Skyworks/skyworks-Nix-infra

Fork: 0

Skyworks / skyworks-Nix-infra

History for skyworks-Nix-infra / secrets / skydick-ldap-bind.age

2026-03-25	61d8971 Browse files » fix xlab-gateway host key in secrets.nix and rekey ... The active host key on xlab-gateway is the original one (AAAAII+EKDpU...), not the replacement. Corrected and rekeyed. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> Dixiao-L committed on 25 Mar
8f61461 Browse files » add ylw ed25519 key: agenix access, SSH auth, rekey all secrets ... - Add ylw's ed25519 public key to secrets.nix admins list - Re-encrypt all .age secrets so ylw can decrypt - Add ed25519 key to ye-lw21 authorized SSH keys Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> Dixiao-L committed on 25 Mar
2026-03-15	ec5ead0 Browse files » skydick: enable LDAP-backed NSS for POSIX identity resolution ... Add users.ldap with nslcd pointed at ldap://10.0.0.1/ for passwd/group lookups. This is identity-only: loginPam=false keeps SSH/console auth local, and Samba stays on tdbsam until sambaSamAccount objects exist in LDAP. - Add agenix secret for LDAP bind credential (cn=query_user) - nss_initgroups_ignoreusers ALLLOCAL avoids boot-time NSS deadlock - Add openldap package for admin ldapsearch/ldapmodify - Update DATAPOOL.md to reflect LDAP identity model, numeric UID/GID in tmpfiles for LDAP-only users, and current auth boundaries Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 15 Mar

2026-03-25

61d8971
Browse files »

fix xlab-gateway host key in secrets.nix and rekey ...

The active host key on xlab-gateway is the original one
(AAAAII+EKDpU...), not the replacement. Corrected and rekeyed.

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>

Dixiao-L committed on 25 Mar

8f61461
Browse files »

add ylw ed25519 key: agenix access, SSH auth, rekey all secrets ...

- Add ylw's ed25519 public key to secrets.nix admins list
- Re-encrypt all .age secrets so ylw can decrypt
- Add ed25519 key to ye-lw21 authorized SSH keys

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>

Dixiao-L committed on 25 Mar

2026-03-15

ec5ead0
Browse files »

skydick: enable LDAP-backed NSS for POSIX identity resolution ...

Add users.ldap with nslcd pointed at ldap://10.0.0.1/ for passwd/group
lookups. This is identity-only: loginPam=false keeps SSH/console auth
local, and Samba stays on tdbsam until sambaSamAccount objects exist
in LDAP.

- Add agenix secret for LDAP bind credential (cn=query_user)
- nss_initgroups_ignoreusers ALLLOCAL avoids boot-time NSS deadlock
- Add openldap package for admin ldapsearch/ldapmodify
- Update DATAPOOL.md to reflect LDAP identity model, numeric UID/GID
  in tmpfiles for LDAP-only users, and current auth boundaries

Co-Authored-By: Claude Opus 4.6 <[email protected]>

Dixiao-L committed on 15 Mar