bah

2025-04-04 22:52:46 -04:00
parent 816d8a54df
commit e2fab02d40
8 changed files with 66 additions and 33 deletions
--- a/systems/x86_64-linux/nixos-builder/default.nix
+++ b/systems/x86_64-linux/nixos-builder/default.nix
@@ -1,6 +1,8 @@
-{ namespace, pkgs, lib, ... }:
+{ namespace, config, pkgs, lib, ... }:
 let
  inherit (lib.${namespace}) enabled;
+
+  cfg = config.${namespace}.user;
 in
 {
  reichard = {
@@ -16,17 +18,38 @@ in
      networking = enabled; # TODO - Network Config
    };

+    security = {
+      sops = {
+        enable = true;
+        sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+        defaultSopsFile = lib.snowfall.fs.get-file "secrets/nixos-builder/default.yaml";
+      };
+    };
+
    services = {
      openssh = {
        enable = true;
        authorizedKeys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIe1n9l9pVF5+kjWJCOt3AvBVf1HOSZkEDZxCWVPSIkr evan@reichard"
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGGGpRpDQRstoqnCAQioSnh6PZRzNQL7lGJHksIkcoF builder"
+          # MBP-Personal NixOS
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY"
+          # NixOS Builder
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDF8QjeN8lpT+Mc70zwEJQqN9W/GKvTOTd32VgfNhVdN"
        ];
      };
    };
  };

+  users.users.${cfg.name} = {
+    openssh = {
+      authorizedKeys.keys = [
+        # MBP-Personal NixOS
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY"
+        # NixOS Builder
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDF8QjeN8lpT+Mc70zwEJQqN9W/GKvTOTd32VgfNhVdN"
+      ];
+    };
+  };
+
  networking = {
    defaultGateway = {
      address = "10.0.50.254";
@@ -44,4 +67,7 @@ in
    tmux
    vim
  ];
+
+  time.timeZone = "America/New_York";
+  system.stateVersion = "24.11";
 }