From 11d5f9f0bb7265e7e46f984dc1f31f769242523a Mon Sep 17 00:00:00 2001
From: Ivan Malison <IvanMalison@gmail.com>
Date: Tue, 22 Aug 2023 15:48:29 -0600
Subject: [PATCH] [NixOS] Set up agenix and auto import gpg key

---
 nixos/configuration.nix    |   1 +
 nixos/keys.nix             |   1 +
 nixos/secrets.nix          |  21 +++++++++++++++++++++
 nixos/secrets/gpg-keys.age | Bin 0 -> 5255 bytes
 nixos/secrets/secrets.nix  |   5 +++++
 5 files changed, 28 insertions(+)
 create mode 100644 nixos/secrets.nix
 create mode 100644 nixos/secrets/gpg-keys.age
 create mode 100644 nixos/secrets/secrets.nix

diff --git a/nixos/configuration.nix b/nixos/configuration.nix
index 211fad54..4d9904e5 100644
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@@ -16,6 +16,7 @@
     ./nix.nix
     ./nixified.ai.nix
     ./options.nix
+    ./secrets.nix
     ./ssh.nix
     ./syncthing.nix
     ./users.nix
diff --git a/nixos/keys.nix b/nixos/keys.nix
index f27288ff..9ca7f632 100644
--- a/nixos/keys.nix
+++ b/nixos/keys.nix
@@ -7,6 +7,7 @@ rec {
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDt/rcYuGGlXBcRUJvzUCgOW8PNVkJJ5TwEOha1/KGM4 imalison@stevie-nixos"
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp"
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJr9kVlYIZIPXfXom4Fi7S2yvp5sWJ6BSM5m3uLh+8y5 imalison@adele"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOFkA5JZkq8mRd7St0jP2P6WyYYhW2CChmQoY20N45f imalison@ryzen-shine"
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIiZd2FiyTJvuvDh5hH0L3BqZV3E/kwwyau57QD7pz7C cardno:000614590850" # Dfinity Admin
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOEt0T+Hxxat5tbkD9mSu8T271QjRrLr2EA0rIDXUNL cardno:000614590748" # Dfinity Read-Only
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMCJ08qswd3OoApAIHQwojEUJ4sre89vSngbM3x5pBP2 imalison@jay-lenovo.local" # Kat's Lenovo Legion
diff --git a/nixos/secrets.nix b/nixos/secrets.nix
new file mode 100644
index 00000000..bc391b40
--- /dev/null
+++ b/nixos/secrets.nix
@@ -0,0 +1,21 @@
+{ inputs, pkgs, ... }: {
+  home-manager.users.imalison = ({ config, ... }: {
+    imports = [ inputs.agenix.homeManagerModules.default ];
+    age.identityPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
+    home.packages = [
+      inputs.agenix.packages."${pkgs.system}".default
+    ];
+    age.secrets.gpg-keys.file = ./secrets/gpg-keys.age;
+
+    systemd.user.services.import-gpg-key = {
+      Unit = {
+        Description = "Import GPG private key";
+      };
+      Install.WantedBy = [ "default.target" ];
+      Service = {
+        Type = "oneshot";
+        ExecStart = "${pkgs.gnupg}/bin/gpg --batch --import /run/user/%U/agenix/gpg-keys";
+      };
+    };
+  });
+}
diff --git a/nixos/secrets/gpg-keys.age b/nixos/secrets/gpg-keys.age
new file mode 100644
index 0000000000000000000000000000000000000000..fcf32d1cc24e6a4af3a906d71de52f4042774742
GIT binary patch
literal 5255
zcmZvb`CAMM!@o&crmUr7E7Oiqvu}iEnx&a$-)AJ6eV=LenMfra*`<WaT8?B(**caa
zp*To79a<!kvKAuS`&{4a`~GsC_b<4w`~F;?6qO=cVU$_iW}C)jj4@eMU<VWsy%cD*
zs-rE|6rjpUbwStwjv-N^6+nq5q79s=&~t?nKAZ2<@U<|631zV+(9~+C!y%3b3sRvp
z2191T>TOP0A`FoT!z1GbL;%DfV!0>;Q@mZM)w5A%1lFRE(S=BZNot~+5qfbd#Rj)H
ztrCw;s!~$eFp`WLPbN^sP>Bi5AQ%ArM4SyrVz6;K8XN?77|krGT#bWj?PLka%2l$d
z930MyBC|~<6q3bDfzZG@L!yjl<Dj9bd?6eS@DLJE@I)w)%z$GELLL=mcZ=g~^b`~e
z>%t*$Mh?njR=A{Mi3NdnkQpu#%c`(@kOmeLX@z2#WPnUV5(%6LHIgG$G35|EhAQHi
z!6b$mgBK=PonSqUl7c0g^h~J~#-ONDnGTN%qE*omESZRsh{pp=5)z3dF=@39CP62H
z8SNw!S)}^k+6p-giG*T-ViLuafCCb(BoP^Iaj<a$yiDbSF{F4i%S|AlO(Z$ph*HRf
zPC3rNAQ?3>0FSRwklaq9&TYoRC2*!7g`6rem<U!U%!*S9L3W&*X-nlxIUMJ|X^Cv5
z#^eMloft8N?y^~FZ~>Z`qLA{~9;3#LbLkuuB~Hi?LJ435SZ9+G`2a4|q-Sx#NJ|2i
zW(K9;3>Jr0rAASNQU=%#gG)&^5}I$YBx0=ef75ha8O5anq7`m(s+r6rm^d`K&@R@y
z6e&!U91B(n`BVp-1A}m=8k2ypBq9KI93hpjVUURe5ex}4^Y|ilyh})vVufUw5$r)3
z$xxWqAWIav{;OnyM+EgafiMjc<%WUv4zY=*AWJbK1rZG~DDiG5hsmT!2#iE1Ly;gb
z!U#kF0Sz}%aZm%vWks3e6O?YWH6F>Lb1`Uvlx#3lutu|iC3HbKV*bC~{(nh>g+~%`
zg+ex7BU2M-7P?-mrKK7?FtD4bN6Lg0G(%vKYG^Kq7$9_rv}^*}!W2ST3W^9y<ih1p
ztWXZ+B4J3OOu|QTZ3eg-<+T5o8`K07L7YIFgKrW^X)>Hy4reR4C;^&Bu*xNDS|Snz
zrSLFF57y$+>DU$(1b~sj2vk>s5=s;qKwLi6MEuXLIz10Vq$Ge;P=r;bP7%5^CcW_g
za6@YNIAAJ8B!uy#Vg!<B<&Zg&1RDy*v9lE_E{vyj>Wl)Mf({W%`5c1^fV1)v{__PY
zKhc4pY87k&!=l!6@dP$Oz(VU~G^hy1M93g~3rzR#k`M(K3Bmz&NU%l$k*jG|ty~rl
zC7_WB4x0gDVuN@rng}bxm=O$KJVXM95&=jvf|Ur@%JmM3#q6<=Xk>Ie-$*0UNJ=Pz
zZgml03M~sIR~x9rf77sF1k2(Cia=TlNdkrQWE7Q72bT+Y3>!y51(C%GB!~v5M!}E*
z4U8g2lAQn$PEAF~;A9?}NHqx69)t;FQ{b!?ib=t9)A@83%q}oUkYt=q{BN2Hr-Oso
zKn=!eq%l=sg@9&5!;mID#K9*JFme*aWuYVNJOmz2BWQ35c%BTPL}1Az6OE{#A%tA3
z9?Ic*xF`l!<dAC-Jh4KFh1dyb71)i$|5r&7N<p@<ff6@ass*u4MxBV2iX^DmBA6Yo
zg9@1JRI>o<l4~GX5mX?epy7OgN=#5OJe*V%5l&9DLlc-Dnkf-Wa(nb3E!V{*K^00J
z&4~b65R`wrK@2IFcqdQ+r9m`Uk4NWX8kI)4oGh|pQ;}qv)-4n(Bubk>N+hLPG+LBE
z2LO@qNUB8YBARp@I|q)Du|+bOnnouZU`B;b#^WMT@m8de;*|eCH+WhU$r-J(C{nBn
zAbSZgi4II%0LKF9u=!Ls8(^eDU{rxxiKjSqN(K>$gUeIQo_IRSfRrLod>7Gf65?@g
z1QB9o8HE;>+yNIGEm{uGjiNi`Pz?Ygu!#s{7cNDPz{*JK6cU)_LPMZr8Qh^w#K*@w
z{`14=Xdr~o5cBXTcY+irr;|-AqF$n8+f=dyoB&3Kr^*FVBZi@~OAH(_pgSY0HKp_E
zZN!|It0%@LX5f>=i{`f}oXsg?+mrYIey$;6f@@1LWj_aJtZVsM+0fLm^vB@`Z(j=M
zg|xj6c;6E~rXldcWO$l(h>`VVsUV~W`M&qv%lz=Qt_`c#&Q<gjFxyUUZI~B+<6U|E
zx{*`KA)4FKzAjnq*5RBhhGCg~;9=w@Lcq+sK7@Q6_eQWd*YtP&$Qso9n$~Q;{qLVH
z&9C^-`eA4Ywf61k;f8hrMAB%vVBLNY|Ft=P(zcb~cFmi*OZ+UnEmis?H+0Sq394j8
zDQwTWMMowzBJ-!79d*V&FJ;Qmm$l!Vr@I$+cUGU9SFqq&UEY`j@#Qm@#>8$XteU5&
zJwrXexorJ3a4jrxa_Hzw%3FP{1#0e~7U^mqs2lTvJ#<gfU@bmQihA@q7X2=#YU9JJ
z!j(nAL{Kpy_H)}v*AHCk%vqZ{j#f?fd7Gz;G3?8`k>QnA!-XtPnCm&=xVlpmfSEJz
za^!<ZnRev!(2FbeFB{KJHhC7w8|Ea<_%-cR<P6g4F2sTZ`)4m*I_~W+qNzV`Sn=Da
zWo5f@lBSQ4jgWVV*LXR+jN)SLqIFKSWQ8#2xuW@0emzXMA@1w#_S<*wZ=F|>{p(Z3
zsOd+*GhZ%!d#0|16CAs@ZD-|aW)u0)&U-(eR|F+RGu3NgAxhvtLXzv+yqx`+M|0h!
z5npdtZL{tNwxZ9KH<XnVMnB%y`bblq(_+5{ogdM*i{RmvrA%4j%sF|$r?x`#w_ny>
zXch%}W8LkQXWqV)53SrDR=l$Bef)DiHSLrkdTnTQ-NES4(BrEa&%%h%`D)iCL1p}|
z2`6&j?pf87ll>W*OuFc!AM4(DbK_uGyX%PWAK{zRS;K*4?uY72=h;un19soFF`nGk
zbsP#jTs<{?!iZnUw8>-g=U-#o>AkZl>=<iO;OJi)LrOoCe8dHgJ-Ed^ar;WIOax+a
z_VM-LW3{c!>hWF|s`@WLkM!YQN7OEe3f<Iq4jr|p>`Ng6bLk{22<jiht->ZR8^@te
z6gQk;?QYySYTnh?XL768<i7!*OzM3wIs9kzm6EG9iBCGJVP2zWzwfGgy8U!z>u+fT
z`Su$t=Eq{Mx}z4YjQSfj;@_@Z^@BGZ`|ZrY%QfA@$)2h@+MzqUUVTch;eGszn`KjN
z&Hxvzd3mIJr*9;lVBNR&gm>~k8_E7Rp)ICGU!V)VWPD8$-}*kwbU5+C%Sn!DQI~%%
zzWSt{oKf-Y)~ARp;IAS5ytBMa{DPw$tLc}zjU1_v-+$>^+WEyFe(IO`y+DdhlFs%+
z^q^0b>sBqVFLA8@r?TlIJv3=+DHMO|U`WF&Q{QO+)#)YhJ70V<`j<zg#veY(4+TVI
zBC}=$vN8C$O6Bq~y}|(gc~bS1!?M9WvkMnCk45=yE_~fH>5fvF#Sv86zD7Nwo%6oN
zzF*#WV14+XFTA_Uxj%?GS-^h4j32|cA04BTn)hVpeh)qaj!jN_ydp5VaN8r^u}3!(
zo__(D*48f>+eaT>Ui<ASd(VVlhwn}w6VZFF=Hb(UZUg8kH>`!QxP)BYkvVbP*-3ri
zuqA|m?cwt~KD_!|S|JXI&ihss92mB>w(icPfC-Fc->91S@!>65<E{ixfA{?%AftU-
z(RN_7ETmTz+hkpqQqfyz1_0O_U}GQbohE3E2WmGzY-{L$ck~aargD9FiEqLYO2NAO
zzn)FqFltiB?zXV!DC2~#9X~IhxIFI2s}1V!TRN`Bv&tfKA*WU>Sn?=~AD123>^Bcl
zQ(?K7Mv4f|UHm#1rdq$L_V%v!MSqC%h&Ns#Is(GC86Pg%208ZP;W$XpfzBNtuXr`0
zfqlnrnKFdk`v#B2G>{s9d~=@rFu}}8pKet)?cE9S2b^)p8-I4spXn2~us`rJRl<3Z
zuxV+BGw%zo4(}J)RrqIES<bLtbb0o()siW8Y51uiTFuiS#*Jwg{yBbl>)30MC0;WN
zs;;!RZjcuC%?<HQI*IT4QqgewAPB<zedo-qnL+T&pVzizGFC3XKN!I`kAvsUntW=m
zsps>_xWdwNuZfzAY0>@#UrMTb*2LC~`r``Re;oSFQJUA|h_|{(#3#-`{OImg{z;<g
z+ne($Sf?dxqrYD<VbU|lkHEmMPoFF(eeyKGpQScjpCYXc3wg7<BY1lg1_B2ZpO_B2
zzbgoLI`#M0`dGhi&z@<$d7GS^!OBh=Y2fxr{P9OC29ub&(8x8;{zFKXTJWe{Hi~eT
zpB@6vOCN0U8~#xJYezQt+_T~DcURw>wM>ED(I>s%Ci9IS8+W&MEUC1?e@EBO-KUim
zQF|-jJ349JJ8CZ+rtGinNLxjezdj6jSx~9yp8tU2tVp2%uH=-}cm7j<uV?n;0%`5r
z`)6b8le=?hi~VXlYEY4WPtN-}uX4(}-ueK1o6`KwoQ+YOn?JBdwx!R&&GM!_O+pbi
z(|S&h(?3{bq8}mDj+@&$w5BvWZgFYtbkh2|*?{9o%VTD&M)bNK^sRs4Y^AE(d^!1o
z)e|>st`9_!<P7t%eqz}D?)(o^sx>|zV!Hz-zk5-4=1^)(aVh0Iyynl-`v`ZAS6y!+
zryOs;Z~wXFzIP_MV#t6gl&iijUAQ0sb>t}SO_KQ7#~pulu2q)wIBTfDzDHN<Pu{xO
zm^JFk<gfW=JNR$^=Ou?jXWVSk_1@}w@A~kW+c|y6Mn+u24jj0C$md7dtsU;)zn-Fb
zd4&YenYU`Q*JMqyJU4I1{-b-w_$xEOMS)$Qx_CjkXyucNRIcv#*+ON}R?Y=#XHA{w
zL+InSuUjU2j5inRbDwzfvjc+Hu6`PSdKErrD=3WDWt|x6hqP6)8Xk?=J3Tvb{!m!t
zzS!J?;1fIe&5uj>x2UFkO)sxGaij9<d3%eYcu(&l|3EIg06DNMF8iSOsgYNpbpkwh
z@YnK#D?eRy9M$SP?_PVsOD-}y$;n#@%cz5iZEBzKe_?RGmy=H%x)r(U@KI>?psR;J
zQ1W)&;J}zDBC;iuXxq7L-P|$w#V06*#{`r3B2RJDrZvA>FJ_efZC94RAss%8sQtKN
z?oi&v^;w>SBA<NQpJi_vK?l85yUGSwU(Via%~{XEni5lrMuL_)1iG5Aj<mDo0N(@a
zNY^+0$cr_9#?`fds>{L{*BOggmuD@%D)O9Juq4&5cdGY24dK-%zw-`8ptvd25WEVc
znY5|Bb#qqwMEH!|bMiIizsM`kdMvFYt0Q4uGt}MlWZw;Ua?i{xw+oGBo1bwP_DtZZ
zis8{k&0lf{a@K7q@%9?TjL9pgpB?x94XesKD*DRc!MnxZ8ylT{H$QbiWXpeconDmy
zO<P<@AU5*+d(!+GIdNmKf#CCV!)QZv`%mLmQnM$b2e7YZ;q`@;i*lBHo;q2xi`Jl2
z!~8B*KCs%Kcl*>+A{(3D0Faw&-p1BhcU<~*IY#p8{Kj6R_uGs~nWbU^Y&B$g-d%Wc
zcYFQ8IjH24Dc2|Z3vyF^f2$gq__;qEu>W(j>>>SQin@hVcL30y49i?@K3ennTg1CK
zZybdDF@x~l#wBDAn<mgAJ^foSe^&d(z25E~dt|OQqDsHvTJ!_e?+^Z>Xt&3Thnw2m
zVSu9jRB~rxrxLE~**LhuyMG~hh9GWc<-j_G;q3X6Q%7%juQiVfS|ipC7Zlc4hjA+>
z{hbR4Ss!w6ynFQucJscarZ~u`nWux;rH017?HT*iEGkvU*v7kt&L->xFHo^hf!)6K
zR(a5>tr3r-mn;PLpBR~%VJ$qGp0^ex12U>&g5q}9R6oxhS-6y8-4-$lk|=E`xm**|
zT|DI$Gp1M8r4`l*>WcCUftP-}2ar;X<6|+~6y#gX%m<l%+m7XoZxIys#|M@d+(IUU
zo_c>R-Nu@6xZ%qDbY%a#!LD8NyW?2-+2jmdTd^dl5--gzSl6Y5Eo=!ZiSyrk&fBtn
z>PFb;Y_C(6+sBr?NUyvcG-M5?ra-Kd6j{Eg$2zjb{~LDT{7lkZUz-`r&0Rh+bMe$`
zmy0+F&76v9ja?7xN^%#z9F2z5uL^E?x3UD896&65Hq|uPJG#rKXu`W;+K=Ej?E>G&
zXJ0;TY#9By<LBxL?#vh&$Zh(YT?U@9m)!kwfsfbwBa7#6o)dI%r*gy#sHvu#+H1$;
z$36SA_ua~R=34RG!Rkx?8ON3kTsLSIw4X`8;Yv6(l=aV=+2c<xO3ge6L3@gB+(@h3
z$F1B@w6C)w0I3Cye4%X5w4h&ZJJd{|{t@nk+2CLG!Q*}%CbOrwzaN+=sjZJXQ#UGQ
z1}*S`fB2nQISKdDZ$G*5=_)@!)DyE9aYDc55cI(F1X0ldeafx8Sw36cS^eM0cY`7)
zm?j@@7#h=6CZPS$-`h5>F@Dpg7to0CU)v}(UmmZom=${qTj5)Da<4|U4>D%s;)Bzx
za2@yPm+jVV?-RqWf6PnIETo4zf}1R>YGE&A7~>_{Ut2;^QxI2`sPLE*PVS@s0hRFC
Ab^rhX

literal 0
HcmV?d00001

diff --git a/nixos/secrets/secrets.nix b/nixos/secrets/secrets.nix
new file mode 100644
index 00000000..fc7386c0
--- /dev/null
+++ b/nixos/secrets/secrets.nix
@@ -0,0 +1,5 @@
+let keys = (import ../keys.nix);
+in
+{
+  "gpg-keys.age".publicKeys = keys.kanivanKeys;
+}