diff --git a/modules/hosts/yggdrasil/default.nix b/modules/hosts/yggdrasil/default.nix index f6b36ce..b627bff 100644 --- a/modules/hosts/yggdrasil/default.nix +++ b/modules/hosts/yggdrasil/default.nix @@ -63,8 +63,21 @@ topLevel: { root ]; + sops.secrets = { + "remotebuild/private-key" = { + sopsFile = ../../../secrets/secrets.yaml; + owner = "cholli"; + mode = "0400"; + }; + + "cholli/private-key" = { + sopsFile = ../../../secrets/secrets.yaml; + mode = "0600"; + }; + }; + fileSystems."/mnt/pi_share" = { - device = "cholli@nixberry:/storage/"; + device = "cholli@192.168.178.2:/storage/"; fsType = "sshfs"; options = [ @@ -76,17 +89,10 @@ topLevel: { # SSH options "reconnect" # handle connection drops "ServerAliveInterval=15" # keep connections alive + "IdentityFile=${config.sops.secrets."cholli/private-key".path}" ]; }; - sops.secrets = { - "remotebuild/private-key" = { - sopsFile = ../../../secrets/secrets.yaml; - owner = "cholli"; - mode = "0400"; - }; - }; - nix = { distributedBuilds = true; settings.builders-use-substitutes = true; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index e46596b..970b646 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -3,6 +3,8 @@ samba: cholli: ENC[AES256_GCM,data:x2fZ8VcSAcelCj9/Tjp2I1KNeLo=,iv:66Je1+TL6jtnC+LZS3747yq/c6zI4FwlBXH1BjIFeDk=,tag:+vujtFcdKTcsyBisC/UyNA==,type:str] remotebuild: private-key: ENC[AES256_GCM,data:kLF+Mo5EIS5mu8be0nDVRTAb7mzt6dtEL56aG4mV2BxLRcyUZXs7eCbj7j7sOpjqz0k8m+1lHAouvNjyzxANeH10/R3Fy3GZqeWtgJSOEQE3biZaD3dqz0e3Gv3ib/Y0yNYTafosCmn6CmPIsVfiE/dfS1oM2Ksrf/AQ3ufPKIdV0h+p5SK6LnhpBqxgIf7s3MFbBzR+iEgxn1jnmCLaoVqNXhO2tmQqgmRHyh2kHruFj9ZwUi6mWDBie7zX7qlOt/m9p5QN/v5KWn4CfMDWzMlSTYdjEd6lUlP8UC35MJafVT59ioF+ueqePhr4DyDR7d+Cg6Z/iNHWiSH1z17p4Rxt3D4IAverqcd1i8c92C8S4NJKvtWRyfMgZMB3/iG2ZqrLcJXlxrZZKZ9X5B+y5a0Ljb+Vg00V68ktFISt7vAsK79Qy/QjHCotXY0uugkeaGnxS1qhig5tmXdxD+OKk/cJt0kqYEyUFKVQf9unr6xaD2IuOkFKyp/fYhU5LfS0uiAt99ENrfNrIRdHAsUvgWW6Sq7qSVmjkLfU,iv:mlYWlmFT0Ybmn26Spqri5E9zRkrBweV6bWvvByLnIvs=,tag:tdB7dw+GMnr5/8fXoem10w==,type:str] +cholli: + private-key: ENC[AES256_GCM,data:RN/SV4FLyA8KgDfZb4pcN0lsTolpXEaTmTN0WKQ+rzeYiHKKCOqPswnABEcTylgkQk+E2Jup0O7jeNlvcLd5tnVW+K/a+rmGTlyCaLcZE69JjCPvnA+p4ionwkhKHc/jdvZ8YkO5B4I6rnGanBXs3g5WbHjZ4jfLW71hR4IAjXAj5BVGhZiWjViAEfsyIqISXzqPwcbvW6mfJPN5QOP7V+oCTrJVkUPxYrVetrooNgf2/n67qumkRT3RQF12h05zLLdOFWVVX0na5iX/M4Ajl7XTOsA6OnqkDLwRd43QYW29Mu7OYwVlPAsf/qv096cYDKY8lAa6EXgiBi89i4fDjWZ27D7/C/TDbbewCjlZ2dm/T/A9YT9lg7BLBBGywnWm0Xjjt2lNsf+0YEuBxl7IQOU4/pmhMllT5HBomYsBwIdqv+yujVbRd9UW/lelBZftfKxJv5GAkhTENcLchHb/ZlE4Z4n0xELtKx0kgahjhO2C6R2mj3vd1KXP6YFWZkcaYEmq,iv:QiORyyu8SOxn1co8wUySpVU24GkyN19DaYWXpxgApgI=,tag:kzs1tjlmBrN86pCECVMfjg==,type:str] sops: age: - recipient: age1pc92kl38mfr0j68dxww7tpzvqp3lpw6lwfylj6hn2k3rf4rddgtsjxdx47 @@ -41,7 +43,7 @@ sops: SzFFeFVFcVBzWWRIajQrSHhjTzR6U1kKml6XZjf2DeNqfLazpCU3qXN0ak+kIbM6 7wuEOmWZCTD++CI/Fdb/TjgAJeJ7u3Dtd1I4+xi0f/9BEL4+mwFxWA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-04T08:42:30Z" - mac: ENC[AES256_GCM,data:xXdrF1yI19G06GMmL9ZpOVIQGTN0uYpru5weMyFnvSc6Igt+GLznht9V4qIRHLW8gRhd+sfSfNvXptn0FbS9HdI5MfIDTvLLC1nVRVtvPPcWiYPKo5lqiFnCh5HV/3UBNVO+7Wz1/m1JtXEptc1cYhpx2JmFPSvH9dQXedGSgec=,iv:iyc2s2CNYNL1XsryV0a5hQN3Woc5bCjrVtfH7bLDVoo=,tag:4B03cEYJstryEJwHxWhrDw==,type:str] + lastmodified: "2025-12-05T08:30:43Z" + mac: ENC[AES256_GCM,data:LTyEkbTw+SVqAqpB2Zl8slxMM18OOIY3R76iPySkhhtUfwnki7fMExjuniq7tsMJfT4Ssp2jvSsNERsxbhxs/96OnH/CQtDva7N64yW3AM7nn5Ha6vb82YeNWcq2+aEqt1l2AF1Kva6lFzBz4tWT6lfHpfEQonpAOdLxT55dspo=,iv:dTnvZOKZUPYYGKqWS6TbrQMOJnzSCrBcZ0Tul56Da2c=,tag:32HcHZhjLHvov+Rb+cNkcw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0