gortium/infra
1
1
Fork 0
Code Issues 13 Pull Requests 22 Actions Packages Projects 1 Releases Wiki Activity

feat: add agenix-rekey config + remote builder to uConsole

Browse Source
This commit is contained in:
Hermes
2026-06-18 17:17:29 -04:00
parent da691f0b4d
commit 050f2d4761
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
hosts/uconsole-cm5/configuration.nix
View File

@@ -184,3 +184,21 @@
networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedTCPPorts = [ 22 ];
networking.firewall.allowedUDPPorts = [ ]; networking.firewall.allowedUDPPorts = [ ];
} }
# ============================================================
# agenix-rekey — automatic secret re-encryption at deploy time
# ============================================================
age.rekey = {
# Master identities for encrypting secrets (on Thierry's laptop)
masterIdentities = [
"/home/gortium/.ssh/gortium_ssh_key"
];
# uConsole SSH host pubkey — for automatic rekey at build time
# Once uConsole is deployed, replace with actual pubkey from:
# ssh-keyscan uConsole.local | ssh-to-age
hostPubkey = "age1qyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqs3290gq"; # dummy — replace after bootstrap
};
# Enable remote builder (distributed build via lazyworkhorse server)
services.remoteBuilder.enable = true;