From 42d0c61105b904c57e1e2494649b1993a5818804 Mon Sep 17 00:00:00 2001 From: "Collin J. Doering" Date: Fri, 27 Sep 2024 16:46:41 -0400 Subject: [PATCH] desktop: Refactor guix signing keys into files; add genenetwork * .guix/rekahsoft/guix-config/desktop.scm: Use local-file's for guix signing keys * .pubkeys/guix/cuirass-genenetwork-org.pub: (new) guix signing key * .pubkeys/guix/cuirass-nonguix-org.pub: guix signing key (previous in source) * .pubkeys/guix/guix-ci-home-rekahsoft-ca.pub: guix signing key (previous in source) * .pubkeys/ssh/*.pub: Moved from .pubkeys/*.pub --- .guix/rekahsoft/guix-config/desktop.scm | 37 ++++++++------------- .pubkeys/guix/cuirass-genenetwork-org.pub | 6 ++++ .pubkeys/guix/cuirass-nonguix-org.pub | 6 ++++ .pubkeys/guix/guix-ci-home-rekahsoft-ca.pub | 6 ++++ .pubkeys/{ => ssh}/ed25519-861CD08E.pub | 0 .pubkeys/{ => ssh}/rsa2048-ED51AB07.pub | 0 .pubkeys/{ => ssh}/rsa4096-6765FB18.pub | 0 7 files changed, 32 insertions(+), 23 deletions(-) create mode 100644 .pubkeys/guix/cuirass-genenetwork-org.pub create mode 100644 .pubkeys/guix/cuirass-nonguix-org.pub create mode 100644 .pubkeys/guix/guix-ci-home-rekahsoft-ca.pub rename .pubkeys/{ => ssh}/ed25519-861CD08E.pub (100%) rename .pubkeys/{ => ssh}/rsa2048-ED51AB07.pub (100%) rename .pubkeys/{ => ssh}/rsa4096-6765FB18.pub (100%) diff --git a/.guix/rekahsoft/guix-config/desktop.scm b/.guix/rekahsoft/guix-config/desktop.scm index 6a1d76c..35c8fc2 100644 --- a/.guix/rekahsoft/guix-config/desktop.scm +++ b/.guix/rekahsoft/guix-config/desktop.scm @@ -21,10 +21,16 @@ %rkd-desktop-kernel-arguments rkd-desktop)) +(define %guix-signing-keys + (list + (local-file "../../../.pubkeys/guix/cuirass-genenetwork-org.pub") + (local-file "../../../.pubkeys/guix/cuirass-nonguix-org.pub") + (local-file "../../../.pubkeys/guix/guix-ci-home-rekahsoft-ca.pub"))) + ;; Keys used for ssh access -(define collin-ed25519-key (local-file "../../../.pubkeys/ed25519-861CD08E.pub")) -(define collin-rsa4096-key (local-file "../../../.pubkeys/rsa4096-6765FB18.pub")) -(define collin-rsa-key (local-file "../../../.pubkeys/rsa2048-ED51AB07.pub")) +(define collin-ed25519-key (local-file "../../../.pubkeys/ssh/ed25519-861CD08E.pub")) +(define collin-rsa4096-key (local-file "../../../.pubkeys/ssh/rsa4096-6765FB18.pub")) +(define collin-rsa-key (local-file "../../../.pubkeys/ssh/rsa2048-ED51AB07.pub")) (define %rkd-desktop-services (append @@ -77,26 +83,11 @@ (guix-service-type config => (guix-configuration (inherit config) - (substitute-urls - (append (list "https://substitutes.nonguix.org" - "https://guix-ci.home.rekahsoft.ca") - %default-substitute-urls)) - (authorized-keys - (append (list (plain-file "non-guix.pub" - "(public-key - (ecc - (curve Ed25519) - (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#) - ) - )") - (plain-file "rekahsoft-guix.pub" - "(public-key - (ecc - (curve Ed25519) - (q #13EBA5788C96A57B32273782E8CB24834338B7DC00D7C0F103CA2C5576409A78#) - ) - )")) - %default-authorized-guix-keys))))))) + (authorized-keys (append %guix-signing-keys %default-authorized-guix-keys)) + (substitute-urls (append (list "https://cuirass.genenetwork.org" + "https://substitutes.nonguix.org" + "https://guix-ci.home.rekahsoft.ca") + %default-substitute-urls))))))) (define %rkd-desktop-kernel-arguments (cons* "resume=/dev/mapper/vg0-swap" diff --git a/.pubkeys/guix/cuirass-genenetwork-org.pub b/.pubkeys/guix/cuirass-genenetwork-org.pub new file mode 100644 index 0000000..1350f6d --- /dev/null +++ b/.pubkeys/guix/cuirass-genenetwork-org.pub @@ -0,0 +1,6 @@ +(public-key + (ecc + (curve Ed25519) + (q #9578AD6CDB23BA51F9C4185D5D5A32A7EEB47ACDD55F1CCB8CEE4E0570FBF961#) + ) + ) diff --git a/.pubkeys/guix/cuirass-nonguix-org.pub b/.pubkeys/guix/cuirass-nonguix-org.pub new file mode 100644 index 0000000..32ddac6 --- /dev/null +++ b/.pubkeys/guix/cuirass-nonguix-org.pub @@ -0,0 +1,6 @@ +(public-key + (ecc + (curve Ed25519) + (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#) + ) + ) diff --git a/.pubkeys/guix/guix-ci-home-rekahsoft-ca.pub b/.pubkeys/guix/guix-ci-home-rekahsoft-ca.pub new file mode 100644 index 0000000..f7af8d8 --- /dev/null +++ b/.pubkeys/guix/guix-ci-home-rekahsoft-ca.pub @@ -0,0 +1,6 @@ +(public-key + (ecc + (curve Ed25519) + (q #13EBA5788C96A57B32273782E8CB24834338B7DC00D7C0F103CA2C5576409A78#) + ) + ) diff --git a/.pubkeys/ed25519-861CD08E.pub b/.pubkeys/ssh/ed25519-861CD08E.pub similarity index 100% rename from .pubkeys/ed25519-861CD08E.pub rename to .pubkeys/ssh/ed25519-861CD08E.pub diff --git a/.pubkeys/rsa2048-ED51AB07.pub b/.pubkeys/ssh/rsa2048-ED51AB07.pub similarity index 100% rename from .pubkeys/rsa2048-ED51AB07.pub rename to .pubkeys/ssh/rsa2048-ED51AB07.pub diff --git a/.pubkeys/rsa4096-6765FB18.pub b/.pubkeys/ssh/rsa4096-6765FB18.pub similarity index 100% rename from .pubkeys/rsa4096-6765FB18.pub rename to .pubkeys/ssh/rsa4096-6765FB18.pub