From e8e02c906c2264c17e6ac37e24c4598888c30717 Mon Sep 17 00:00:00 2001 From: niten Date: Mon, 18 Oct 2021 08:41:11 -0700 Subject: [PATCH] Working encrypted sea-store --- fudo-home | 2 +- fudo-nixos | 2 +- seattle/flake.lock | 31 +++++++++++++------------------ seattle/flake.nix | 17 ++++++++++++++--- 4 files changed, 29 insertions(+), 23 deletions(-) diff --git a/fudo-home b/fudo-home index 330d0a0..1ba24b9 160000 --- a/fudo-home +++ b/fudo-home @@ -1 +1 @@ -Subproject commit 330d0a014f14b2cf65aeb853729f779ce4edb0a7 +Subproject commit 1ba24b9571aaad13bc91e27fce0096a66bdcb677 diff --git a/fudo-nixos b/fudo-nixos index 0330f6a..3d5d7e3 160000 --- a/fudo-nixos +++ b/fudo-nixos @@ -1 +1 @@ -Subproject commit 0330f6ae7806e9c7418f65bcb78ef93d634f0897 +Subproject commit 3d5d7e389eceb5613b314bf084eed6667f0fa8f9 diff --git a/seattle/flake.lock b/seattle/flake.lock index eb5715b..db29a2d 100644 --- a/seattle/flake.lock +++ b/seattle/flake.lock @@ -226,11 +226,11 @@ ] }, "locked": { - "lastModified": 1634065164, - "narHash": "sha256-r32yoecnAuM1aDLtOIW89IYD9gve+HF8PEtA1s0SA5g=", + "lastModified": 1634504012, + "narHash": "sha256-MbU+ZDyp+sxaFMBs0QH04nieh3vvyC9lzSn9fDk1+zM=", "ref": "flake", - "rev": "330d0a014f14b2cf65aeb853729f779ce4edb0a7", - "revCount": 34, + "rev": "1ba24b9571aaad13bc91e27fce0096a66bdcb677", + "revCount": 37, "type": "git", "url": "https://git.fudo.org/niten/nix-home.git" }, @@ -243,18 +243,13 @@ "fudo-nixos": { "flake": false, "locked": { - "lastModified": 1634320727, - "narHash": "sha256-F/6NRlObZ3MAooVsd9LWHQ0zy8ExiBph5WfBKBRnR5Q=", - "ref": "nixops-flake", - "rev": "0330f6ae7806e9c7418f65bcb78ef93d634f0897", - "revCount": 323, - "type": "git", - "url": "ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git" + "narHash": "sha256-CjAIAldxjdR7mmPLhUWqQwjMLYI81fFHhE8tlfw3hGc=", + "path": "/state/nixops/fudo-nixos", + "type": "path" }, "original": { - "ref": "nixops-flake", - "type": "git", - "url": "ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git" + "path": "/state/nixops/fudo-nixos", + "type": "path" } }, "fudo-pkgs": { @@ -282,7 +277,7 @@ "ssh-keypairs": "ssh-keypairs" }, "locked": { - "narHash": "sha256-nUKoSR+Xpl+pm/iVu8vOL0MmgKDb2bBdA86P+2d8g6U=", + "narHash": "sha256-m1PDoHAJ+FSB38iM2hE43w5mEKz4KyFzar5pgjrowAc=", "path": "/state/secrets", "type": "path" }, @@ -375,11 +370,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1634115022, - "narHash": "sha256-K9DZMQ47VRrg9gtTPwex5p0E8LnwM/dDkNe7AQW0qj0=", + "lastModified": 1634327140, + "narHash": "sha256-d5L7oMjUVC6VU0cQMsF0tceAPkmzuAQ51DWBFNChbEQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "564cb4d81d4f734dd068684adec5a60077397fe9", + "rev": "83667ff60a88e22b76ef4b0bdf5334670b39c2b6", "type": "github" }, "original": { diff --git a/seattle/flake.nix b/seattle/flake.nix index a81dc1e..846db5d 100644 --- a/seattle/flake.nix +++ b/seattle/flake.nix @@ -16,8 +16,8 @@ fudo-pkgs.url = "git+https://git.fudo.org/fudo-public/fudo-pkgs.git"; fudo-nixos = { - # url = "path:/state/nixops/fudo-nixos"; - url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake"; + url = "path:/state/nixops/fudo-nixos"; + # url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake"; # Don't import it as a flake flake = false; }; @@ -75,7 +75,18 @@ nixpkgs.pkgs = pkgs-for system; - deployment.targetHost = network-hosts.${hostname}.ipv4-address; + deployment = with lib; { + targetHost = network-hosts.${hostname}.ipv4-address; + + keys = if (hasAttr hostname config.fudo.secrets.files.host-filesystem-keys) + then + mapAttrs (secret: secret-file: { + keyFile = secret-file; + user = "root"; + permissions = "0400"; + }) config.fudo.secrets.files.host-filesystem-keys.${hostname} + else {}; + }; }) hosts); }; }