From 8247d060a6cae65b2d63fd6bd3bf19ed9e66214c Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sun, 10 Aug 2025 13:56:28 -0700 Subject: manage a DigitalOcean virtual machine with nixos Add a new machine on DigitalOcean and provision it using terraform + nixos-anywhere. This takes care of bringing the machine up on nixos completely, and use a static SSH host key in order to configure wireguard at the same time. --- secrets/do/host-ed25519-key.age | Bin 0 -> 611 bytes secrets/do/wireguard.age | 7 +++++++ secrets/secrets.nix | 10 ++++++++++ 3 files changed, 17 insertions(+) create mode 100644 secrets/do/host-ed25519-key.age create mode 100644 secrets/do/wireguard.age (limited to 'secrets') diff --git a/secrets/do/host-ed25519-key.age b/secrets/do/host-ed25519-key.age new file mode 100644 index 0000000..d73ed26 Binary files /dev/null and b/secrets/do/host-ed25519-key.age differ diff --git a/secrets/do/wireguard.age b/secrets/do/wireguard.age new file mode 100644 index 0000000..62c7d99 --- /dev/null +++ b/secrets/do/wireguard.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 pFjJaA PZwR2gnJbrjUz0ym7cSy5Fp7uJ2FYtuXdwpOvNMkbC4 +2hglFicM8rIy0fZOs99Om3+Q9fD8uNgiuda3QG++kIE +-> ssh-ed25519 8Nmf6A 5SNPolSGlqSH9MFjY2zlqsp8tHTm2t8Sdw2UPphJKlU +vpJ/24lPuaqnN4SQvDOK8buu9w7MQXyFZKU+VuXkj30 +--- 0R9ApzzbQu97K4PuPVW3Zmq0w/ppKAhwlKJu+mh0CvI +ٔjJU30#Ge[dũ#SSB7%#> b8-IG`dUL^ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 52f2311..3ef9cd2 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -2,6 +2,7 @@ let hosts = { vm-synology = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHKZAKlqOU6bSuMaaZAsYJdZnmNASWuIbbrrOjB6yGb8 root@vm-synology"; mba = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLQTIPZraE+jpMqGkh8yUhNFzRJbMarX5Mky3nETw6c root@mba-m2"; + do = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID6qsTQwvo6lUACTZKb4T+Je89bW3/BY4DB4aCTqfApz"; }; users = { fcuny = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdyJepi/NyO6d9eP8m48Ga/gdjB5ENHRXYM1ZqFZR8t"; @@ -41,4 +42,13 @@ in hosts.vm-synology hosts.mba ]; + # this is the SSH key for the digital ocean droplet + # the public key is ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID6qsTQwvo6lUACTZKb4T+Je89bW3/BY4DB4aCTqfApz + "do/host-ed25519-key.age".publicKeys = [ + users.fcuny + ]; + "do/wireguard.age".publicKeys = [ + users.fcuny + hosts.do + ]; } -- cgit v1.2.3