fix: factor ssh keys in one place

mrnossiom · May 6, 2024 · bfdba41 · bfdba41
1 parent d2d97f0
commit bfdba41
Show file tree

Hide file tree

Showing 8 changed files with 29 additions and 27 deletions.
diff --git a/Justfile b/Justfile
@@ -9,5 +9,3 @@ build:
 
 check: build
 	@unlink result
-
-# TODO: custom rekey entry to rekey every secret avoiding to retype it everytime
diff --git a/flake.nix b/flake.nix
@@ -43,6 +43,7 @@
       forAllSystems = genAttrs [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" ];
       forAllPkgs = function: forAllSystems (system: function pkgs.${system});
 
+      keys = import ./secrets/keys.nix;
       flakeLib = import ./lib/flake (nixpkgs // { inherit self; });
 
       # This sould be the only constructed nixpkgs instance in this flake
@@ -69,28 +70,23 @@
       lib = forAllPkgs (import ./lib);
 
       nixosConfigurations = with flakeLib;
-        let
-          userKeys = [
-            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdt7atyPTOfaBIsgDYYb0DG1yid2u78abaCDji6Uxgi"
-          ];
-        in
         {
           # Desktops
           "neo-wiro-laptop" = createSystem pkgs."x86_64-linux" [
             (system "neo-wiro-laptop" "laptop")
             (managedDiskLayout "luks-btrfs" { device = "nvme0n1"; swapSize = 12; })
-            (user "milomoisson" { description = "Milo Moisson"; profile = "desktop"; keys = userKeys; })
+            (user "milomoisson" { description = "Milo Moisson"; profile = "desktop"; keys = keys.users; })
           ];
 
           "archaic-wiro-laptop" = createSystem pkgs."x86_64-linux" [
             (system "archaic-wiro-laptop" "laptop")
-            (user "milomoisson" { description = "Milo Moisson"; profile = "desktop"; keys = userKeys; })
+            (user "milomoisson" { description = "Milo Moisson"; profile = "desktop"; keys = keys.users; })
           ];
 
           # # Servers
           # "weird-row-server" = createSystem pkgs."x86_64-linux" [
           #   (system "weird-row-server" "server")
-          #   (user "milomoisson" { description = "Milo Moisson"; profile = "minimal"; keys = userKeys; })
+          #   (user "milomoisson" { description = "Milo Moisson"; profile = "minimal"; keys = keys.users; })
           # ];
         };
 

diff --git a/home-manager/profiles/desktop.nix b/home-manager/profiles/desktop.nix
@@ -174,8 +174,8 @@ in
     home.file."${config.home.sessionVariables.CARGO_HOME}/config.toml".source = toml-format.generate "cargo-config" {
       build.rustc-wrapper = getExe' pkgs.sccache "sccache";
 
-      registry.global-credential-providers = ["cargo:token-from-stdout cat ${config.age.secrets.api-crates-io.path}"];
-      
+      registry.global-credential-providers = [ "cargo:token-from-stdout ${pkgs.writeShellScript "get-crates-io-token" "cat ${config.age.secrets.api-crates-io.path}"}" ];
+
       source = {
         local-mirror.registry = "sparse+http://local.crates.io:8080/index/";
         # crates-io.replace-with = "local-mirror";

diff --git a/nixos/hardware/neo-wiro-laptop.nix b/nixos/hardware/neo-wiro-laptop.nix
@@ -1,4 +1,8 @@
-{ self, config, lib, ... }:
+{ self
+, config
+, lib
+, ...
+}:
 
 let
   inherit (self.outputs) nixosModules;

diff --git a/nixos/modules/nix.nix b/nixos/modules/nix.nix
@@ -35,10 +35,12 @@ with lib;
         extra-substituters = [
           "https://nix-community.cachix.org"
           "https://mrnossiom.cachix.org"
+          "https://radicle.cachix.org"
         ];
         extra-trusted-public-keys = [
           "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
           "mrnossiom.cachix.org-1:WKo+xfDFaT6pRP4YiIFsEXvyBzI/Pm9uGhURgF1wlQg="
+          "radicle.cachix.org-1:x7jrVNzziAP6GAAJF2wvgJBndqRhmh2EylgWr93ofx0="
         ];
       };
     };

diff --git a/nixos/profiles/laptop.nix b/nixos/profiles/laptop.nix
@@ -1,5 +1,4 @@
-{ self
-, lib
+{ lib
 , config
 , pkgs
 , ...

diff --git a/secrets/keys.nix b/secrets/keys.nix
@@ -0,0 +1,14 @@
+rec {
+  # Machine SSH key (/etc/ssh/ssh_host_ed25519_key.pub)
+  archaic = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDuBHC0f7N0q1KRczJMoaBVdY0JFOtcpPy6WlYsoxUh";
+  neo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR1/9o1HLnSRkXt3xxAM5So1YCCNdJpBN1leSu7giuR";
+  systems = [ archaic neo ];
+
+  # Sessions specific age key (~/.ssh/id_home_manager.pub)
+  neo-milomoisson = "age1vz2zmduaqhaw5jrqh277pmp36plyth8rz5k9ccxeftfcl2nlhalqwvx5xz";
+  sessions = [ neo-milomoisson ];
+
+  # User keys (~/.ssh/id_ed25519.pub)
+  milomoisson = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdt7atyPTOfaBIsgDYYb0DG1yid2u78abaCDji6Uxgi";
+  users = [ milomoisson ];
+}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
@@ -1,16 +1,5 @@
 let
-  # Machine SSH key (/etc/ssh/ssh_host_ed25519_key.pub)
-  archaic = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDuBHC0f7N0q1KRczJMoaBVdY0JFOtcpPy6WlYsoxUh";
-  neo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR1/9o1HLnSRkXt3xxAM5So1YCCNdJpBN1leSu7giuR";
-  systems = [ archaic neo ];
-
-  # Sessions specific age key (~/.ssh/id_home_manager.pub)
-  neo-milomoisson = "age1vz2zmduaqhaw5jrqh277pmp36plyth8rz5k9ccxeftfcl2nlhalqwvx5xz";
-  sessions = [ neo-milomoisson ];
-
-  # User keys (~/.ssh/id_ed25519.pub)
-  milomoisson = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdt7atyPTOfaBIsgDYYb0DG1yid2u78abaCDji6Uxgi";
-  users = [ milomoisson ];
+  inherit (import ./keys.nix) users systems sessions;
 
   nixos = systems ++ users;
   home-manager = sessions ++ users;