diff options
| -rw-r--r-- | .sops.yaml | 2 | ||||
| -rw-r--r-- | home/nipsy/kaitain.nix | 32 | ||||
| -rw-r--r-- | home/nipsy/richese.nix | 24 | ||||
| -rw-r--r-- | home/root/kaitain.nix | 4 | ||||
| -rw-r--r-- | home/root/richese.nix | 4 | ||||
| -rw-r--r-- | hosts/kaitain/default.nix | 1 | ||||
| -rw-r--r-- | hosts/richese/default.nix | 1 | ||||
| -rw-r--r-- | hosts/secrets/kaitain.yaml | 12 | ||||
| -rw-r--r-- | hosts/secrets/richese.yaml | 12 |
9 files changed, 49 insertions, 43 deletions
@@ -69,5 +69,5 @@ creation_rules: - path_regex: ^hosts/secrets/richese.yaml$ key_groups: - age: - - *richese - *nipsy + - *richese diff --git a/home/nipsy/kaitain.nix b/home/nipsy/kaitain.nix index 11813e7..0cc9556 100644 --- a/home/nipsy/kaitain.nix +++ b/home/nipsy/kaitain.nix @@ -6,20 +6,22 @@ common/optional/secrets.nix ]; - home.file.".ansible.cfg".text = '' - [defaults] - forks=5 - timeout=600 + home.file = { + ".ansible.cfg".text = '' + [defaults] + forks=5 + timeout=600 + + [ssh_connection] + ssh_args=-o BatchMode=yes -o ControlMaster=auto -o ControlPersist=8h -o Compression=yes + control_path=/dev/shm/%%C + control_path_dir=/dev/shm + pipelining=True + ''; - [ssh_connection] - ssh_args=-o BatchMode=yes -o ControlMaster=auto -o ControlPersist=8h -o Compression=yes - control_path=/dev/shm/%%C - control_path_dir=/dev/shm - pipelining=True - ''; - - home.file.".mailcap".text = '' - text/html; elinks -dump %s; copiousoutput - application/pdf; pdftotext '%s' -; copiousoutput; description=Adobe Portable Document Format - ''; + ".mailcap".text = '' + text/html; elinks -dump %s; copiousoutput + application/pdf; pdftotext '%s' -; copiousoutput; description=Adobe Portable Document Format + ''; + }; } diff --git a/home/nipsy/richese.nix b/home/nipsy/richese.nix index 7f698d1..386b9aa 100644 --- a/home/nipsy/richese.nix +++ b/home/nipsy/richese.nix @@ -6,15 +6,17 @@ common/optional/secrets.nix ]; - home.file.".ansible.cfg".text = '' - [defaults] - forks=5 - timeout=600 - - [ssh_connection] - ssh_args=-o BatchMode=yes -o ControlMaster=auto -o ControlPersist=8h -o Compression=yes -o StrictHostKeyChecking=no - control_path=/dev/shm/%%C - control_path_dir=/dev/shm - pipelining=True - ''; + home.file = { + ".ansible.cfg".text = '' + [defaults] + forks=5 + timeout=600 + + [ssh_connection] + ssh_args=-o BatchMode=yes -o ControlMaster=auto -o ControlPersist=8h -o Compression=yes -o StrictHostKeyChecking=no + control_path=/dev/shm/%%C + control_path_dir=/dev/shm + pipelining=True + ''; + }; } diff --git a/home/root/kaitain.nix b/home/root/kaitain.nix index 72dbda0..cb4ed48 100644 --- a/home/root/kaitain.nix +++ b/home/root/kaitain.nix @@ -4,6 +4,10 @@ common/core ]; + home.file = { + "bin/knock".source = ../common/scripts/knock; + }; + nix.extraOptions = '' !include /run/secrets/nix-access-token-github ''; diff --git a/home/root/richese.nix b/home/root/richese.nix index 72dbda0..cb4ed48 100644 --- a/home/root/richese.nix +++ b/home/root/richese.nix @@ -4,6 +4,10 @@ common/core ]; + home.file = { + "bin/knock".source = ../common/scripts/knock; + }; + nix.extraOptions = '' !include /run/secrets/nix-access-token-github ''; diff --git a/hosts/kaitain/default.nix b/hosts/kaitain/default.nix index bb71d7a..76a7424 100644 --- a/hosts/kaitain/default.nix +++ b/hosts/kaitain/default.nix @@ -60,6 +60,7 @@ secrets = { "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; }; }; diff --git a/hosts/richese/default.nix b/hosts/richese/default.nix index a5648d6..cf42235 100644 --- a/hosts/richese/default.nix +++ b/hosts/richese/default.nix @@ -57,6 +57,7 @@ secrets = { "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; }; }; diff --git a/hosts/secrets/kaitain.yaml b/hosts/secrets/kaitain.yaml index 255695a..951aa75 100644 --- a/hosts/secrets/kaitain.yaml +++ b/hosts/secrets/kaitain.yaml @@ -1,9 +1,6 @@ nix-access-token-github: ENC[AES256_GCM,data:OcAY30aGdCEHyl6DW6mYOLI166w/bGBeTKQ645EG3lL0k1IHvu/ox/PG28AjlcCj4pZHeYxEVIYut6a9VoPNjRT3ohA=,iv:8kRcGkGm+6hWAQ0/0FwqDeS7i0GE8cyd0YsC9J6kl54=,tag:G1J/5pK9dQ2N29oz5byVuA==,type:str] +ssh_config: ENC[AES256_GCM,data:pm2kOAyplRTTlQdIGOrX0/T+dGWUH0XdoVdibWY8qGUzgQ80NYGWgM6bHm272OeMKrCLE+0Rtgjzt90HF7cj00V7ER1CK2hJaLmQypsGEBel3PkdhO9oPmSJk9TtydtAldMA/OQEAtZkVm2+1AGiGdvuwNF2PMyJUXSGxqU/uCLpGhQoQY3QGFytsrnsNbsmZplwg5+tT/JI+d56ol2Gm2hvYtEWX/2PunQR2nim0HHDuCLojxXIR1oLbz8l1MU6PsZMHIKvBMbn27OIC4AHFENWbvsKzxK5YZk6DOX+ZnRiyYQ36+ykzAaNXXXuvGufPbKMOySJ4GBKKvxtGd95HeDH8fknVUly5/MraVnjymTmVAQfUm3/eQPxAkA6Lno5UOmxeYUVjFC/fNlx9HDNLwSNze8Kvz/ugdAqfmxWo7wbmlDkFW+HJT2IzxbMDdEUmErBho0s8gYO,iv:8Vwujh30g9GYps+J8hkFHpL+viC088AGLdPCMzL2/LU=,tag:ES2GoIJYk7n0b8MV1tnn6g==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1fptscuj4qa39238xfvc7envgxr4cf29z3zaejp2v3q703tq45dasf8vadl enc: | @@ -23,8 +20,7 @@ sops: RUQzdEkrQTU1cC9OU1B3L1cva0JQTTQKzAuNy/7h5XyOIiQh/8fXfgri90dTW/qt wn/snTnrukwPaeQXsAHQDvzueYxSEtHqk0WYT8sOAfuzOQP7wGoGFg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-18T18:32:59Z" - mac: ENC[AES256_GCM,data:YHZ+rkkVX2CX1XgLKFvSEf1Hg6i6wJwNV2IdMx8kjyWSVjAx2PQjKvy/dLFsqspo1FF4Bo++jyaEn0yxuouVful12Q/6RAhf1HRDXK0TjPTWf/vsCw0Mlv/zcPOKMEPG4ltP6bSDG6WtTtFx3Ck6stQwepF2omoVT2E4kj1KONM=,iv:uHs5N9sMfPn4+ZEaU6BlioESWy/BijUfYHu/5UrA4H8=,tag:b/lwx7ex21Jw0knpuy1TPw==,type:str] - pgp: [] + lastmodified: "2025-06-24T17:03:24Z" + mac: ENC[AES256_GCM,data:rbADZdFAqxx6oONZaw8u9BF9ZMBHaCIUCysOa7qucuPnC4N50PbmxhpYZR3Nd0NOqDbkT0+8Ox1XxF6Aty+kxvd46V70WR9oibGJkxuWxyAohXAETv4XjZl8JOkQV8JvEDAzKNjEXbOUKiLRkU8PWfQ13ogshuCE4FYLzrQcNjo=,iv:/79wztsyRzv+g14KeuM/68ne9cKenVB4WX5DYxIGvnM=,tag:626pO+4jISMP5Z/PWcPuxQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/hosts/secrets/richese.yaml b/hosts/secrets/richese.yaml index 45bb5e0..a7aa1fc 100644 --- a/hosts/secrets/richese.yaml +++ b/hosts/secrets/richese.yaml @@ -1,9 +1,6 @@ nix-access-token-github: ENC[AES256_GCM,data:g+9Vi3SOLWFkZGb6KzlYdYmv9JSIoYd4OaOhAYZLrxlJKWqsa66Tc2z5dFWr/wyPbitxRAzQB1xRZI3CUbMWOWb06L8=,iv:kjdbr2KLLWfIsSNTCespLXdQ4BKm4caiRASaCYWKFHA=,tag:DBqjdPHnMCSa6obeSy0WzA==,type:str] +ssh_config: ENC[AES256_GCM,data:lNXNkmr0nWohTX+Zf4OpVCnFFaIafxqtz0a1p/mWHV+52W0pwS34vga4Xt1zd7tgaZChXPdU/QLVouIhoR/6o+cHlX/N7UIw5S5tg7uZfsMdxam1hs+VQzSunEYMpVTn9TmsrjUx/4ETKZLXQuA+cq3M/9sBsQYk6acJKstNKdyguG+QJJBddmaQOxp7+VUOELUWwOy3nJxldI1Asg95BXQImi4FLeRw9/iZKkgn0xUrCfljiXn5rC4Fpphebw/JkQMsbd7x/9fpK9wjNtUs/8MPXAIRYU6Ty912rYda5ALUpl4U8L2iRHwSmxriW42IdeRKXcmDtCAJMMN5LyWewqAc36RUwzd7G8ihEweZgRTibRIwYOPuYC10IihX5ccojjDakbMPDx/fhOHRlp6qjRHzB/4qonRbyr+f9CR9of8l6l+VAO9k69BeYjlbfvZOlDMWELGTmdKE,iv:JNcvLKSZ6xhrERXixIIOGlyQMrvT7D9W2zneNSTTjfw=,tag:iMHQNJVEShgUA1L5/3dm4g==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1wv08vfv7mlwkhkn2pkq0gd94a3wz0gc3x3eq0szxem05xg05nfhq2glvv9 enc: | @@ -23,8 +20,7 @@ sops: MGt6VkNzc3hGU2FDVWxsM1Rqdk9qTkEKA5viW8YGBdqvLVLYEdzLWWggxQ2BrDOa atzlSR0WjUsK316X4HtVMyllk0FvLy4QdUP40/XLgd5DpxZZds3OiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-18T18:32:48Z" - mac: ENC[AES256_GCM,data:VvcWlUPFgdQ/YAioKnZzK69PYulZanKNQOan3cHLF8BRehkw1VvVFAmPW0cPLY66cMXFma9rFxaP5XAdRojs2J4ViOgzbhrCHYTVCSA3VTcgBZRTPAfTggztwoPKic0EhE2HxfykhQCrPVxqa23Z25x4q1LuWskE+BMbGubPSP0=,iv:bJnO2oE3ogvpXjCUFKd/+5RXO2udL5a2UXdBdb5Wfec=,tag:dbZR0/BQpPAL996Siyta/A==,type:str] - pgp: [] + lastmodified: "2025-06-24T17:04:43Z" + mac: ENC[AES256_GCM,data:JdElb6C5lvdOXouz10CLgYkmYnqlY0swPivTETGG631MKq08bzkc5zusmkBnHdQ8m/tO7R9JXYzOqoMIrrfgWQ+W2Du6m60BLOcRxGJVsFhcf1yb6GrM47NT/HAyyKUgJloDKJUQL10rrD8mPzCa475OBjebkJ7ycqKiyQV1cr4=,iv:raIutEF8Kv9lxkcboZ/8LzCA7JkfO4pXRRYRJJDz8KQ=,tag:7eTo1a6Kt+ac1Nz+2xfmZg==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 |