From eb1d563c351f45b1d935219b9373bbe2a0cc315b Mon Sep 17 00:00:00 2001 From: Swarsel Date: Tue, 10 Dec 2024 18:04:34 +0100 Subject: [PATCH] chore: update ssh keys structure --- SwarselSystems.org | 13 +-- profiles/remote/oracle/sync/nixos.nix | 4 +- profiles/server/common/nixos/ssh.nix | 9 +- .../gpg-public-key-0x76FD3810215AE097.asc | 109 ------------------ secrets/keys/{ => gpg}/gpg-owner-trust.txt | 0 .../gpg-public-key-0x76FD3810215AE097.asc} | 0 secrets/keys/{ => ssh}/magicant.pub | 2 +- secrets/keys/ssh/nbl-imba-2.pub | 1 + 8 files changed, 14 insertions(+), 124 deletions(-) delete mode 100644 secrets/keys/gpg-public-key-0x76FD3810215AE097.asc rename secrets/keys/{ => gpg}/gpg-owner-trust.txt (100%) rename secrets/keys/{public.asc => gpg/gpg-public-key-0x76FD3810215AE097.asc} (100%) rename secrets/keys/{ => ssh}/magicant.pub (61%) create mode 100644 secrets/keys/ssh/nbl-imba-2.pub diff --git a/SwarselSystems.org b/SwarselSystems.org index 8314136..4c2b78b 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -1356,10 +1356,10 @@ I have removed most of the machines from this section. What remains are some hos }; services.openssh = { enable = true; - settings.PermitRootLogin = "yes"; + # settings.PermitRootLogin = "yes"; }; users.users.root.openssh.authorizedKeys.keyFiles = [ - ../../../../secrets/keys/authorized_keys + ../../../../secrets/keys/ssh/nbl-imba-2.pub ]; system.stateVersion = "23.11"; # TEMPLATE - but probably no need to change @@ -4312,15 +4312,14 @@ Also, the system state version is set here. No need to touch it. { services.openssh = { enable = true; - settings.PermitRootLogin = "yes"; }; users.users.swarsel.openssh.authorizedKeys.keyFiles = [ - (self + /secrets/keys/authorized_keys) - (self + /secrets/keys/magicant.pub) + (self + /secrets/keys/ssh/nbl-imba-2.pub) + (self + /secrets/keys/ssh/magicant.pub) ]; users.users.root.openssh.authorizedKeys.keyFiles = [ - (self + /secrets/keys/authorized_keys) - (self + /secrets/keys/magicant.pub) + (self + /secrets/keys/ssh/nbl-imba-2.pub) + (self + /secrets/keys/ssh/magicant.pub) ]; } diff --git a/profiles/remote/oracle/sync/nixos.nix b/profiles/remote/oracle/sync/nixos.nix index 22c8dbd..e446331 100644 --- a/profiles/remote/oracle/sync/nixos.nix +++ b/profiles/remote/oracle/sync/nixos.nix @@ -108,10 +108,10 @@ }; services.openssh = { enable = true; - settings.PermitRootLogin = "yes"; + # settings.PermitRootLogin = "yes"; }; users.users.root.openssh.authorizedKeys.keyFiles = [ - ../../../../secrets/keys/authorized_keys + ../../../../secrets/keys/ssh/nbl-imba-2.pub ]; system.stateVersion = "23.11"; # TEMPLATE - but probably no need to change diff --git a/profiles/server/common/nixos/ssh.nix b/profiles/server/common/nixos/ssh.nix index 27e0224..48e98ab 100644 --- a/profiles/server/common/nixos/ssh.nix +++ b/profiles/server/common/nixos/ssh.nix @@ -2,15 +2,14 @@ { services.openssh = { enable = true; - settings.PermitRootLogin = "yes"; }; users.users.swarsel.openssh.authorizedKeys.keyFiles = [ - (self + /secrets/keys/authorized_keys) - (self + /secrets/keys/magicant.pub) + (self + /secrets/keys/ssh/nbl-imba-2.pub) + (self + /secrets/keys/ssh/magicant.pub) ]; users.users.root.openssh.authorizedKeys.keyFiles = [ - (self + /secrets/keys/authorized_keys) - (self + /secrets/keys/magicant.pub) + (self + /secrets/keys/ssh/nbl-imba-2.pub) + (self + /secrets/keys/ssh/magicant.pub) ]; } diff --git a/secrets/keys/gpg-public-key-0x76FD3810215AE097.asc b/secrets/keys/gpg-public-key-0x76FD3810215AE097.asc deleted file mode 100644 index 7ced3de..0000000 --- a/secrets/keys/gpg-public-key-0x76FD3810215AE097.asc +++ /dev/null @@ -1,109 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBGUGVBIBEADDpv7vQpXqxKU1xIo//KtTHpeLxQ0V1KYGRA8uKJCsu5SUgCza -R1CaSfPZ0lIikpXJ6G4Mi7l9orLZUvidfCq6pvdje6kJjv9IEp41bcdYrhMQVfm8 -jeqFGJhMxobUY6Ca3gx+6gXVjchMFS3fGcGxvHSjkiVeeLEcilZ9oYQu/fvcDhqz -GVNB1dlNH/ddECtp5mKMeYVuou8rWKUIO2YkTwj/mRjgoggZZyifYMMFIfYRGKHS -wNakmcduTCGpgO5rnD61Q+m3zbtu6oxJb1gqvKiJ1a8ZdtGs6e5jWh0ob0oNxeo0 -iJby2RKDtVSlJ0vXEc9vVxemHH2xBMkd46sy+6UZx33Kuy09DL12KioM48CGNBbT -Z2kcRoTY8zCV7XCpAnMuPEqDtARUZhtSwReXKgQxbjYYesQeO3KrpDO8yaAaBXJu -PWeb4UzE+d0JcfzfuW0mAvGre5nozHfXXc2AmX8iI3dXB5jkO4YyP7tdvcvbq5PZ -73ocbLsHijreR1tfwXquP5QfDHgfkl+gKIxi2X8LL/6DrhAARzd7xHtBBAVoQbWB -AxhhezjjDi4Oy4WyO7rZuFstWgmYWEN6S6MHnpMmORRM8GyLKcVW+VUkws6oqhuW -rIqULVWvZyWh9Rcz9Pawv6V6v8u58eWQYdQLhx425T2IM9ci5IOF5pJlJQARAQAB -tC9MZW9uIFNjaHdhcnrDpHVnbCA8bGVvbi5zY2h3YXJ6YWV1Z2xAZ21haWwuY29t -PokCTAQTAQoANhYhBEvnklJiKJtHbbvBe3b9OBAhWuCXBQJlBlQSAhsBBAsJCAcE -FQoJCAUWAgMBAAIeBQIXgAAKCRB2/TgQIVrgl6cmEACnlMgjXfjbwMuj68n5KBv3 -oFbfEyfJZ1nC6jwBcwaY4Mp5qT6JJPO/q8v+Px6hdmugKVUitbmlQASFP6/yOR3I -/mGnnG5GoTVcO7xWA+DqfDnac/br1vj54wxY9m9l7bcCbkFZ8wF4u2C67EfBLCcv -pIIIkjLec1vCoOBubeVIMx9A6GJ032XlYre6d7kPW61QbBAIHcsiM5Beho1RXdK4 -mC/dyaqQk1/Ucke1t27cl8GXcQnpEtzx1pB8KJEDv4DyGNZHPO7c7N1dJopNwSf9 -jA35Mw90PUb2BV0+tiM/3rx3/QCSuWTplmje4NvrVIcQjtjYK2UjpJzOlKS4/cMg -P32KEBVFW9Qzq1JSmd0ZnMZPljIuXX3HLe8MD0MJFcj1KqEGPBG+Ifp5uLbxyPFb -FeA5guCJ4SPAtkLnUhEv493+yHrB4jngCg1mdtYGZs+3vVuhEI0dENbkC9ymHz3e -xEXBBC7/5jCTa7BdKpTEcl/49VyLixPI0NSQ3tQXmuEzFNPE/bHlYNlTTkTw+8fx -WsAJveZxsTk7yu/s4T3VmaYVIF7YBzOLeh1MuABm7cLy1JCURIRiPsk4wKzIBOyt -b5qyVUPCoLSbpxlyF2w23O2rX4bkKUlWAv1iHWlBNS4vsMwUD4xELd9FeJLPO5uU -g2aDaeChd1LsDw9sTwXHObkCDQRlBlRgARAAtLXcd/2I3gD6PoSRI4RRVwCmjM+q -Yw0o+lWSMUWrHO2rNgiffbQ16ivK7Fg7IUdCiVlE6gCRPe77T3VyUe4gmyW/+eI7 -9LLXIRQett1j7lSTasHm8fvp436OXlzRDjaz0UNj26NCqoRXkp3rWcfhdGmCbmy8 -D3KZXPC8za1HafHk+YajI8Sqe4qQ5FxFEycQjDCRzC+CQ7VtPmQR7Hov9VbrpDtL -30eTBDJ7PR2sUJeBZrgOyEAtjN/0x0jCaaXp4JYnVO7Y2qNeJYZhhdjs+rzlWfT2 -wxXlTYCpHk3FlBp+H0yDblPUcwJSukxDDiGafs2O7s7zvVMyjyW6GLaCbGJeyT7G -b+m2zQdPc37bRFPfQ4nyhecf3jWVQRkU6zgC/eFtxOd6QPSLbmEo1Rmbpvf1uH1K -VZ7t4Zr+KgbK8dKC2mI9SQxIhas3AwTyzo4+/p5mUBDOpfa9/xyn46KEs+YAaHBp -05rtPxAxkcU6AGVWIMdxgrfL2GtR2Xy//Z9sOGMxF5GwEeEXDob/chU8QfBXeony -veWHFBTU8TRB5ePVYrQvTBBWCAsKwIly468tJgXmnnFHWrgw2ONWVgYOcnfAP45Y -HywRAVCP5EZ/NEQs0k/rqkUvVsOiBIW76bsBqTZVmJxdJ/tcFTxTyerYQZe4MA2R -V8XqaZiKXKAp2FEAEQEAAYkEbAQYAQoAIBYhBEvnklJiKJtHbbvBe3b9OBAhWuCX -BQJlBlRgAhsCAkAJEHb9OBAhWuCXwXQgBBkBCgAdFiEEENk/FW6JNZXEHmL2JqVM -MfKk/YQFAmUGVGAACgkQJqVMMfKk/YQlxw//RAyw+cvWDw6F/gmtxuLpXrRdGymo -ruG4lV5Z2HWX2KPWu5gvjz0X0rd0CajEvDzoWNnNbq/eIe4/nABdBjChvxhlEiJH -nDE3MUl5gujvsixix1iBq50XTmusGZQsj7VnDw2GuASpoBstUXQKOZrdMOkLW28j -601EdDWDPkGGBAh2rT7mfQmFQYORb8rlskcn/fEHwC4p7T0ntLIi6u92ts+gnqPx -gusYP728sR7lPukGxC1Y7MlXQY/BEIxiDkLYrqfFSMI4RxtDmiPMS+8Si9usIyNU -2H55D0P4dYNVDnyGw1oBlzK6oLakMDxrfHuSfApUBKURrM3scItn/4UWCqXyUJAl -s72LWLAuDNAMTESWaZJJul1v2gk/6HPm7SuMllL0KPZ4NbIZRsKjUUSHTnK97gXL -PsVJ699DcEJr9IQ+KIGEwVA7OyXCzB7y88NHvtPCXmm4Jb6Qv6dd0P9Si+D10bSu -44eonoCVDuJtjkASo42chJnyJC2SSxMcb6tCxnsNlZf/LyKDnUU1SnvsCTrb4vKh -HJGKUFpmya0rqqEj4YAPswl3gPLRFIOST4Yg89ErP6QqqC56+rr56NbEYRHhAtg2 -kdfCPO0RvAekg5dAtnKH9+e/MLf9AKIf1bJbS+QQrxZVySRUxH/rAZ1OU1myTU9r -YbAU+RZkqqr9r+jJMA//cSSVA49vZnSdNCyJbXDJ9sENRUcPSFm7QGE1TninG2Tq -XDDgUIMulzuFeZBa9KmSeJ+19T3LWNsXtOJlZ39l8qIu3V8r2GIjqmG3VHl2dNpp -uOug2Cq/lPOsP2TC9eSq2tMKgeU4XWf2s6Ux1c0Y3t5laRQgSZVHXABJUCcYZ/kn -Xk+GfW208cE5EZhowxanebfABs7Apc7+10m17Ki9juh3kUBXvJtk/zDZ84wwmC2M -SxrYpY7mucL/smu4eq2igu21e7ndKqsb4qUWAPytriWUzFxowyktdMRA6bWHafRk -I+kUdDLaNkdmFNK4Hq/On54oAYzs+xQftSj5ppNm/yfVgLtfQzgIWvXjhchAznqc -8u3LJZ70dw1AwDSQvQdmIBSIM+/Y+6QWwuxgONpyXdFVf6/R3+GQoj7EVieHMUkC -rEfr97JIrt78iwLOD1TmdGxwcmW98zvvGVnuSmTDPK0JQ9R6vI7fhc2Jban0VDW5 -hEbiXC79R3a+0r3/Ks9pnxfXuJq8nqEKkoL7g5yQ0Jz59ZIG5EiPemmrY4Lz6R6/ -uNLiXYkbu7rBippkSFVn6+ih51aJsRGerjDl2YBhWq3SwvgEOtNyw0aWAm12gOb/ -OntB//C7tccgM+IRLuHeVvyPZOQNZLIeOofe200eNtRtKVEiqSk7uSse74yVaey5 -Ag0EZQZUbwEQAMw+yGZhHMIQP24F/bKI9GJwsJIzLtzKFiobpaDeKp8hKf06oicV -lC0Hf6oBF6l+4QDzu+vBN2IilY+RovatrwI96iUZ6xw9KfmNeGuWVudmMmzkIcIW -PFoc5T04J28M0kPHPgyh0a29Mcqzsn6BCLTjQP/kTFkSI3NzoDP6RcTPThYlase7 -PeMqJh9MJLqCR++YDoZMm/nj2jXKPyXfucicyonIl1Qdf/+nPC2vROR8bv41qKT5 -hoh5hrvA8jhWlJ3SyHvB2SnqObOsJPaGj9ofFYih0SKyVQOlJyfFrACQD5pl/1AX -9op0ZImkrpGFRd4CoEeOQS2Sr5UZuFowGGUngnoDgT6qJPWNui4TjlekJdFTFQ8r -kjtVGeVI4USQ0XCDqYFycpCittH2BdgqYRTZfb/fSPetUFOoAG7R0WcWloEMunHL -47BEEdDWJOLta8nuJPsUWMUnPJMR+wRprIdOQsL+OaKy7IO11k8vLRaRnHewCHTi -tfArNTLYUzUdA4Nt4hZHCD1PZvRB3dHgDeldLLvhUPyE8csREuT8IEAWsYhfubFr -HAkFd9PJtUBKg1q3hlyWuaRSCjXhkyEUXRTOw94eyH5q2hWZIGJTmWOxSKUp8erq -P1Emi1gl5/hI1HZJWhcYeCAWkN0zKLKYvQbDtb5kW+kO0Vb1H/ECwphHABEBAAGJ -AjYEGAEKACAWIQRL55JSYiibR227wXt2/TgQIVrglwUCZQZUbwIbDAAKCRB2/TgQ -IVrglzrYEACkejMr595fzBqNKWePfNB9Dx3OXrt+uAjviPc6e5taEmH1wVNIhcPz -P2SVKUjyZXxXo7gs6jvA6s+d65WWjGaKWEcrj6KtEDV5iHVqvYAU/A1+wch+XCEK -gDm4teIROLp2VgXvcHXheaxgh4UCnNKPPi9HrIqeOBfkMITrJe512NWSOKidlDpy -9J5DZiC4/+8ITCSrCXGvsTNx7n6HLhpym2NC9xqVKv+FwiLPdnHGGVONcOE/WCpS -gXbhoY/5ClrdiS6E2hIKoi+YUc/+IBuBSRMyo2sur8Js4vCAg0mdd/2Deu0kW4Ld -0ku4J6WEEUOq3Kjuq9bpQ+O5ZPh+JdQL5gndnzqiC2q0XxC+ZcFWCeXoZVnD31Y8 -wXt681xV3gyFZ34dlAMc1+WnT8E1gwJXSYyHyXWmp+gD64gScBuXrXVjFsInWTBf -zdR8G4Nl5FjhNdYRejGcOyTOSuRW3XPhUBruh8edpy6DXSnXk2Q2oKBnTfWa+lN5 -eiulIOBxz0lh7IPzaepoXi8SGg7v5Muve9shRXoByJCIvheiV1i22/6iURIZTFIu -Vz1puI2u22BElyvdIqWPZXR/vlFOh/2N39WrPttjPsq0mPz4XNLQz5BCvt6JyyUK -AhKHf5C01wbtmv7WvlbwM+MOyrjeU5YZyEPuLegC2BMklVsffTJRiLkCDQRlBlSA -ARAA3dF16C30RNAMmrMbHBAcDKjpy1j6sM/nrRqs1TXksP0XIJ8TovdN5pVYwh/o -81jEnthlUoM4DNtI/6/bHxNj9c/sKv0TgxUtOCTNJbVKBZJJvyA2V0NqYjpOwKFY -uWo3ceBIgZ12PO478YeXAoEJbZI96LjxexVTfzGjdtSIFmAfDYJGlRn7f/zqZaHZ -Q0DaLde3NLBTIm2NB3KrsJh4aijrSjNYE/fPo2ZdK3dawqlxTr5HrFuhTwuJ84qz -2ovh4s6eYJ3K5CTmZiy6q41cej36UM6syIaFJ9WEuQqcn15ymVIMdjovEhDZljmf -Q8WLw5JYBLbaG9+xNmyF21ITsP7uCN6JRhYArCi+o4NDfnebXhGgmRZ85TqdFDFo -lKO5VaquwcJd6zZGtqcRHWfb/9fpvXCYj+4eqZypnHFRpLue4hiA57J6E65qNamw -I3vhLJj2G3PqjJ0w7znUh0zl547Mk3fgA5JbzBwlALn+pLuJLUBIZWcVNz72Lyh2 -tXEwhF8S1o8rSIB4E4Gm/TOSB9vUOeS0kUUAc1HZMIzhuiobKhvsRBOtN/BG169D -Bik5tNQBZnlWVnsJpEi7tlHaDjIsPJk0kIUBX6dkK7mB54e6CQqO7bSk9bC6EV/k -34EJta8p/6K4UXoNhhX5m4ixsWiRlTb46gsaqyBUF8eGQx8AEQEAAYkCLQQYAQoA -IRYhBEvnklJiKJtHbbvBe3b9OBAhWuCXBQJlBlSAAxsgBAAAoKoQALCyOgo+lCnn -uX6lriqs+qhqvRDjkGpVUwm810bHB87DB1kRuJ9KKf2JImu5RJkxHnrubj6Kik+w -0pJrsLR5fcvRymPM3jncN4kDYWptbnh5EaFxQg4252aRxTiDqL4srBblGRalFU2c -z1pJSgSjp4JItS94I3v9cxqsZ+vGUd4tgDK99HkwjS0vMsHjBWQudGxDM4NAeip5 -X12t5LI7GfYeR7yE8a1xSp45P8AwRz5GnSVuwh0ti6ocCylUzpPSrkjM/eA+TwRT -9+ws656tlI8aIiXKA1RrAcRfMosTYqbhHWn32SVUoOrEsnVNcZ0k7gpAKQ9aqJee -vsNVq/djTu/+QchvAS65RZpSG5VuKs13cnU6ljcuExlNDbaUrHwNSbXrIqLHhaWz -Hzo2KRn9/6ObWyEcdscVGxvPjyvPLxl2VLTMB3JMT+Z9gPStgm98mb7D5dvQbrLB -R5PJ209Mr4Ej2ci+UwZQ8DSLK6aFDm2Xz3+FRJAZHtx1160fRTNfBW9SeqGwa76c -Im6xUj2snmYubUBDhF7NyRGzM9rddO97F/gWOORknE+Dw8MyEFyizk7Gmtu4fAH7 -478GJars358WWC5stvK62OudLonSw73aL7DrXRZ28aDpOZRtvnhH5+dQ4CmiyEEC -dF/fBNFmNC2yUJ6dc2F1iU9S7jY4TiCv -=KpA6 ------END PGP PUBLIC KEY BLOCK----- diff --git a/secrets/keys/gpg-owner-trust.txt b/secrets/keys/gpg/gpg-owner-trust.txt similarity index 100% rename from secrets/keys/gpg-owner-trust.txt rename to secrets/keys/gpg/gpg-owner-trust.txt diff --git a/secrets/keys/public.asc b/secrets/keys/gpg/gpg-public-key-0x76FD3810215AE097.asc similarity index 100% rename from secrets/keys/public.asc rename to secrets/keys/gpg/gpg-public-key-0x76FD3810215AE097.asc diff --git a/secrets/keys/magicant.pub b/secrets/keys/ssh/magicant.pub similarity index 61% rename from secrets/keys/magicant.pub rename to secrets/keys/ssh/magicant.pub index 23253be..a03c907 100644 --- a/secrets/keys/magicant.pub +++ b/secrets/keys/ssh/magicant.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN4REr8UMRxIr2gxx5DHpEE9WKNgBlgcz8TZQal23aF3 nix-on-droid@localhost \ No newline at end of file +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN4REr8UMRxIr2gxx5DHpEE9WKNgBlgcz8TZQal23aF3 nix-on-droid@localhost diff --git a/secrets/keys/ssh/nbl-imba-2.pub b/secrets/keys/ssh/nbl-imba-2.pub new file mode 100644 index 0000000..e908661 --- /dev/null +++ b/secrets/keys/ssh/nbl-imba-2.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDd0XXoLfRE0AyasxscEBwMqOnLWPqwz+etGqzVNeSw/RcgnxOi903mlVjCH+jzWMSe2GVSgzgM20j/r9sfE2P1z+wq/RODFS04JM0ltUoFkkm/IDZXQ2piOk7AoVi5ajdx4EiBnXY87jvxh5cCgQltkj3ouPF7FVN/MaN21IgWYB8NgkaVGft//OplodlDQNot17c0sFMibY0HcquwmHhqKOtKM1gT98+jZl0rd1rCqXFOvkesW6FPC4nzirPai+Hizp5gncrkJOZmLLqrjVx6PfpQzqzIhoUn1YS5CpyfXnKZUgx2Oi8SENmWOZ9DxYvDklgEttob37E2bIXbUhOw/u4I3olGFgCsKL6jg0N+d5teEaCZFnzlOp0UMWiUo7lVqq7Bwl3rNka2pxEdZ9v/1+m9cJiP7h6pnKmccVGku57iGIDnsnoTrmo1qbAje+EsmPYbc+qMnTDvOdSHTOXnjsyTd+ADklvMHCUAuf6ku4ktQEhlZxU3PvYvKHa1cTCEXxLWjytIgHgTgab9M5IH29Q55LSRRQBzUdkwjOG6KhsqG+xEE6038EbXr0MGKTm01AFmeVZWewmkSLu2UdoOMiw8mTSQhQFfp2QruYHnh7oJCo7ttKT1sLoRX+TfgQm1ryn/orhReg2GFfmbiLGxaJGVNvjqCxqrIFQXx4ZDHw== cardno:22_412_379