1
0
mirror of https://github.com/tboerger/nixos-config synced 2024-11-26 07:43:45 +01:00

feat: use more secrets and get python rolling again

This commit is contained in:
Thomas Boerger 2022-11-11 08:19:37 +01:00
parent dae0dec2d5
commit b682805984
No known key found for this signature in database
GPG Key ID: 09745AFF9D63C79B
13 changed files with 144 additions and 89 deletions

@ -10,7 +10,7 @@ with lib;
users = {
root = {
shell = pkgs.zsh;
hashedPassword = "$6$i1AZZ2GnRxgVnJ0X$yfWoi.SDf4mWYRAI6AbaCUMM15OOOZsabgbLo82HgEvCH3yc97N00y5m3aQPcLZ/5QHaL4BPUFRU6Ux3/ziEE/";
passwordFile = config.age.secrets."users/root/password".path;
openssh = {
authorizedKeys = {
keys = [
@ -23,7 +23,7 @@ with lib;
description = "Admin";
shell = pkgs.zsh;
isNormalUser = true;
hashedPassword = "$6$l5FBDK2QUtR6Sfvv$N.eol4kjcwIr56wIv1iwT07qlK.gD2KU7fAwc8JLMeKLLuik2FjmzQszgglQUuLbvLPiMM39Dj8AsHxJyXwhX.";
passwordFile = config.age.secrets."users/admin/password".path;
uid = 1337;
openssh = {
authorizedKeys = {
@ -40,5 +40,13 @@ with lib;
};
};
};
age.secrets."users/root/password" = {
file = ../../secrets/users/root/password.age;
};
age.secrets."users/admin/password" = {
file = ../../secrets/users/admin/password.age;
};
};
}

@ -1,4 +1,4 @@
{ pkgs, lib, config, options, fetchurl, ... }:
{ pkgs, lib, config, options, ... }:
with lib;
let

@ -4,26 +4,42 @@ with lib;
let
cfg = config.profile.programs.develop;
# ansible-doctor = pkgs.ansible-doctor.overrideAttrs (final: prev: {
# postPatch = ''
# substituteInPlace pyproject.toml \
# --replace 'version = "0.0.0"' 'version = "${prev.version}"' \
# --replace 'colorama = "9.4.5"' 'colorama = "*"'
# '';
# });
ansible-doctor = pkgs.ansible-doctor.overrideAttrs (final: prev: {
postPatch = prev.postPatch + ''
substituteInPlace pyproject.toml \
--replace 'colorama = "0.4.5"' 'colorama = "*"'
'';
});
# python = pkgs.python39.withPackages (p: with p; [
# ansible-core
# ansible-doctor
# ansible-later
# ansible-lint
# boto3
# botocore
# hcloud
# passlib
# requests
# yamllint
# ]);
ansible-later = pkgs.ansible-later.overrideAttrs (final: prev: {
postPatch = prev.postPatch + ''
substituteInPlace pyproject.toml \
--replace 'colorama = "0.4.5"' 'colorama = "*"'
'';
});
checkov = pkgs.checkov.overrideAttrs (final: prev: {
disabledTests = prev.disabledTests ++ [
"test_file_with_class_attribute"
"test_file_with_class_const"
"test_dataclass_skip"
];
});
python310 = pkgs.python310.withPackages (p: with p; [
ansible-core
ansible-doctor
ansible-later
ansible-lint
hcloud
yamllint
boto3
botocore
passlib
requests
]);
in
{
@ -40,18 +56,14 @@ in
config = mkIf cfg.enable {
environment = {
systemPackages = with pkgs; [
# python
python310
act
# ansible-doctor
# ansible-later
ansible-lint
awscli2
eksctl
git-chglog
gopass
graphviz
hcloud
httpie
ipcalc
ngrok
@ -60,15 +72,14 @@ in
shellcheck
sops
upx
yamllint
# checkov
checkov
terraform
terragrunt
tflint
tfsec
nodejs-16_x
nodejs-18_x
yarn
];
};

@ -14,10 +14,14 @@ in
"services/nixbuild/sshkey.age".publicKeys = users ++ systems;
"services/tailscale/authkey.age".publicKeys = users ++ systems;
"users/media/password.age".publicKeys = users ++ systems;
"users/media/smbpasswd.age".publicKeys = users ++ systems;
"users/media/password.age".publicKeys = users ++ systems;
"users/printer/password.age".publicKeys = users ++ systems;
"users/printer/smbpasswd.age".publicKeys = users ++ systems;
"users/root/password.age".publicKeys = users ++ systems;
"users/admin/password.age".publicKeys = users ++ systems;
"users/thomas/password.age".publicKeys = users ++ systems;
"users/anna/password.age".publicKeys = users ++ systems;

@ -0,0 +1,15 @@
age-encryption.org/v1
-> ssh-ed25519 ptT1OQ 1VZMuBeAj2I8cMd8QZKAVQ9XV0fU1NesQkz4eF+LSU8
wHW3ptHxvQe9jmjKWINsnmNzwD9hNSKFgqj8XmH4HxM
-> ssh-ed25519 RlXbCA eBrFQOLG+xmpiMwzBhZFO0dN/FMDtvfaqWTT3s6oSx4
pYkQ8X/8gGbYZ2O1y6GADWTs8SdtdWqgCjz1JTTVB/Q
-> ssh-ed25519 vDK6kA yIxljFFxSzJ1de6d0GFL5udvCE9DtyG0bw6PcuxqzS0
FaGPWjDSd5PEOOZEXqwk3Fg9i5wM/t38mLXSfn2+qEQ
-> ssh-ed25519 mO4+dg ZnN+FIYs9NmJ3Jw7AfOEC/Sw2P5w7W8SmxyVtkMoLgQ
Cx3+N8ffn6nQLwYfr8OaY1HDgWvYPtszS6MTDI4eo/g
-> ssh-ed25519 IYHv1g h7W64Pati399/XrYOsCECZhNRDJ7B5G5FtaQ1YxDAF0
S/W91D9WJU77uuA9ws8u0c2ApSBnNkRUfH3cTpwOmgE
-> cbxXL.-grease HZW`/7 o-l ;]3t %`9
qMqw/2yjX7InCyvP3zRpjS1pK+lrai6VqlZG
--- 9bWH9lt367Bg4Q6RqY/PgfM2FXyYGablWijYdAn5rNc
µßÞê“báQ91:ÍÓMž;'8[ÞÃÎÆ;ß½“»O^÷õ<C3B7>¤oŒÝÉ#‰ŸÇÄUøˆÓLãë$Þ{ìQ0PKÏŽ ‰Yì6Váv´ßöhfH¹‡I@à'@FσÑZ<C391>Æ6©E+ 8ù" ÐÀžBl(<ÃÊå¹aå2•Ýó~íŸñ­|¶Æ

Binary file not shown.

@ -1,15 +1,15 @@
age-encryption.org/v1
-> ssh-ed25519 ptT1OQ MBkBhbvMi9NHrq19BZwsKeP2xLYYkkjGN/AekVkBvAA
etLYNlpoPBhkMdIp/IcLrcQqYU4W11ep0Vv5rd/7sMM
-> ssh-ed25519 RlXbCA jj/sHo2NTrvZYMCVfRA/fhw/0MftreqlWZlAeqCopRU
Rg9R9dC9XHQTi7jCf5ewVG3kuEfCyV4j1pdC/tXTb8A
-> ssh-ed25519 vDK6kA EmgAHqDQbsqvcZvE+TRX7tCED2jO4vcXeA2Nojmh7gI
qbZ8ejsaTbLeacym3/iJX2HLeBfwul1WQjOC7vN9pkU
-> ssh-ed25519 mO4+dg lUV1iKWa8ULJZZTuMBiceXZrWTPz7UKURW9L8djDqXo
p3V/3RocpcasgRUPGt2D1xGaM+w9SnPKDgD8KhcDbFI
-> ssh-ed25519 IYHv1g M7Dj/XqPr97hC9EV3ZBdckinYjMgzemxv7t9OkCLzXc
lBPYQO/TLUTO4EvA+Pfd2m6HHX/fJ857ek8S3LduEeM
-> Si#K\I-grease /:v-4~I#
--- fajMb/3JIZvYXF/vrmt3twr64wtPDi5ZqwhyHp25HAo
*áݳÑFçPw¶ÓšbKø…°Ÿ)ovZÝÉ»¦SëMý·C}}RÇ^þ
-> ssh-ed25519 ptT1OQ SWL1uOppBtKAVkTOmq9d71nxTiNzrlHILmlyovw8QyE
lp9vcgBSFOc8AuacYdSsN/aG3vxM0053+ZVlRFuCueo
-> ssh-ed25519 RlXbCA /sV5WUOFzcMFyLvRMP7cKKYmEZLlmjbY7X7OmpfGm3s
/JtMRM3UDMNpbzfrGeBv0+XuFnBo6NAuLz7PUR473L4
-> ssh-ed25519 vDK6kA +bdw17VouDM+ZWR1EwvxKvz3hTBXH1HMIm4ceGi1ezo
FRmf7AA8nB+8Z3nj6YTIKCOq8MZFuKceBPyZWjeHLZg
-> ssh-ed25519 mO4+dg 80DDJfx+ugTOteXWVcBjkSdozb3PVJH2fBP7uX9c7Ss
XkqYQuTmSqtnPG2CHDxqTGjCKesyC6175qLqVoKKzaY
-> ssh-ed25519 IYHv1g 8MfmGnyZTiBTbUgkixh1BhZRcen7liQ8eTe2JLH1+CE
xqdU6gTfWM7H2bqfrzPxduyMljZenzD2sX4sp+GggTE
-> x[*-grease 0/
+stGjg0D4ADLYVo
--- UJ0W4sg8qfjLfDLDudKe1g07+rSpp82Equ0NhT857Yo
Ó/E!…`ãÍ|á+‡šM‰øè|A_UI°÷¢élóæšaä¿Øí)°ý[]yŠ0ئÛH4küx,p@ß»tê{[ÎÉ”±Çë·t{¶óX€=pf´và6³Û*¯ÔÌÑ àâ»»¦Q,™½_þ±‡¯ÏuãÒî8

Binary file not shown.

@ -1,16 +1,18 @@
age-encryption.org/v1
-> ssh-ed25519 ptT1OQ pLtfHp7UMTODyWeIiMQHcZtu45JfqYcWt2jbCN8w+DM
60OA3aLEFqKwNvkcwuRLZHnoLXp+AfBsUpPVEIZNOx0
-> ssh-ed25519 RlXbCA zaRtNPGuDitgeoc54JQsmEEX95GvIz0KuUL4eAbyvmw
At+7evZ+6cfnoerMF38ansmcu49+xcpSnssjTnGcGUY
-> ssh-ed25519 vDK6kA I1lRs7co7q16+4NwoMQxwBJhNjgS4OjweM2xdaDpdk0
aolCtiUvDFw2IaMp+8D9meCRWu4p4Nlg/rowpbKRc/Q
-> ssh-ed25519 mO4+dg +Hexj9zoDKlg7h4MM485KPlACQYBffVeBvPh0doQxBc
udS9NqScmH9qK1HH+6BPkLOitAF3OKZBx2BZv7qz1rM
-> ssh-ed25519 IYHv1g vt4OWoTGFfA8cGNmClrNDTyfMfzmSZ+wThqLx1f9dB8
/ejwHFFKrsx/PVSjU1U0Jm0s5OPqf8IrviVwxdah9V0
-> @^C-grease
1af08l23t/E1xQm6UK9NPD/mmnPNz9Q/l/C+MsyIc6SONlSczJWlBL/XH/Zx3EcJ
rKyMZTRqD7i6ScxIwt04uTLi7ZWL0yskI474yRCp0VzP9fyIhZucDYg5Vish
--- 3PdSC4VZrDD0v8yxJotFuRiyuczT6tqaQBn3h27mVqw
š9 ''·çQò¶*ÏÒgU7F“J¢tBD¸s—ªRoyÖ¯C7”ƒK<û1 Ó‰ŽåžLNO­f
-> ssh-ed25519 ptT1OQ RLgCBDOEBmQkKXI3XInfL39WYPi4bXL/NmW0oVU5nUk
VIy5w4dWxKGluyuPri/AdVHytRTD+CKQS1FMl5TPtCo
-> ssh-ed25519 RlXbCA lUyxy1WrqI48kRHacvPu6G7ZjCCIqDoRXcxQ3dly+C0
yPUdMjhnWGezucF9f43YnWVujotwSZhqPNSooOPNpmc
-> ssh-ed25519 vDK6kA db755icAG8WwGPuixUIyqnUM+VR9AvNP5T3BwVqAOAc
YIz7tFHn5v5OvsBFJHXE8U2oWThTtDNBpRObhp2vzfQ
-> ssh-ed25519 mO4+dg 6uAaHDDUJzG0kZKK/l7R6lV/SxmbFsCMJoMoPn6GTzs
G+RX17SGDttCOA3pbUXGg2jlt8i9WHJ1LAWmdLYY9Wk
-> ssh-ed25519 IYHv1g BlANTNhW+/W9jjbj8O8EhqPBosxreUxa5AYjnVIeOVA
BdeGyVePcrTG9mvCChxRkbE+f11Ht2SNJ/oAnkoB4+o
-> '--grease V&c?994 xk~ M*S)*Lw" h/K2QVp
xMQfaZ4gC23YFi2H3/U5
--- u6+L4KEm2JzGd39idNaRNf7OSqSCHgW3/ITA9gD6y4E
Æ~Zðw§¿µY@eƯÚh¸@”Üf¨*º0<C2BA>é¬
î„zXÞÄd÷†ò 
ÈP#!'ßØI¯¨8öJ¡úi$û‹{m"6 ù/Ú—f@‡D¸h!Ò—|<7C>èÒ e·—†{Žá~&äö»ìÌÊwà~œØ•J”ŒyuÑÌ¡ps̉<C38C>

@ -0,0 +1,16 @@
age-encryption.org/v1
-> ssh-ed25519 ptT1OQ 8cuDgPydxyUvwmsAeErl0w4CRrDEXmsL32MAujVVcHQ
d/mTJWLJrx7Z6RdzUp4Yy5EzTxMbyBczSqgTD4Uy5vI
-> ssh-ed25519 RlXbCA CCR1Qh+RYrbCAL0GJ/giSdq7YCcKr2t5DDGbEEkVNzY
gGlRrs6jO5OO2mbNfR7hA8BCvMF9yKOED2XMrdFWVyg
-> ssh-ed25519 vDK6kA zM64PzGeS3IhnFEUmJR0PteH76Jyq/64FoQDpX9ztCs
b0CPzn1+S9hmZnPL2dm9MLa4b2J8d5exbMIBSJkxnBo
-> ssh-ed25519 mO4+dg 6FYk9q1awf9S2/p6DQT+Bdmkmy0HTpNLUY75cZ2m72k
XN57RqQ82bWMQL/BiwoXn/6Kc+ktn/mJ4WhKG1cMrqM
-> ssh-ed25519 IYHv1g gS/QwPqM/daJ5obcwft+SSyTXtQPrydZwFnf34ji4Xw
Gh9GaKSrlSQa+eLrdSd4nThq2NFF6izQKdUy5//GOXU
-> .-grease
Ga4T
--- 35Vgddzze9c37oihXRlF/z26ncu8gEfepvztIvEbFzc
\!øÝ«'-¨?uÞÀ5Ó
 C•š˜þ Ï–²[É?ß ñþ¤”ž´²ï(¶ó Ù¼øp§7E@t¾‡3ùkâwZêÔd~É­O

Binary file not shown.

@ -1,16 +1,15 @@
age-encryption.org/v1
-> ssh-ed25519 ptT1OQ gpc/6xTuaPyROlvCSBV3WBDfLxEPA6CScewiDyyx7VI
048ALpa5XVTwLqqBqb6ucJRghiX/Rb2lZOIyjwGGJNI
-> ssh-ed25519 RlXbCA KZQxSzoeYk68/SlwjFx7CZSxTOSjDC4oEA1WlMh1bDo
3G4Nbe6xJJtuBHBbB0Gx+I1fY7tjKPBubqoNRXHV/zo
-> ssh-ed25519 vDK6kA cpjWFIn0Ok7U+0rKIM7j5i55R9j5DGSfwss/DkwQOj8
snQ9rTVoX7crLQFxbIgoalS6fbmrvOOqhNTaBMaSDF4
-> ssh-ed25519 mO4+dg GzgVlpkHKmpONSQbdu+MTwGBWUhBHDbUcTUqzWK+71o
ay4iTEU6xjXa8dVKejggcHeiLaJyrbnwa3Kz6zxnsvk
-> ssh-ed25519 IYHv1g 23D5wJVDAhQHdIU0b9IYx9QT/XhrkS2aXv4An+CjzXw
+PRwgHkrs2xzMtkfNtcL8Ogln5NLtoR41Ine/KIeiM8
-> L8pV-grease mnq$< >Eu>
EI/h8JEetvnkqQjlRGIv8VmBARJdl8Y9EF3+T6MltLZjOEAhBuXtlQSZXUo8iIDa
MLV4f6UIrkwSCgUcEPK4lLi+RnDwD/a0
--- ysqYwoeCxWUhF1ocySQjLBd/9/v7BDdJbZiwVsNs2F8
K ¸†‡Jz×2i U**Fy¨Ÿ*gêË•±³Òšeí‰ò+Á¼šCË
-> ssh-ed25519 ptT1OQ 4mj0yQQjNqBqn4kO03RPRq12ebHrMGf/a3EpP3Pl/Wk
vvj3EALEjGFNQ3Z1bWkvtT+ItCJruZrJYif52XuXN48
-> ssh-ed25519 RlXbCA mWlxptcvahKKxE5LvO5qTE1qHjv/3lNyZQUdKUqMtGk
WcLC7W7x7+pnBlTS7zB2coDGx7Rp5/C+MuKkn01a+jc
-> ssh-ed25519 vDK6kA 2hqXAsEt05y1Tby6MDA4GiEo0e7OLtCPDbEy4FP4qx8
sU7a7xYwnmwZH7WajrAhd2MKqlcxFWloo2ojCluU5gU
-> ssh-ed25519 mO4+dg uVLAugz1nSQtYdRGlib3UuGIp0QG8v2owk2w6vknBAI
O1N8SP4kKMOCmAHvPTiHdbPignixhCz/6C8NWQDBvFI
-> ssh-ed25519 IYHv1g DW9x7CgIhErFu4fJ4wk+DJTBKq0DZW/dW9pVjIsm7So
hbOHsf76nCVAtXutOPi64vWX2gToU4USjQjo6PCvXxc
-> 7|`-grease 89+`
yFkt1RF8IEw
--- KOglzxjDSLefTJn183zEsozuI/g/RZLGnHgBv77CaKE
E<—‰+È„wÅ€-îPÖà;í|:&=²I+>jïÞâ´ ÍIJ×4¿XÕç¿.6¾ÕòUHÓ9JŒxNvS¯N p6)u(¾-”<>/fƒ<Yš8æ¼räù¯C&{¨<>N5ÚhÎÍÈ'µà¬ ™ë&@ýXÐKuÀ¬ÜÂ<C39C>6­9{àŠÿ

@ -1,15 +1,15 @@
age-encryption.org/v1
-> ssh-ed25519 ptT1OQ /PSpi0wbpeapAF3DzPhSy2ZSv9dtD4u37EaZJBMif2g
YU3sODLxTFtnpB/gzELjjvhNa+MGe5a8ACUCz4Wp440
-> ssh-ed25519 RlXbCA DL8cJySjW6jlkQ/WmWdT6lU9ccd/ZvgBwFvMVJii1HI
vkXW7FRielR7fVMvENPUBFUuH+9EPmdD0S0xOBxZp9Y
-> ssh-ed25519 vDK6kA rSIelUWpT9J9L8osY+/QkC1m9twwHL1fHGfCy1toQyY
UKT6TnSTvFYI0rgWLqf9TO4OG81cFj8w0oIHuZi/WK4
-> ssh-ed25519 mO4+dg F5faPEvywSrz1T5eAdtqy0p8OjvQmqRH8kEOW0KHKkk
lSzwdfTXTbO60qyb323IMXGUVOLYGzKopXfp82vXsdA
-> ssh-ed25519 IYHv1g NwGIlXVoUAEjvcrAE5rLf7WsNORBrcWimNW7b5FEZRk
Dn6fcZHQx3XCdBaUcB6nx/itGkYFiWzKaFdFivt/uNs
-> r?DhLYS[-grease l/TW @Dw 5dasy lA5^T
7XjDCcM7YAR0z1A3SUmO
--- 2GDO0GyYuxRywadWdj4xnos6O3pFtdG92I5Jp5X15fc
š×þ<19>þxžØ´<C2B4>•YŸø°G~‰T½9^ÆoÁ²r™.ÜHêÀ
-> ssh-ed25519 ptT1OQ 3C+TBojPRYxIch/BsyeMoFZCD4I5Vjf1oXBlH5F0Owc
qXlNSL+DcYtTbjw/rBzQ+5FiJwaXYtE+GxGoW2JsQ7E
-> ssh-ed25519 RlXbCA j4s0Y+1hSfzWEBlG+cXo7HA8wezuoCxVtsuWBb6fgAE
J4I7IYRCZ2TQc8qbLquoKxiI8sQG7E/KdhuC+uGxPOQ
-> ssh-ed25519 vDK6kA B8YrXFArK0vRI8ZiHEaRJUHYiCEFHq/5yBP+M3XdM14
xdJmTPz5St8kb3TtfXLxJq6G6gl0FSmOxAR/4BPwkp8
-> ssh-ed25519 mO4+dg jaBjhwEtRifSxzxBjTlLjq2fM+a7WyFVXVohFW8iU2Q
RUbSn6kPSImR30of0VkjCijwJyRbKYZ1HmiOI/KJLZM
-> ssh-ed25519 IYHv1g 0sSSVkieCcw9jiJWHb7A3WeLOOkvFuMoYW0FuMK5RQw
JH8MUc/cgH1/vM4rjaT9tXMHItbyGxFvMBNHjZWVYVM
-> c-grease V\#]@% qnN D:K\1(\
mtHLFjXxQ+w6p1s6OECztxgndnqj5L50IzbGdQ
--- aygFdE9a23NqoO2Xo5tmeuKPhxDhGEWvlJhJwIQLBKg
ˆÍ˜ÌgÅÊ<C385>Ü<EFBFBD>,?°oO<7F>äó¼6Ye¹\ÒT±ÙŸ’]HÛ-^³h,ALH š`¥¦ÿ8PfbÒLµBÞæؾ®¹ s0qfÔ@Ú:~íZƒŸ<C692>{)0d™#¬"Ô­§œ¦dø†úšÓÞ¼ÒÈ: ­NL½+éû¾0]$<€”Êè ¿”