[NixOS] Provide passphrase when importing gpg key

This commit is contained in:
Ivan Malison 2023-08-22 19:14:08 -06:00
parent 8faca502c7
commit 3c1619c598
3 changed files with 48 additions and 1 deletions

View File

@ -6,6 +6,7 @@
inputs.agenix.packages."${pkgs.system}".default
];
age.secrets.gpg-keys.file = ./secrets/gpg-keys.age;
age.secrets.gpg-passphrase.file = ./secrets/gpg-passphrase.age;
systemd.user.services.import-gpg-key = {
Unit = {
@ -23,7 +24,8 @@
Restart = "onfailure";
ExecStart =
let path = config.age.secrets.gpg-keys.path;
in "${pkgs.gnupg}/bin/gpg --batch --import ${path}";
passphrasePath = config.age.secrets.gpg-passphrase.path;
in "${pkgs.gnupg}/bin/gpg --pinentry-mode loopback --passphrase-file ${passphrasePath} --import ${path}";
};
};
});

View File

@ -0,0 +1,44 @@
age-encryption.org/v1
-> ssh-ed25519 ZgrTqA Crvk4lZGqUPHWFVHoMHL6wTXLqgOwfYWcQRI1GR8fCo
95KzRsEvEgK7KoBGB9V0XEHoMat3x+C5mU/HoaQmOBQ
-> ssh-ed25519 ZaBdSg TuQ9k+CyR2Fog+BxOmqP+hvqw63qzTkJTu0H2sBVZD0
HeLbVIYN3gCKq1K212cAKqmdxwvRxl2kssRtoIKe8u0
-> ssh-ed25519 MHZylw i91Etee30Plo+zKWe41RsPITr0yRsw3GmX9UTFgIB1w
QFf3/DS2/5AiyiXC9oiighxzdP/qsAN4A+JOo3CPPxc
-> ssh-rsa gwJx0Q
xLrGVWlIyyfj92zF2hthtntxY8mBFuPvb/rJyI2DJ3brG7gFIr8w5k4yZyicT/X2
nbucLPwAbQ4SQUs0cadHcA4JI+2C3VUudMqAXMyC1Fkv/ql13DLuy9bPucgDHUU8
nc8FDJ6iPxypnD7IgTSw+BcNlKcskOoL0zDxVyXcsq2js3W/9fc2P5D6lCZ1ZIWb
Z5P+k6ZwFpeRBrm4zrnLr5pPU/3cUBuEyR/EVEWh0kYXlg2VpvBOcHqrZfuxAVxE
eshb0TSZPhP+OaewXkWnS2slLEPS7QGeEVfQpwF1q50LAUiqw4Uwh8dIVQz5xAY9
YZvOGGZkzFuVa9dJPA4X8w
-> ssh-ed25519 YFIoHA B/icDEIQH0u/GqDhO90QgUbP03UCnxpSPw6isfdcjRs
RndPZzM2yWqgrbALMbNsf2oxBCjgkNKcFl0FZd27n1w
-> ssh-ed25519 KQfiow 3Geq61Xd0m59b2FIIrgZP2wheXDiNiC/pVyId1fTDwY
m3c0/OZNR2nssBh8nAjlwVp6UpeDYaZphiBNdndpFG8
-> ssh-ed25519 kScIxg mzfbaeTVFDX384nmohh3Nsht2uXIqHei3mlgaC2fm2w
/ERHHlPIHau33TMLqgL1EGcfOl87/ofN3PW/g0ysGNg
-> ssh-ed25519 HzX1zw hYappU4Fqrb1x8ZDlOQXCilsArhFwlFkJxNoygF4jQ0
hTeadEzZ6F+I9d2bXidBRNfbQgcGsSePtb+HzWqHfBI
-> ssh-ed25519 KQfiow /LRG537/z+OHDhK5Fl1i3uJZO8Y1KY+3x9hn0zIVTTo
dfulMIkTSg35STjGPXmqNJ0ATM8rgJAuVpexBcOo2kI
-> ssh-ed25519 1o2X0w WTK2J/tOSMm/tW7wHQrQla2HH4cdj+j9rM7CMVZZoCk
bEtjp3iXkD6tanBS6tvsBQ85Yd3MQOXWgjsf0KCeWKw
-> ssh-ed25519 KQ5iUA r7eMLpwOF+PfvP0Z8CtC1y8tz2XCL6chBID2s9n5Vg8
WiNsSDcafBCnYXR51fjNe1AqWzQexLwZGhEwITYFzso
-> ssh-ed25519 0eS5+A xHVBjsGS8jX6DNiYen0mUJe4dUi9ayYjqwxnIRAjDls
wQUPdJmf5s7RtygtcSaCPHHqC24dZGxyM0HJVqSTheQ
-> ssh-ed25519 9/4Prw vYEnPBSo0LfS6L0oUVgbFVhfE2RFCnbFUWYDPS6UlhU
U5lw/k/G/KX4JzD7zUohVGnERfeh/wJu9B9Q7OSiE8w
-> ssh-ed25519 gAk3+Q LSVYDdzb/X7yw4U0wi4v1w2hnhCKiqxMFol1DwsioGA
TwOQRpeYWtcuF/SCf4IhvapkXt3IzKbL+6TYSwMYZj8
-> ssh-ed25519 X6eGtQ 7AkAvWIx9b6NTZadb6c9Y+OsyLIYhtilCrXNqJObEg0
Sf347ATzrPaf4bch3H3TPNbCiBNewTuDrk8ap9dZipU
-> ssh-ed25519 0ma8Cw oXWdHur4lg5biytTl1ixUv5P40nHHg31NNoxfzGJUTo
Q4nNfFnXiOhLVrLZIWsIIH9QB1T3v9qIyYH5bTa7hWk
-> QbL-grease t1 K-'
0rLMhdyodWAFmH1zD9QKXLcxfJaSp4Ud1qiPDHzenbzE0C5bqDP9PjvVTL85Tgkh
MY0D7KlIw79dN3t0drnuLR3Y2GmWFmA4wsgU2/nTU5nw5izYuYw
--- PLCCiAtKWcacH4p370GCBv2qUPQkQR6h4is8eorrfOQ
^<03>NêáÝoj4C H1ºr¶5„Ôç
|Æ+í 3öz82 €¹å}Ä]0

View File

@ -2,5 +2,6 @@ let keys = (import ../keys.nix);
in
{
"gpg-keys.age".publicKeys = keys.agenixKeys;
"gpg-passphrase.age".publicKeys = keys.agenixKeys;
"cache-priv-key.pem.age".publicKeys = keys.agenixKeys;
}