diff --git a/flake.nix b/flake.nix index 5d23a91..d7699a0 100644 --- a/flake.nix +++ b/flake.nix @@ -116,6 +116,7 @@ }; in { inherit (pkgs) + clerie-keys clerie-system-upgrade clerie-merge-nixfiles-update clerie-update-nixfiles diff --git a/hosts/web-2/clerie.nix b/hosts/web-2/clerie.nix index 8418948..5f2efeb 100644 --- a/hosts/web-2/clerie.nix +++ b/hosts/web-2/clerie.nix @@ -18,22 +18,28 @@ rev = "6ae72f9c8616fe005474a1244dbdf8efd61a07a0"; hash = "sha256-GBAclFkcIzCPi8P+UmATw01uzND3EoUYXiytjVnEjtc="; }; + locations."/ssh" = { + root = pkgs.clerie-keys; + }; locations."= /ssh/known_hosts" = { alias = pkgs.writeText "known_hosts" (import ../../lib/ssh-known-hosts.nix); extraConfig = '' types { } default_type "text/plain; charset=utf-8"; ''; }; + locations."/gpg" = { + root = pkgs.clerie-keys; + }; locations."~ ^/.well-known/openpgpkey/hu/[a-z0-9]+/?$" = { extraConfig = '' - default_type application/octet-stream; + types { } default_type application/octet-stream; add_header Access-Control-Allow-Origin * always; try_files /gpg/clerie@clerie.de =404; ''; }; locations."= /.well-known/openpgpkey/policy" = { extraConfig = '' - default_type application/octet-stream; + types { } default_type application/octet-stream; add_header Access-Control-Allow-Origin * always; ''; return = "200 ''"; diff --git a/pkgs/clerie-keys/default.nix b/pkgs/clerie-keys/default.nix new file mode 100644 index 0000000..bca481f --- /dev/null +++ b/pkgs/clerie-keys/default.nix @@ -0,0 +1,14 @@ +{ runCommand, gnupg, ... }: + +runCommand "clerie-keys" { + buildInputs = [ gnupg ]; +} '' + mkdir -p $out/{ssh,gpg} + cp ${../../users/clerie/ssh.pub} $out/ssh/clerie_id.pub + + export GNUPGHOME=$(pwd) + + gpg --import-options import-export --armor -o $out/gpg/clerie@clerie.de.asc --import ${../../users/clerie/gpg.asc} + gpg --import-options import-export -o $out/gpg/clerie@clerie.de --import ${../../users/clerie/gpg.asc} + gpg --import-options show-only --with-colons --fingerprint --import ${../../users/clerie/gpg.asc} | awk -F: '$1 == "fpr" {print $10;}' | head -1 > $out/gpg/clerie@clerie.de.fingerprint.txt +'' diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix index 9efff11..aed5107 100644 --- a/pkgs/overlay.nix +++ b/pkgs/overlay.nix @@ -1,4 +1,5 @@ final: prev: { + clerie-keys = final.callPackage ./clerie-keys {}; clerie-system-upgrade = final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {}; clerie-merge-nixfiles-update = final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {}; clerie-update-nixfiles = final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {}; diff --git a/users/clerie/gpg.asc b/users/clerie/gpg.asc new file mode 100644 index 0000000..510925d --- /dev/null +++ b/users/clerie/gpg.asc @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGYdTGwBEACj6qML9iydxEqXWNGakFTRaNNf+a7PBGSF6N4S21zJ3KOIENJH +NR5Rid6iKSa9j/z3eC2mqgxeSrQBlZ5jGp1yTaa83hdQFiB/XWEg7xR6XNRsoHSk +DohvzWB2RjAAd/QlQfLELjOXXSZQxBoPemt2nDpJTW6oC1BXZgaiezdxQhPDrakI +eGI/Ge1vMCyv3XBKdcSv9jIAeiEGK9/GLJ/rTUj5Pe3ie2GRdHifvwTdyXEc3pAo +TAmQo+xY5tchJFY7G4jhkel+tkhofb3+TSNZ1bqhJcidlk4DYwLhuY8D2Pdj7eye +652cJc69swWlb/id7lPuoMib1BgNAN4uH2qSNrEyFgi8YpuBQAR7kLDLO4roFNk1 +gyT/1knxmKiF6VGJy5vxFFTzs6qL2UEBeD05gJLbGNwseg9d/rEMXtsMd+07S7Rr +ZNIX9nxX2rqmNLgpZndjXn0ZsggF045vR9zVGVNePRoeTUu9uu0qXhOc7V0o27Qp +afX/tI2BWWSd6wUt+5znDPvapOAnhWomEFnDzD66ApVNPQf6QT9lYmwrGWZlw+ht +I2/YUMGxaeYG9auSCvq9wSysr/3BbCxUyUt8mUeSBDvIG3Bf8CRftd7XeYuIMtkd +xA5+7m9uZD+aszq12gCve+8ZPEsIUXXWGiAAGOfXVfoqKftySmaQUMCdtwARAQAB +tBljbGVyaWUgPGNsZXJpZUBjbGVyaWUuZGU+iQJXBBMBCABBFiEEDJgvh7evug9Q +T5CiYp50GUfIeSgFAmYdTGwCGwEFCQHhM4AFCwkIBwICIgIGFQoJCAsCBBYCAwEC +HgcCF4AACgkQYp50GUfIeSjVcw/9H3tVGWWT1Tso4H6MNsTuNWea9To7ZYYEt4NF +34ADa1Q1uBU3ew9f3oqqXRgTZLtPPJfRGKeXQqHKY4mTmg/70Lc2LoN5bOpIw/WF +7ygoyXsZJYDOCHgDINNcaQEvYKXoHVlNhCESKO7NI47FMx21gVn9+pCv3NoTg1OK +4V7G78n9bItRic38RgXeVajYAZ+kKdTmKo0igUWZXXV2sOtnrqJ0qg1m9ozEjRn3 +4nNJURJaTTDUQ2U2cahdK2EnLwW6YOrdZE9pyto+XImPmekb8fXF7Xsj/s2lGSEX +rkWGNpFf0wRyw7T1Z3skcH4ZOSP/ajMx6ugxi/r4R+hFTE2YmvrFuU2nY0WMoyTL +06PNB4wBzKBA/CT+r6Dn7ibRk7TASoOXSD+m0UUNJpoDgFyjJd+G9aoejQkM0WA4 +8NAOz/ig3dTYPTAK5rrPTDZPkbK/6LRG+p6nTEaLn8Md+MGRZ81Qb5vIrkjAS+x2 +6wYEqRRwZiCLBt865elakfccgvXuPzW4rjobHk3MWLPCHJdJPLgBnPIe+Ig2bat5 +LX8pA6voDcmhe7HsLA4fCCsu5FdA4iv/8/JS0N2cFb5CUeCGXVQMgTpBdcBdRBvO +JkBtwKkb5WIjcsmv3/hOUZVkF5+KG5kZMYt99bsBrcIEU7SES6GgQfMeXcIaYp7w +T6YkUg65Ag0EZh1NfwEQANnpsTZKASzYOhsUqg/9H3ZgB0hsn+OI+kZyy7wLSyNd +BQao3Y9lyWT5yFLYalBNCurIs/3Qfzxs3GtLjOug9tY42SvDD5mt6JZKSy9Dr6LY +QChwf3aqDTmzlY97gQ3nh6DnoWmOCjDz4R1HanefMHIxYVE201NUDW/NACM6kNr5 +Cx8C9MclW/Vr+6aRuntt+xcPbM9G7MwD/97lDYZWypqvT6f1JMYJ281cT2C/Jyqg +yhVUOYmQTe/KPFfiYyQdUVnU2qP+HX7Ws/Zps2E06EKj7Uzy64Ktlq2DGXTSOlua +YHFjcCCaIE+GiSjXlS5qvHS74osTNV4P2raOWTHfWXY/h6FzXPuIeIddOujQ5BD/ +Iqh3owCZI0h7HtKg/gb+gFzmCWIMSLRQy85FIC442apnRsvKgdd7OHDf2TFjAOVb +GZ1m/8et+bOPkcP4H59qHbxvr4JyWJgZpIDAfDWSn0PGE2XNuWREm5utbV9f32Bd +f/J6vZebH7FPCqp98sp7tqO8eHWEZk83Enx9y0BPiTaN6HlSbtM5XZmWo6mN1oP1 +wyXt3CTfI3U+tYGwRqvx9eAckLDf11BeThiLEUWxeFdTUVmKITR+vwEYSvcMzL8J +z0/ZZAxIaSZVC4ijqhAbFn42TNBVITtMR0iPd44PQww5ptPzAJcAIEUEB64gNk/J +ABEBAAGJBF8EGAEIACcWIQQMmC+Ht6+6D1BPkKJinnQZR8h5KAUCZh1NfwMbAgQF +CQHhM4ACLMFqIAQZAQgAHRYhBHQOQiYTJ+rM4XH+/72fVkgIcLrSBQJmHU1/AADR +8xAAmd4vlIGlt2xCpqgG4iKB44EWp5OcxQb1XV3ssnpzobu1s9QdyQv1MrHIKhQW +87DnHCkVmx9mkOu3eX6BfL8FpTim1UckBWch+t2qaoHCH/1Ef2rsDU9otU2+Qt+o +UtI0N5GLWDlnGJkR2ZDAeoughX0ph0Mjz/wf8zx+mKYtEMtixULXFYCtaFjn8z8I +QfD3J5ZNZHzNAXbHuliRwmWY8IwCoUwurhXiZOF5IeXBpHV6WDwxp1knqaoeKL2w +RRtwIIbTKX9MXMVgr6ojec+M97xG3Y0/8Nprcg/C2BNkF9rONx/zp+z1tpKjUmMP +LefxYsjQHogMsvWFz+iTqt9E0bEtO3Rw59ztxsnlt+GhAv+siU9mnm95ZYoCVgJA +vMbX+N6CaI7/hzwf3qDPZ6u7Etk4Wo9ZPJGRdgFtYMPTUsckzio+C619HhuDeLgx +ZgJ9e0yEMfl3mU46seLxw4GINSdrD5T+RC+mDMtEjnZ9KpUuXWA9j1JCq5q4bClG +laxDiwabITf1oYVN3KyInD4FZqsCbgHXFVs7cgPkywRNLwL5aFHYLMZxPGu4zTOA +CUxzwmj4N1Em9B2nQSKbbg9ds0JztzT1yUxDbQqgbO0MMw7iEs28xd4cn0zYQl50 +8B1JLzQHZOHOBeO5vfMHxvMUJFZvBtEMMaPPrPWVtqN8Zijaiw/+N9AQ5nOWnG8d +3JE0pz/ssxyc9Aa1vpT6+A3CbgtwT3V8mqICPSwauUWaLq+SBdxgXRsY3L5xNw7o +Z7W4AZcdVnSTIBaaJTlRBHupFpIQNgtnwuVB+RCuyI+wPtNKttmVC7+HH2Iff+4U ++SGd5a+2R0h0vIWSb/Ns7Y9rKHUV3viOoN5gFBmTSm0i9fZtnTzygdmlKTSNu96d +nyMtGNwoE0z3zRTzU34P7P6273gSu8jGlbSgLlCY38ddFE/qyd68eVKnBgYNWeKS +RrZlBwxCbRKmm22qSLx6Wx6I9KQG+D20MJkf1dr8jyqVVlZB13MMC3rSBvpwTQCj +nRsNsKr8HGIQoDIt4pUlg1REJw4nrK2Q/CoocaYyAdZPwo3JN4QTOH4Vd+ei8tCP +c+Q4m0zCQ3YDuJjK4IYpGQUteYIbEdZdd48INi37Iiii/uKA9md/DVKK7nvUR6ND +NAHJh0g8R+uD4ouVYWCwytZb3E2j1uYChROqJuwFGfenSo0j3hbbs2vz2RbG+Eoh +KANXaSw6utqfMKp1VqTJsXQGea0NCupiSWDMuG5vuce8bsgDmXcDiPyP2LP8IL1v +D85iAopgFsVFiO13b4lR23g/2eGUuKTZKfALFDHr1K5vvt+tlV4OnDvEwtFR8w2g +Qq2MaWU5l5+LhjA9i9h89XfD9mUw4PG5Ag0EZh1N/wEQAMQngDMdjuxFDIgnHrDd +r2IS3qCHTljpOV0eT3ADbRI2dEJ10wOX6f4jf4nU1C+Z6aEK8AsLu029SViLQ3W+ +/JbgwIQfErt9ALijIyXQGZkRMTnpoyWoTxKaZOlF+UaVa+QUEj8uV1lDieRx9gWj +GHLpQegStwbTdLm6JTTtiYyMRefk0fRn/Sr65v8YYuGagOFQAwq/MNmtvxvSGOvt +GUC/bkcopcUTOzdjpC5Ul+vcCRCtOw+jrH+kIV2nv93DUvSDGlhtHdpIZPDRC3lK +l63IjW0yvx1g93+sHL3Ir+unWEC215rQt4uOTdhiiv8n4qCjnpoOT1Ywb9P3qzrh +18VBD6xTpnhei871f67DWYSoVnVdtYi4Jn5THX1VJmF+E5MOJQBJEAp3kc1y5t3x +lRvunZKks9Hn/bypp5Y7GzJKdE/cdnU1X0YDfX+ycUibVHgflkfFNYoq2ue5U7rU +OTuTyA/w2p6d7MQ9qWB2flFbExr2SkPq5F1UKkQR4UZtILK/6/OS9PiV5G1+L48i +/CMFKdps2iGVr8XLqUTbeclWq1ZRaTmjvHWAcQyzmbgWX6KxZ4CPclmN12yl4K93 +LLkUe4786lfKLhpljc58vIp/zUafV/V7Iq8p4XY8W5EizJoaV0bRydGFV9jLqFFV +e5cSrdR5HxFEUN32HncX5qgHABEBAAGJAjMEGAEIACcWIQQMmC+Ht6+6D1BPkKJi +nnQZR8h5KAUCZh1N/wMbDAQFCQHhM4AAALUkD/9KrluPt56r563u4r2JKThcVYMd +mtURTlxNowsDoMNfI1w3/GCNTKhjOEeqL/9P0Qz+rQmYrglncVLuNkf/0WESHSq0 +STbS6Z6Yckrj4G+ky3YZCs+opmCOapoIxn3/U2fARRMQuoi1gcbcQl3JkJ3OdBNk +YsNEJQMLdjz0sE0dur5AYLhuxsN0KNQN2eF0F/N0lPpY7SIiRda5Y5yst+GnOMxR ++/V+nE9OYaap/WTZvRMOYPK3FU67Yt28Gj1NgCebLoako+8PPz1Suk/w2xz3qm7o +BnUWHbZOkhexCccKCl2WPG71k9pml2K55erR4yvN9hZURvpvoPOkHKtJcRiFEdyb +pzqARTooov1Lb0zvhfdfNMrlf2uRGerZlvRfBarcNFiwidBJB+TLslp3tNjvzyLi +zYPMARFJTDHFCqhPfN4lslmvyuJTT17lE9B6RgOPmOG0zj8Q00RDE7zW5FnSUm12 +LuMfNakFHYmBAdOn3Eg0vmHFs/97SlxwTavRPodNx/cMOB5Njqgp0s34JXAFDRQx +DEpX47gTpuutwtnLIkiTCMvUmd1Od93b734RrY79FJsSU4wzcmhexMjsy7RcgD8z +zfPuE43Rr4OQKo9DL/8z4JIzR7bQnHF7bWzwAcpJKCgFySexXzRZD00nPQ/ThrcC +aMEGxmH99KRZ/YH347kCDQRmHU5CARAAte1eM9eOwrShjL5wBAvAQEztg7bbrfU/ +KtHiMRsJglTverPxNmW8UEo6qfRTrgIQ+8SR+JFH+LsJTPMlOrBZ1jy22sBcZW8i +woU7q79hleaaJZKj+2sB1O1j9g6TvL4T2HKKOcNhiP6vyHy9fuih6gLqnp0MOh/3 +xEZZTJGJ6si3Can6MnxVw+q/0yX4aQea8qCHl+ObGpGb47ayGKRo4xzI5R7vERvM +7mnelB04Ozai52ApNmhnL7wPB9Tj/737gBJYcMFRHpCg9lbw3AEZl8kcsype6gqK +l2S0R65Qx/qKis0C3LU4w5hibRE1tjnGtzTOn6esbriPDR0ITatUoIaCEA7uC3HR +0LXJXOWvKDldwujun6YE2SPfYKejnL0RrsgDuN7ijoPwZnoEQ7OwGqVbJtfrpuYc +C3SOcBczL4aVicO4+w/YXyEvSvFZi1CysuqvhuH4OLPUJJcToORMYMVJ1pwDbIF7 +3LepPHa9CJGbXFcyxnPOlzz9EHeUYLXG+iWCE0ns7LC+xp/qy5zYbykGVaHjgieL +8gfThcHL9BErPQsfLYNmQ2aWEpFTKCIaIty1Aop6M4p3kcqct/iLazEZvjw/MBD2 +RpcHAGhYQ0gDC/saSkgrdHNRKi7BfArWnW17sjZ9w7DWjs1lkIWvuOx4lZfEIqUn +xe+dYVbUx/UAEQEAAYkCMwQYAQgAJxYhBAyYL4e3r7oPUE+QomKedBlHyHkoBQJm +HU5CAxsgBAUJAeEzgAAA7Z8QAJEZwrAzZ0/7eyM/hsg1heXC3G9YVzCSO+3nH5We +6EqqxI9TnRa3ZQrHLbUAEmW/MgmV5QuHrDq1/cJzFe6+fCPXhYH8qrYnvGEgiat6 +B2Qh6aRJpZrN2EVxw4piUTqBuNXmQCE0jrmeNfTYLjFFjinjyUGCjUJilBA+UzC0 +fXyex0Se4ayfrhAG7vidSbAYAiUwQpRP4N+AVORpYb0IqnRvo0ScPEUMmelzKWFK +j4awEUvw5qC5s74WsUa2QdPecj6KmRQNKjupJdQVmEMYy5nXfM6yKBfbX8C8e2Vm +iif/zu1p6tQAI9s1nFwbmexzmmXOWq+t1KNj+/8ZthtE2Jhy8iGSCbpMjkF3Diq6 +AU0O/9ReszcRBHJWavGta8Vfhs9YG2XJjt0JZvGQNjs3kJ0apLLUpJfh1s0Ez5sh +y7vmqlcrC9y86RrfGTOL7OeO30a8CVfGEZi5ut2EqmWKk9s6RwCAqxNn89XU4rCD +weGu/A/SRFy/KKzKhiY4pZCwUzDpslmlNelEWDXwOJmIfO0IbPWIb8yoZZpvYMWR +3oWqqWmw/IR/6xS7sKoKo3A6PVQRzWeLmywRjjfPlkMg5lE60zn6jdL+dyEXBfip +eioP7bhmesMcSxs89lJr6bJ6+gWm4/JJUOJgUFWUbZsjTb8iPITi+UJa1DWmesN0 +cnkT +=NbZJ +-----END PGP PUBLIC KEY BLOCK-----