✨ [pi4] Public age key for pi4, generate ssh key in justfile

2025-04-17 10:25:14 +00:00 · 2025-04-17 10:25:14 +00:00 · feb1d07500
commit feb1d07500
parent 4f126bab90
2 changed files with 12 additions and 5 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,7 +1,9 @@
 keys:
-  - &primary age1fxr5s6d6ar0xy5pr63kpq93tk7jha5k96jcxnyquj6s2mw8mmcpss8w29w
+  - &desktop age1fxr5s6d6ar0xy5pr63kpq93tk7jha5k96jcxnyquj6s2mw8mmcpss8w29w
+  - &pi4 age1xlnprpvshv93eerthxzg6cahklsfc4efh8dd6u8dte9u6cl0u5qsz48qlt
 creation_rules:
  - path_regex: shared/secrets/secrets.yaml$
    key_groups:
      - age:
-          - *primary
+          - *desktop
+          - *pi4
--- a/11
+++ b/11
@ -50,16 +50,21 @@ unlock:
 start-tailscale:
    tailscale up --login-server https://vpn.martials.no

+# Generate a new SSH key without passphrase
+generate-ssh:
+    ssh-keygen -t ed25519 -a 32 -f ~/.ssh/id_ed25519 -P ""
+
 # Generate a new age key from an existing ssh key (without passphrase)
-@generate-age-from-ssh:
+generate-age-from-ssh:
+    mkdir -p ~/.config/sops/age
    nix run nixpkgs#ssh-to-age -- -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt

 # Get a public age key from an existing age private key
-@get-public-age-key:
+get-public-age-key:
    nix shell nixpkgs#age -c age-keygen -y ~/.config/sops/age/keys.txt

 # Edit the SOPS secrets file
-@edit-secrets:
+edit-secrets:
    nix run nixpkgs#sops -- shared/secrets/secrets.yaml

 # Hash a string using the mkpasswd command