manage a DigitalOcean virtual machine with nixos

Add a new machine on DigitalOcean and provision it using terraform +
nixos-anywhere. This takes care of bringing the machine up on nixos
completely, and use a static SSH host key in order to configure
wireguard at the same time.

3 files changed, 17 insertions, 0 deletions

diff --git a/secrets/do/host-ed25519-key.age b/secrets/do/host-ed25519-key.age
new file mode 100644
index 0000000..d73ed26
--- /dev/null
+++ b/secrets/do/host-ed25519-key.age
diff --git a/secrets/do/wireguard.age b/secrets/do/wireguard.age
new file mode 100644
index 0000000..62c7d99
--- /dev/null
+++ b/secrets/do/wireguard.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 pFjJaA PZwR2gnJbrjUz0ym7cSy5Fp7uJ2FYtuXdwpOvNMkbC4
+2hglFicM8rIy0fZOs99Om3+Q9fD8uNgiuda3QG++kIE
+-> ssh-ed25519 8Nmf6A 5SNPolSGlqSH9MFjY2zlqsp8tHTm2t8Sdw2UPphJKlU
+vpJ/24lPuaqnN4SQvDOK8buu9w7MQXyFZKU+VuXkj30
+--- 0R9ApzzbQu97K4PuPVW3Zmq0w/ppKAhwlKJu+mh0CvI
+�ٔj��JU30�#�G��e�[���d�ũ#SSB7%�#�>��	��
�b8-I��������G`dU��
L�^�
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 52f2311..3ef9cd2 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -2,6 +2,7 @@ let
   hosts = {
     vm-synology = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHKZAKlqOU6bSuMaaZAsYJdZnmNASWuIbbrrOjB6yGb8 root@vm-synology";
     mba = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLQTIPZraE+jpMqGkh8yUhNFzRJbMarX5Mky3nETw6c root@mba-m2";
+    do = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID6qsTQwvo6lUACTZKb4T+Je89bW3/BY4DB4aCTqfApz";
   };
   users = {
     fcuny = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdyJepi/NyO6d9eP8m48Ga/gdjB5ENHRXYM1ZqFZR8t";
@@ -41,4 +42,13 @@ in
     hosts.vm-synology
     hosts.mba
   ];
+  # this is the SSH key for the digital ocean droplet
+  # the public key is ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID6qsTQwvo6lUACTZKb4T+Je89bW3/BY4DB4aCTqfApz
+  "do/host-ed25519-key.age".publicKeys = [
+    users.fcuny
+  ];
+  "do/wireguard.age".publicKeys = [
+    users.fcuny
+    hosts.do
+  ];
 }