creds: change machine-id

diff --git a/hosts/aubergine.nix b/hosts/aubergine.nix
index a1d8175fa57ed55af21dc62247ce3605b6dc046c..2c8bc764ca999b4240accd6296ecae421a12cf87 100644 (file)
--- a/hosts/aubergine.nix
+++ b/hosts/aubergine.nix
@@ -13,10 +13,6 @@ imports = [
 # Lower kernel's security for better performances
 boot.kernelParams = [ "mitigations=off" ];
 
-# Setting the machine-id avoids to reencrypt all credentials
-# when reinstalling NixOS on a new drive.
-environment.etc.machine-id.source = aubergine/machine-id;
-
 home-manager.users.julm = {
   imports = [ ../homes/julm.nix ];
 };

diff --git a/hosts/aubergine/.gitattributes b/hosts/aubergine/.gitattributes
index 07035d18a8f37f466dcb556dfea2cb1659cb6fd8..c9b036e7429595dd752cc6ec6a61c03e171881c6 100644 (file)
--- a/hosts/aubergine/.gitattributes
+++ b/hosts/aubergine/.gitattributes
@@ -4,4 +4,3 @@
 *.pem      filter=git-crypt-aubergine diff=git-crypt-aubergine
 *.pub      filter=git-crypt-aubergine diff=git-crypt-aubergine
 .gpg-id    filter=git-crypt-aubergine diff=git-crypt-aubergine
-machine-id filter=git-crypt-aubergine diff=git-crypt-aubergine

diff --git a/hosts/aubergine/hardware.nix b/hosts/aubergine/hardware.nix
index 67c9faf040208ee768d61462e3b5772f5b868d0f..fd0ca42380fc624a10c96e5617b1368e6180e16b 100644 (file)
--- a/hosts/aubergine/hardware.nix
+++ b/hosts/aubergine/hardware.nix
@@ -7,6 +7,16 @@ imports = [
   ../../nixos/profiles/zramSwap.nix
 ];
 
+# Setting the machine-id avoids to reencrypt all credentials
+# when reinstalling NixOS on a new drive.
+# Manually generated with : uuidgen | tr -d -
+environment.etc.machine-id.text = "be4a9e8cde1145c1bfcff894e36206d6";
+
+# The 32-bit host id of the host, formatted as 8 hexadecimal characters.
+# You should try to make this id unique among your hosts.
+# Manually generated with : uuidgen | head -c8
+networking.hostId = "408a404a";
+
 /*
 boot.loader.efi = {
   canTouchEfiVariables = true;
@@ -48,11 +58,6 @@ swapDevices = [
 ];
 */
 
-# The 32-bit host id of the host, formatted as 8 hexadecimal characters.
-# You should try to make this id unique among your hosts.
-# Manually generated with : head -c4 /dev/urandom | od -A none -t x4 | cut -d ' ' -f 2
-networking.hostId = "408a404a";
-
 boot.supportedFilesystems = [ /*"ntfs"*/ "vfat" ];
 boot.extraModulePackages = [
   #config.boot.kernelPackages.exfat-nofuse

diff --git a/hosts/aubergine/machine-id b/hosts/aubergine/machine-id
deleted file mode 100644 (file)
index 3870d2b..0000000
Binary files a/hosts/aubergine/machine-id and /dev/null differ

diff --git a/hosts/aubergine/wireguard/wg-intra/privateKey.cred b/hosts/aubergine/wireguard/wg-intra/privateKey.cred
index abeb84aa0cfa8665e3d406c1e44061af6e58fe9a..ec8e7de80763a4b4313710359b0a2ee5b89354f0 100644 (file)
Binary files a/hosts/aubergine/wireguard/wg-intra/privateKey.cred and b/hosts/aubergine/wireguard/wg-intra/privateKey.cred differ

diff --git a/hosts/oignon.nix b/hosts/oignon.nix
index 13f73249a4ca6cf4bacdb762df08b3c6c95d9c93..16f24a9c720c5fd2ae575d9ca3cbf6178c1da782 100644 (file)
--- a/hosts/oignon.nix
+++ b/hosts/oignon.nix
@@ -89,10 +89,6 @@ nix.sshServe = {
   ];
 };
 
-# Setting the machine-id avoids to reencrypt all credentials
-# when reinstalling NixOS on a new drive.
-environment.etc.machine-id.source = oignon/machine-id;
-
 environment.systemPackages = [
   pkgs.riseup-vpn # Can't be installed by home-manager because it needs to install policy-kit rules
 ];

diff --git a/hosts/oignon/.gitattributes b/hosts/oignon/.gitattributes
index 66ecbe6dd9607b6becddeda45fa28a63105e4bb7..e4bc1e8388ab63d2cf8d4c27257408260fbb8fd1 100644 (file)
--- a/hosts/oignon/.gitattributes
+++ b/hosts/oignon/.gitattributes
@@ -4,4 +4,3 @@
 *.pem      filter=git-crypt-oignon diff=git-crypt-oignon
 *.pub      filter=git-crypt-oignon diff=git-crypt-oignon
 .gpg-id    filter=git-crypt-oignon diff=git-crypt-oignon
-machine-id filter=git-crypt-oignon diff=git-crypt-oignon

diff --git a/hosts/oignon/hardware.nix b/hosts/oignon/hardware.nix
index 503d47b76c2a2110f19534b375dac74a538cb6b1..46343e98194c21adf07975fe08ca2cfba0d8dd35 100644 (file)
--- a/hosts/oignon/hardware.nix
+++ b/hosts/oignon/hardware.nix
@@ -6,6 +6,16 @@ imports = [
   ../../nixos/profiles/zramSwap.nix
 ];
 
+# Setting the machine-id avoids to reencrypt all credentials
+# when reinstalling NixOS on a new drive.
+# Manually generated with : uuidgen | tr -d -
+environment.etc.machine-id.text = "46e396e54c264a3594d21de5c519dccf";
+
+# The 32-bit host id of the host, formatted as 8 hexadecimal characters.
+# You should try to make this id unique among your hosts.
+# Manually generated with : uuidgen | head -c8
+networking.hostId = "ce53d0c3";
+
 /*
 boot.loader.efi = {
   canTouchEfiVariables = true;
@@ -47,11 +57,6 @@ swapDevices = [
   }
 ];
 
-# The 32-bit host id of the host, formatted as 8 hexadecimal characters.
-# You should try to make this id unique among your hosts.
-# Manually generated with : head -c4 /dev/urandom | od -A none -t x4 | cut -d ' ' -f 2
-networking.hostId = "ce53d0c3";
-
 boot.supportedFilesystems = [ "ntfs" "vfat" ];
 
 fileSystems."/" =

diff --git a/hosts/oignon/machine-id b/hosts/oignon/machine-id
deleted file mode 100644 (file)
index 79886fb..0000000
Binary files a/hosts/oignon/machine-id and /dev/null differ

diff --git a/hosts/oignon/nix/secret-key-files.priv.pem.cred b/hosts/oignon/nix/secret-key-files.priv.pem.cred
index bcee83d091043b5af9f68d25b5ac75b26b1fbbee..7a9646daf0661df7fffd22ee05ed9fcd485c4725 100644 (file)
Binary files a/hosts/oignon/nix/secret-key-files.priv.pem.cred and b/hosts/oignon/nix/secret-key-files.priv.pem.cred differ

diff --git a/hosts/oignon/wireguard/wg-intra/privateKey.cred b/hosts/oignon/wireguard/wg-intra/privateKey.cred
index 43d740130151ad5ed67be131f8f103adcf6cf2b8..018f4d40647b134519c798f2b40366e16ddb615f 100644 (file)
Binary files a/hosts/oignon/wireguard/wg-intra/privateKey.cred and b/hosts/oignon/wireguard/wg-intra/privateKey.cred differ

diff --git a/hosts/patate/.gitattributes b/hosts/patate/.gitattributes
index 5aec21e7a99baf9783f491df3942625f8689ee89..6c68112ae6b7c0c03c45a20e3e8b9332b3328717 100644 (file)
--- a/hosts/patate/.gitattributes
+++ b/hosts/patate/.gitattributes
@@ -4,4 +4,3 @@
 *.pub      filter=git-crypt-patate diff=git-crypt-patate
 *.pem      filter=git-crypt-patate diff=git-crypt-patate
 .gpg-id    filter=git-crypt-patate diff=git-crypt-patate
-machine-id filter=git-crypt-patate diff=git-crypt-patate

diff --git a/nixos/profiles/wireguard/wg-intra.nix b/nixos/profiles/wireguard/wg-intra.nix
index 73c110602c68b5cd8da34c7668abc2d9d28078fa..e76def9a10a344776ca275c4afb63728a936f96a 100644 (file)
--- a/nixos/profiles/wireguard/wg-intra.nix
+++ b/nixos/profiles/wireguard/wg-intra.nix
@@ -29,7 +29,7 @@ networking.wireguard.interfaces.${wgIface} = lib.recursiveUpdate
         (removeAttrs
           (lib.filterAttrs (peerName: _: config.networking.wireguard.${wgIface}.peers.${peerName}.enable) peers)
           [hostName]);
-    privateKeyFile = "$CREDENTIALS_DIRECTORY/privateKey";
+    privateKeyFile = "\$CREDENTIALS_DIRECTORY/privateKey";
 
     # Set the MTU to a minimum
     # (IPv4 requires at least 68 but it's 1280 for IPv6).