diff --git a/inventories/default.nix b/inventories/default.nix index f1c0ddb..a6aac59 100644 --- a/inventories/default.nix +++ b/inventories/default.nix @@ -17,6 +17,17 @@ inventory = { instances = { + admin = { + module = { + name = "admin"; + input = "clan-core"; + }; + roles.default.tags."all" = { }; + roles.default.settings.allowedKeys = { + "kurogeek" = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcZ/p1Ofa9liwIzPWzNtONhJ7+FUWd2lCz33r81t8+w kurogeek@kurogeek"; + }; + }; pocket-id = { module = { @@ -62,13 +73,6 @@ roles.default.machines.b4l = { }; }; }; - - services = { - admin = { - default.config.allowedKeys = [ ]; - }; - }; - }; }; } diff --git a/vars/per-machine/b4l/openssh/ssh.id_ed25519.pub/value b/vars/per-machine/b4l/openssh/ssh.id_ed25519.pub/value new file mode 100644 index 0000000..a5926ed --- /dev/null +++ b/vars/per-machine/b4l/openssh/ssh.id_ed25519.pub/value @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJvB61pqXooAu5jDLG9agMTXBRdSPWrX/2yARnCPWwta diff --git a/vars/per-machine/b4l/openssh/ssh.id_ed25519/machines/b4l b/vars/per-machine/b4l/openssh/ssh.id_ed25519/machines/b4l new file mode 120000 index 0000000..72e1b85 --- /dev/null +++ b/vars/per-machine/b4l/openssh/ssh.id_ed25519/machines/b4l @@ -0,0 +1 @@ +../../../../../../sops/machines/b4l \ No newline at end of file diff --git a/vars/per-machine/b4l/openssh/ssh.id_ed25519/secret b/vars/per-machine/b4l/openssh/ssh.id_ed25519/secret new file mode 100644 index 0000000..f3d2978 --- /dev/null +++ b/vars/per-machine/b4l/openssh/ssh.id_ed25519/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:DWmQdG4FDFczm/aCY7WT/p4ysuF6aY/7nprvN8frhEnD6tuu++IEfE2XVNpEDka91rYf4XZrGXrVK8nWdi5AEbFIvXJC1JaZD4dTkBE1F4aJSSXsL3PxBZ1pIUWsLQ9QZ9pzuhVPgGuCS75+44pAGCtYnOPwNPOH1PeMEKVCeEwMKmQKPpqFKz9SpqOZFmzS+qgjm3Jic9dCcsiJoDHobmE3Olp+PZ9mJksOUG75ATXJ3zJ/8gUt39pAJUy2jYHscEECNMc/PuJg4dSZua5M0y+J9vwB6MVhAiyuPj8Ac7SMwbTB8l65Tko9GWR6CknF+4z8ky/EtbY/2hO18tkVLegRwM7UvqFWxXFIC79KCiC1+/pG5BUdOhIzlYwohn9BZjWgdzcy6Sg9cSgJWuDC7rX94vTcV65If7is5bGvAsNB2L5CCoPfq+dU3KNsFwo7mlFOyA69NLYqZEV3EhKdqn4uj5Y9qGqvCz8ew0Y2NP7BgkpsR1qyFqYoIYPhRlC4Iy14,iv:jUBLVPSN+FkcRdkKq8l99udzTOHEio8KZSc4pBOYHgc=,tag:Ml3Fr8Qj2ZjwpE6CYju5Lg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqZWc0RjBSVzhFSWpIUThG\nTEY3eURDSnhtMVdPOUZBZWY3UWFjdmsydFQ0ClF4dGUrM2FLZWtuNWVmVVFodUZY\nYm5aNy82UktHOGoyOENXMVYyMGJWc28KLS0tIE1qRDY5L3AxSnMwZ1J4STZRcUt5\nWjJad1dpVTY0Z042aUFKWE93eHlJbmMKBWKpYztqSKuOLPx1hXE9BqEQbdZJwQF/\nrWpAzjVvVHnVA/CfqXOMzGqQKc98lIZeJEBGxRWNHZBMbf4QrE8eIg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4d1FRYSt0czRoZjBWYXRl\ndjIraUdKV1E0RUtFVStmSVYzT0FZU3MxTWw0CnVDcXYrUXQyVmVlSmNtWVNTbDF5\nZGRrU0JCV1ZhVkt6YUpOU1dKZ2N2QTQKLS0tIDdsamZGNGZ6T2dpVWhvdVI2b1JJ\nUm5DTFN6dExhL28yRjk3djZ2a3N2amcKm0Tm6wE6BJ4tKvwAAGdlSTGCwZD12ME7\n02UJt2KC8RcNWwWuBngkKSDRim8LMwanl3vFjPkXVCsubyRLCdnaxg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-07-25T01:45:44Z", + "mac": "ENC[AES256_GCM,data:LiwF9nG5VEV8D6ALNGAhMJrPiGC3hCCURNbe/BOh2t1QeaNJhZFhv6ZYYJPjoDDSZYrgVFMSnG9GqfwL7weTNHPseTxBxzVxU7dW2cW1Ic4CEGR0EstuSINZmGAEMPJPG/sBxG0VfrgCpduWI3OVQ6GDgj6Jue5dwFAY+HMaF8M=,iv:miSt6E3INXBpnhTJIJ+yd5dqEhCiyKnw5yRURMBRte0=,tag:sOb2O4EtHk94m6XlXs9EMQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/b4l/openssh/ssh.id_ed25519/users/kurogeek b/vars/per-machine/b4l/openssh/ssh.id_ed25519/users/kurogeek new file mode 120000 index 0000000..970aefa --- /dev/null +++ b/vars/per-machine/b4l/openssh/ssh.id_ed25519/users/kurogeek @@ -0,0 +1 @@ +../../../../../../sops/users/kurogeek \ No newline at end of file