✨ [shared] Added ssh config for desktop. Justfile to get pub ssh

💥 [pi4] Caddy redirect from kitchenowl to grocery
2025-05-15 21:14:05 +02:00 · 2025-05-15 20:48:00 +02:00
5 changed files with 25 additions and 3 deletions
--- a/hosts/pi4/caddy.nix
+++ b/hosts/pi4/caddy.nix
@ -8,13 +8,17 @@ in
    virtualHosts =
      let
        reverseProxy = port: "reverse_proxy localhost:${builtins.toString port}";
+        redirect = subdomain: "redir https://${subdomain}.${domain}{uri}";
      in
      {
        "beta.${domain}".extraConfig = ''
          redir https://${domain}{uri}
        '';
        "git.${domain}".extraConfig = ''
-          redir https://code.${domain}{uri}
+          ${redirect "code"}
+        '';
+        "kitchenowl.${domain}".extraConfig = ''
+          ${redirect "grocery"}
        '';
        # Gitea
        "code.${domain}".extraConfig = ''
@ -27,7 +31,7 @@ in
          ${reverseProxy 11000}
        '';
        # Kitchenowl
-        "kitchenowl.${domain}".extraConfig = ''
+        "grocery.${domain}".extraConfig = ''
          ${reverseProxy 800}
        '';
        # Actual Budget
--- a/4
+++ b/4
@ -69,6 +69,10 @@ generate-age-from-ssh:
 get-public-age-key:
    nix shell nixpkgs#age -c age-keygen -y ~/.config/sops/age/keys.txt

+# Get the public ssh key from the current user
+get-public-ssh-key:
+    cat ~/.ssh/id_ed25519.pub
+
 # Edit the SOPS secrets file
 edit-secrets:
    nix run nixpkgs#sops -- shared/secrets/secrets.yaml
--- a/shared/modules/security/default.nix
+++ b/shared/modules/security/default.nix
@ -1,6 +1,7 @@
 {
  imports = [
    ./sops.nix
+    ./ssh.nix
    ./yubikey.nix
  ];

--- a/shared/modules/security/ssh.nix
+++ b/shared/modules/security/ssh.nix
@ -0,0 +1,13 @@
+# /nix/store/<hash>/etc/ssh/ssh_config
+{
+  programs.ssh.knownHosts =
+    let
+      domain = "dns.martials.no";
+    in
+    {
+      desktop = {
+        extraHostNames = [ "desktop.${domain}" ];
+        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSzXyTuQyTrWsfORQbvgrqt/33+hfSUDXeMg6D1T2wz";
+      };
+    };
+}
--- a/shared/modules/users.nix
+++ b/shared/modules/users.nix
@ -5,7 +5,7 @@ in
 {
  users.users.${username} = {
    isNormalUser = true;
-    hashedPasswordFile = config.sops.secrets.password.path;
+    hashedPasswordFile = config.sops.secrets.password-hash.path;
    description = username;
    extraGroups = [
      "networkmanager"
Author	SHA1	Message	Date
Martin Berg Alstad	55f7a37aaa	✨ [shared] Added ssh config for desktop. Justfile to get pub ssh	2025-05-15 21:14:05 +02:00
Martin Berg Alstad	48ff2cdfd2	💥 [pi4] Caddy redirect from kitchenowl to grocery	2025-05-15 20:48:00 +02:00