[NixOS] Provide passphrase when importing gpg key
This commit is contained in:
parent
8faca502c7
commit
3c1619c598
@ -6,6 +6,7 @@
|
||||
inputs.agenix.packages."${pkgs.system}".default
|
||||
];
|
||||
age.secrets.gpg-keys.file = ./secrets/gpg-keys.age;
|
||||
age.secrets.gpg-passphrase.file = ./secrets/gpg-passphrase.age;
|
||||
|
||||
systemd.user.services.import-gpg-key = {
|
||||
Unit = {
|
||||
@ -23,7 +24,8 @@
|
||||
Restart = "onfailure";
|
||||
ExecStart =
|
||||
let path = config.age.secrets.gpg-keys.path;
|
||||
in "${pkgs.gnupg}/bin/gpg --batch --import ${path}";
|
||||
passphrasePath = config.age.secrets.gpg-passphrase.path;
|
||||
in "${pkgs.gnupg}/bin/gpg --pinentry-mode loopback --passphrase-file ${passphrasePath} --import ${path}";
|
||||
};
|
||||
};
|
||||
});
|
||||
|
44
nixos/secrets/gpg-passphrase.age
Normal file
44
nixos/secrets/gpg-passphrase.age
Normal file
@ -0,0 +1,44 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 ZgrTqA Crvk4lZGqUPHWFVHoMHL6wTXLqgOwfYWcQRI1GR8fCo
|
||||
95KzRsEvEgK7KoBGB9V0XEHoMat3x+C5mU/HoaQmOBQ
|
||||
-> ssh-ed25519 ZaBdSg TuQ9k+CyR2Fog+BxOmqP+hvqw63qzTkJTu0H2sBVZD0
|
||||
HeLbVIYN3gCKq1K212cAKqmdxwvRxl2kssRtoIKe8u0
|
||||
-> ssh-ed25519 MHZylw i91Etee30Plo+zKWe41RsPITr0yRsw3GmX9UTFgIB1w
|
||||
QFf3/DS2/5AiyiXC9oiighxzdP/qsAN4A+JOo3CPPxc
|
||||
-> ssh-rsa gwJx0Q
|
||||
xLrGVWlIyyfj92zF2hthtntxY8mBFuPvb/rJyI2DJ3brG7gFIr8w5k4yZyicT/X2
|
||||
nbucLPwAbQ4SQUs0cadHcA4JI+2C3VUudMqAXMyC1Fkv/ql13DLuy9bPucgDHUU8
|
||||
nc8FDJ6iPxypnD7IgTSw+BcNlKcskOoL0zDxVyXcsq2js3W/9fc2P5D6lCZ1ZIWb
|
||||
Z5P+k6ZwFpeRBrm4zrnLr5pPU/3cUBuEyR/EVEWh0kYXlg2VpvBOcHqrZfuxAVxE
|
||||
eshb0TSZPhP+OaewXkWnS2slLEPS7QGeEVfQpwF1q50LAUiqw4Uwh8dIVQz5xAY9
|
||||
YZvOGGZkzFuVa9dJPA4X8w
|
||||
-> ssh-ed25519 YFIoHA B/icDEIQH0u/GqDhO90QgUbP03UCnxpSPw6isfdcjRs
|
||||
RndPZzM2yWqgrbALMbNsf2oxBCjgkNKcFl0FZd27n1w
|
||||
-> ssh-ed25519 KQfiow 3Geq61Xd0m59b2FIIrgZP2wheXDiNiC/pVyId1fTDwY
|
||||
m3c0/OZNR2nssBh8nAjlwVp6UpeDYaZphiBNdndpFG8
|
||||
-> ssh-ed25519 kScIxg mzfbaeTVFDX384nmohh3Nsht2uXIqHei3mlgaC2fm2w
|
||||
/ERHHlPIHau33TMLqgL1EGcfOl87/ofN3PW/g0ysGNg
|
||||
-> ssh-ed25519 HzX1zw hYappU4Fqrb1x8ZDlOQXCilsArhFwlFkJxNoygF4jQ0
|
||||
hTeadEzZ6F+I9d2bXidBRNfbQgcGsSePtb+HzWqHfBI
|
||||
-> ssh-ed25519 KQfiow /LRG537/z+OHDhK5Fl1i3uJZO8Y1KY+3x9hn0zIVTTo
|
||||
dfulMIkTSg35STjGPXmqNJ0ATM8rgJAuVpexBcOo2kI
|
||||
-> ssh-ed25519 1o2X0w WTK2J/tOSMm/tW7wHQrQla2HH4cdj+j9rM7CMVZZoCk
|
||||
bEtjp3iXkD6tanBS6tvsBQ85Yd3MQOXWgjsf0KCeWKw
|
||||
-> ssh-ed25519 KQ5iUA r7eMLpwOF+PfvP0Z8CtC1y8tz2XCL6chBID2s9n5Vg8
|
||||
WiNsSDcafBCnYXR51fjNe1AqWzQexLwZGhEwITYFzso
|
||||
-> ssh-ed25519 0eS5+A xHVBjsGS8jX6DNiYen0mUJe4dUi9ayYjqwxnIRAjDls
|
||||
wQUPdJmf5s7RtygtcSaCPHHqC24dZGxyM0HJVqSTheQ
|
||||
-> ssh-ed25519 9/4Prw vYEnPBSo0LfS6L0oUVgbFVhfE2RFCnbFUWYDPS6UlhU
|
||||
U5lw/k/G/KX4JzD7zUohVGnERfeh/wJu9B9Q7OSiE8w
|
||||
-> ssh-ed25519 gAk3+Q LSVYDdzb/X7yw4U0wi4v1w2hnhCKiqxMFol1DwsioGA
|
||||
TwOQRpeYWtcuF/SCf4IhvapkXt3IzKbL+6TYSwMYZj8
|
||||
-> ssh-ed25519 X6eGtQ 7AkAvWIx9b6NTZadb6c9Y+OsyLIYhtilCrXNqJObEg0
|
||||
Sf347ATzrPaf4bch3H3TPNbCiBNewTuDrk8ap9dZipU
|
||||
-> ssh-ed25519 0ma8Cw oXWdHur4lg5biytTl1ixUv5P40nHHg31NNoxfzGJUTo
|
||||
Q4nNfFnXiOhLVrLZIWsIIH9QB1T3v9qIyYH5bTa7hWk
|
||||
-> QbL-grease t1 K-'
|
||||
0rLMhdyodWAFmH1zD9QKXLcxfJaSp4Ud1qiPDHzenbzE0C5bqDP9PjvVTL85Tgkh
|
||||
MY0D7KlIw79dN3t0drnuLR3Y2GmWFmA4wsgU2/nTU5nw5izYuYw
|
||||
--- PLCCiAtKWcacH4p370GCBv2qUPQkQR6h4is8eorrfOQ
|
||||
^<03>NêáÝoj4C H1ºr¶5„Ôç
|
||||
|Æ+í 3öz82 €¹å}Ä]0
|
@ -2,5 +2,6 @@ let keys = (import ../keys.nix);
|
||||
in
|
||||
{
|
||||
"gpg-keys.age".publicKeys = keys.agenixKeys;
|
||||
"gpg-passphrase.age".publicKeys = keys.agenixKeys;
|
||||
"cache-priv-key.pem.age".publicKeys = keys.agenixKeys;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user