sops: darwin: switch to SSH host keys
I've decided to just create some ssh host keys via `sudo ssh-keygen -A` to make the key management parallel to linux hosts.
This commit is contained in:
parent
de64d0d8d6
commit
fe50bf0b58
4 changed files with 41 additions and 41 deletions
15
.sops.yaml
15
.sops.yaml
|
|
@ -1,21 +1,24 @@
|
|||
# XXX: missing: macbook, thinknix?, at some point mobile
|
||||
# XXX: missing: thinknix?, at some point mobile
|
||||
# XXX: consider key groups
|
||||
keys:
|
||||
- &admins age1q80zzsgglj438verw74jghezn8ndpqldvg0mfxzwtaq4v5h7apusqysavz #framenix
|
||||
- &workmac age1fft2ynhazjwtjmxsvt37qervtekktdln2968gjp4vcp5sp3jeg5segkz3x #workmac
|
||||
- &admin_framenix age1q80zzsgglj438verw74jghezn8ndpqldvg0mfxzwtaq4v5h7apusqysavz #framenix
|
||||
- &admin_workmac age1fft2ynhazjwtjmxsvt37qervtekktdln2968gjp4vcp5sp3jeg5segkz3x #workmac
|
||||
# Generate AGE keys from SSH keys with:
|
||||
# nix-shell -p ssh-to-age --run 'ssh some.example.com cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
|
||||
- &machine_framenix age1kx93vp8l8jd6kz0kvk379udr5z8a9t6946w0ff5t9a2esn47nqzqlfzvwe
|
||||
- &machine_workmac age1rpygw5lkhc0a5hq8fuhjzy57ls7pn5u76097z6g2p4nmlctl8pvsxrztd8
|
||||
creation_rules:
|
||||
# per-host secrets for host specific ones, but for service modules we could store and manage them also per module scope
|
||||
- path_regex: hosts/framenix/secrets\.(yaml|json|env|ini)$
|
||||
key_groups:
|
||||
- age:
|
||||
- *admins
|
||||
- *admin_framenix
|
||||
- *machine_framenix
|
||||
- path_regex: common/secrets\.(yaml|json|env|ini)$
|
||||
key_groups:
|
||||
- age:
|
||||
- *admins
|
||||
- *workmac
|
||||
- *admin_framenix
|
||||
- *admin_workmac
|
||||
- *machine_workmac
|
||||
- *machine_framenix
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue