNJ1UshNn8xviDc
-1NtgBhx6aToxwZ9A3lt+Jb8w3o43W8pvHD2+x4h/KqQ
---- Sv0Rb32KQ6aUCKaor3SvP7U9xSjYTnS9y73cY7YqtFM
-jǵ@;�8T�}� ���W	���|���L
���0�H��bZT�d����=k]�Q��ԟ"'N4���� �+1����{LbEQ�0|F��
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..489f74b
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,27 @@
+/*
+why is this necessary just to use the cli?
+is there a better way to do this?
+send help
+
+Let's document this here it I forget it for some reason
+
+For some unknown, dumb reason, I though that running `rm -rf ~/.ssh` would be a good idea.
+It wasn't, and so I had to find a way to recover my private key - it was stored on the gpg-agent still.
+Using `pgp2ssh`, you can derive it with just one command, and it has a flake as well!
+I just had some problems using a .gpg extension, but renaming it to priv.asc fixed it
+
+  `nix run github:pinpox/pgp2ssh`
+
+Also, here is the link to the repository it future me is feeling lazy (dumbass)
+  https://github.com/pinpox/pgp2ssh
+*/
+let
+  # User keys
+  supeen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGe2kpQYXqM0SG7QCiPN1vLeTehGL/l2BGYBrzDz8Ou6";
+
+  # Host keys
+  # agenix, why do I have to put this here if it's already my host key:?
+  polaris = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMt/fj0+1c7Ktr9WQCqYHoi3jWSxV8/cwEUaT/92DA7q";
+in {
+  "tailscale.age".publicKeys = [supeen polaris];
+}
diff --git a/secrets/tailscale.age b/secrets/tailscale.age
new file mode 100644
index 0000000000000000000000000000000000000000..937b9d50a964a0752754b67673cc3c703d50c2ae
GIT binary patch
literal 384
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTytjN!d3RFn-&n__!
za?Uk34fV@TF>|y`igYsZF|Q~}&T^{?GtJj8^a)FG%*_bM4&@5ZtPDxZcg_e+3^K~{
zjY`i;w=haAcFs$8$u@V%Gxm0L^$GFtPcJDpPe!-Rt;)zP(@`NS%-F)UC@ZTlDbd2%
zIV8tBJ-DhO*{H}Ov)srcJfPS+$t))^x1cnm(t;~DJ=`nM#~{ry$lKf~Kfuh=xT+vI
zKRq(i-8IF<yCPLv+q5*iEZ49&5@?&Qu0pAQxKpB;wq>@bS6)~|kc*L1UWIp=b9hF$
zu~~X~gu8P^cvz^uad>Ev0oS9|zbbAYRd{#U?|F!<^=y^4ujgAMURMZD?#Ov*r1)>P
zQ&ge-)lDb8M9+K;_rJ)QU%rsxaC0fMJ~zXMDGMIjc)j`YGh~CDep7hwPvzBX7G&?x
Row|olaIG^}o#VC}VE{D&jFSKW

literal 0
HcmV?d00001