From 41dc68ae6ff959f494473476823713f728939e66 Mon Sep 17 00:00:00 2001
From: dadada <dadada@dadada.li>
Date: Sun, 4 Jun 2023 02:38:42 +0200
Subject: [PATCH] ninurta: use initrd ssh key from agenix

---
 nixos/ninurta/configuration.nix               |  46 ++++++++++--------
 secrets/ninurta-initrd-ssh-key.age            | Bin 0 -> 767 bytes
 .../ninurta-initrd_ssh_host_ed25519_key.age   | Bin 808 -> 0 bytes
 secrets/secrets.nix                           |   2 +-
 4 files changed, 26 insertions(+), 22 deletions(-)
 create mode 100644 secrets/ninurta-initrd-ssh-key.age
 delete mode 100644 secrets/ninurta-initrd_ssh_host_ed25519_key.age

diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix
index ec505b7..686be96 100644
--- a/nixos/ninurta/configuration.nix
+++ b/nixos/ninurta/configuration.nix
@@ -10,7 +10,7 @@ let
   wgHydraPrivKey = "pruflas-wg-hydra-key";
   wg0PresharedKey = "pruflas-wg0-preshared-key";
   hydraGitHubAuth = "hydra-github-authorization";
-  initrdPrivateKey = "/etc/ssh/initrd_ssh_host_ed25519_key";
+  initrdSshKey = "ninurta-initrd-ssh-key";
 in
 {
   imports = [
@@ -44,29 +44,29 @@ in
         enable = true;
         port = 2222;
         authorizedKeys = config.dadada.admin.users.dadada.keys;
-        hostKeys = [ initrdPrivateKey ];
+        hostKeys = [ age.secrets.${initrdSshKey}.path ];
       };
     };
     # Kinda does not work?
-    # systemd = {
-    #   enable = true;
-    #   network = {
-    #     enable = true;
-    #     links = {
-    #       "10-lan" = {
-    #         matchConfig.Name = "e*";
-    #         linkConfig.MACAddressPolicy = "persistent";
-    #       };
-    #     };
-    #     networks = {
-    #       "10-lan" = {
-    #         matchConfig.Name = "e*";
-    #         networkConfig.DHCP = "ipv4";
-    #         linkConfig.RequiredForOnline = "routable";
-    #       };
-    #     };
-    #   };
-    # };
+    systemd = {
+      enable = true;
+      network = {
+        enable = true;
+        links = {
+          "10-lan" = {
+            matchConfig.Name = "e*";
+            linkConfig.MACAddressPolicy = "persistent";
+          };
+        };
+        networks = {
+          "10-lan" = {
+            matchConfig.Name = "e*";
+            networkConfig.DHCP = "ipv4";
+            linkConfig.RequiredForOnline = "routable";
+          };
+        };
+      };
+    };
   };
 
   fileSystems."/mnt/storage" = {
@@ -151,6 +151,10 @@ in
   age.secrets.${wg0PrivKey}.file = "${secretsPath}/${wg0PrivKey}.age";
   age.secrets.${wg0PresharedKey}.file = "${secretsPath}/${wg0PresharedKey}.age";
   age.secrets.${wgHydraPrivKey}.file = "${secretsPath}/${wgHydraPrivKey}.age";
+  age.secrets.${initrdSshKey} = {
+    file = "${secretsPath}/${initrdSshKey}.age";
+    mode = "700";
+  };
 
   services.snapper = {
     cleanupInterval = "1d";
diff --git a/secrets/ninurta-initrd-ssh-key.age b/secrets/ninurta-initrd-ssh-key.age
new file mode 100644
index 0000000000000000000000000000000000000000..4a51114329499f0c78d80a3715154bf1e008965a
GIT binary patch
literal 767
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlG7IuAD_2N0_e{-C
z()M*Vs|<6?3iAlfarSacbBnZ$C@M-y$tgAVcMFZGG7pFdGT<^zF)4F$%P2JTEv>RB
z&klDpv2-%ct@23oE_5!*OgHs6DlLjMu*mW(%0{=%za%>+yIdj5G9|^uEjXjtCq2#4
zQrq0kqTIsV&pE|V-@m{pKQhfLu*}IRtT3y<u$U{r(^%iEFtQ{dIMB<@+cnZVD!|;w
ztuo9x)jZJ2)hRVFzpB_jslqbYC>dm%b+J#0ZhBE_VsR>0ak8O%qCrVmL~x?HPl#t$
zn74bdd3I=2zPoR}VLF$tuC79PxJ#OARYs7DcWPO<XK+|jzL8;;yN6qmv4wteii=lh
zMM+k;agdQ)Ss+*SCP}|PKcD`cb+xu|v80)@V85#O@sO1#fAbbC`u0&dt9)B?oqfnR
z$=8qX?=RLg+J8~#r!{}T<1II)X!KRe>AU?tX}tH+RjtMU_j?)UKQ3D7G`G#Yqfalu
zK5mAH;2pWZzQAucFSu96b?e92iF$rN%<{>rbECJy^Q?f6&r42g+g(*zQ2I1Pw8PXc
zrqS=D&ZP&j`sx;8%_h5fJ;a!gwY{u2xb?(D?xX7QO%vzc^qIMQw(lz;gWTg<?;SQ?
zI?8s=ecyK>ahtcBjiny`&`zl{pMOpv_LqyslWQS4I})<yEr>N2(Vmu`aO+pi<&|e2
zE#0wpAxpB=j|n%jyqER3%h}ehJaFSM&#9uTcO02_T@$}@FRE-u;^zIHy%&C8W=+<S
zU^`NrcieY@ahJ`y1!^g+ant&DCboW*epvrnEoc%eXKd>C!0CMz^~<i#DOOJSZv8Vu
zIs1pU&^|k7j`@!+_kCJ_Wz*q0gX5AG5fyisUsf%-x0Ioa&wt71?f0*Ha(!NZ<Uk#F
z=Dw=AzIFx1n;$N_#39S2oW$C3PAzHme&#P*SDx5kd6;iUE6e>Whg)th4inN`a|!_b
CN<;|&

literal 0
HcmV?d00001

diff --git a/secrets/ninurta-initrd_ssh_host_ed25519_key.age b/secrets/ninurta-initrd_ssh_host_ed25519_key.age
deleted file mode 100644
index 20e4971e72e2c4bb02c23167f7270d2c1f372f83..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 808
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlG7IuAD_1BnF7%Fy
z@+)-BOf?M(NX|8PGb<@~$@el(H4H4y3-EE#&&do<EH`lt^yNy+FfT|CGjRzIGEXjY
z$<WTp%nvm3^eikk@o@2q@^=q6kI;`aOf(HH^hCGKza%>+yIjG=)IBNEG%?j(KgGYS
z)IF)hUB5ioDLbIZIoaLIvZTbsG(EAXDl^<Cw3y2|tt8Z~sK_`fJKWLB(=#~0&!r$I
zC)6jzI3zXOFfrBDBQP^k->gX6u^42Vxv_3~QEFmwszO?Lja7A)p1Fc*u$`WUf_9cp
zv4ggPdziCjOqD|&m#K4<d6{QQWp;?SQL=HGTbg@NXlih7dPSCFh;fdOPegKZR;5Rl
zr%z@?IG3)ju7X95rAK9Eeo0z*qDfFmiE)u@X;DRTMWlC;S#GdTNQJYZyLVEBZ&XP|
zI#-+8+NQW$Y!7`mOcIZi`8mJxwCO7U*!`-yTRD_-74$yuU%GGWi{O>IvzOnUr*=7e
z=N0bB^14wHcLM%e>*=ofr%}FBq|d<7>3m_Um(aFXPxJYd=FPq#E7iaFLL?)5dg`Jh
ze_iYXuk*jyaD3tGZ4pLyHqPEDzW=DJ$24WZy^?dcFaDO@IDO@ZBU>-DeAzqK?+zO~
zkFOuY>rW5=#TR_OcYR`^zvQw!Yq_0<oPTtG7~AQVrFm(8KAN?^>Fgb|+AcFDm*>+u
zPUWze<a_=tE<RFOd+2U|zJL((H@T;38VwOwdo-o?C?@-xHM}!WJ0JIa<#Ww*4f#jD
z8Ww66d-`*SF_%RZzTC%KVrq2PVUhEl`M+5Wvi`^9EO(OKG((8LziHNoWnV(iT$m})
z{&vNLrKXA@^^ytu@?t~McC{CHymxq)$R{DjBcm=el|66yRZG`ER#E#q3s3s%^If)Q
z-zix1Wd3#5dphSP_o$t-oXFwV@L>O&!20dm6@wRP^0>0>xWmVFLI3`NS*z~N;12ej
qvBCD^%#$3R&)P!EkF8BVnDVrzV$(jA^<Gw6R|u+!R=hvm91j4S0!9!3

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 23ebc62..fe31719 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -22,7 +22,7 @@ in
   "gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ];
   "paperless.age".publicKeys = [ systems.gorgon dadada ];
   "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ];
-  "ninurta-initrd_ssh_host_ed25519_key.age".publicKeys = [ systems.ninurta dadada ];
+  "ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ];
 } //
 backupSecrets "ninurta" //
 backupSecrets "gorgon" //