dotfiles/nixos/secrets.nix

{ inputs, pkgs, ... }: {
  home-manager.users.imalison = ({ config, ... }: {
    imports = [ inputs.agenix.homeManagerModules.default ];
    age.identityPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
    home.packages = [
      inputs.agenix.packages."${pkgs.system}".default
    ];
    age.secrets.gpg-keys.file = ./secrets/gpg-keys.age;
    age.secrets.gpg-passphrase.file = ./secrets/gpg-passphrase.age;

    systemd.user.services.import-gpg-key = {
      Unit = {
        Description = "Import GPG private key";
        After = [ "agenix.service" ];
        # 3 total retries
        StartLimitIntervalSec = 0;
        StartLimitBurst = 3;
      };

      Install.WantedBy = [ "default.target" ];
      Service = {
        Type = "oneshot";
        RestartSec = 5;
        Restart = "onfailure";
        ExecStart =
          let replace = builtins.replaceStrings [ "$XDG_RUNTIME_DIR" ] [ "\${XDG_RUNTIME_DIR}" ];
              path = replace config.age.secrets.gpg-keys.path;
              passphrasePath = replace config.age.secrets.gpg-passphrase.path;
          in "${pkgs.gnupg}/bin/gpg --pinentry-mode loopback --passphrase-file ${passphrasePath} --import ${path}";
      };
    };
  });
}
[NixOS] Set up agenix and auto import gpg key 2023-08-22 15:48:29 -06:00			`{ inputs, pkgs, ... }: {`
			`home-manager.users.imalison = ({ config, ... }: {`
			`imports = [ inputs.agenix.homeManagerModules.default ];`
			`age.identityPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];`
			`home.packages = [`
			`inputs.agenix.packages."${pkgs.system}".default`
			`];`
			`age.secrets.gpg-keys.file = ./secrets/gpg-keys.age;`
[NixOS] Provide passphrase when importing gpg key 2023-08-22 19:14:08 -06:00			`age.secrets.gpg-passphrase.file = ./secrets/gpg-passphrase.age;`
[NixOS] Set up agenix and auto import gpg key 2023-08-22 15:48:29 -06:00
			`systemd.user.services.import-gpg-key = {`
			`Unit = {`
			`Description = "Import GPG private key";`
[NixOS] Wait for agenix to try to import gpg key 2023-08-22 18:00:31 -06:00			`After = [ "agenix.service" ];`
[NixOS] Allow retries of import key 2023-08-22 18:07:27 -06:00			`# 3 total retries`
			`StartLimitIntervalSec = 0;`
			`StartLimitBurst = 3;`
[NixOS] Set up agenix and auto import gpg key 2023-08-22 15:48:29 -06:00			`};`
[NixOS] Wait for agenix to try to import gpg key 2023-08-22 18:00:31 -06:00
[NixOS] Set up agenix and auto import gpg key 2023-08-22 15:48:29 -06:00			`Install.WantedBy = [ "default.target" ];`
			`Service = {`
			`Type = "oneshot";`
[NixOS] Allow retries of import key 2023-08-22 18:07:27 -06:00			`RestartSec = 5;`
			`Restart = "onfailure";`
[NixOS] Wait for agenix to try to import gpg key 2023-08-22 18:00:31 -06:00			`ExecStart =`
[NixOS] Fix environment variables in gpg import 2023-08-22 22:25:37 -06:00			`let replace = builtins.replaceStrings [ "$XDG_RUNTIME_DIR" ] [ "\${XDG_RUNTIME_DIR}" ];`
			`path = replace config.age.secrets.gpg-keys.path;`
			`passphrasePath = replace config.age.secrets.gpg-passphrase.path;`
[NixOS] Provide passphrase when importing gpg key 2023-08-22 19:14:08 -06:00			`in "${pkgs.gnupg}/bin/gpg --pinentry-mode loopback --passphrase-file ${passphrasePath} --import ${path}";`
[NixOS] Set up agenix and auto import gpg key 2023-08-22 15:48:29 -06:00			`};`
			`};`
			`});`
			`}`