wgester/dotfiles
1
0
Fork 0
forked from colonelpanic/dotfiles
Code Pull Requests Activity

[NixOS] Set up agenix and auto import gpg key

Browse Source
This commit is contained in:
Ivan Malison 2023-08-22 15:48:29 -06:00
parent ee0ae1a7d9
commit 11d5f9f0bb
5 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nixos/configuration.nix
View File

@ -16,6 +16,7 @@
./nix.nix ./nix.nix
./nixified.ai.nix ./nixified.ai.nix
./options.nix ./options.nix
./secrets.nix
./ssh.nix ./ssh.nix
./syncthing.nix ./syncthing.nix
./users.nix ./users.nix

1
nixos/keys.nix
View File

@ -7,6 +7,7 @@ rec {
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDt/rcYuGGlXBcRUJvzUCgOW8PNVkJJ5TwEOha1/KGM4 imalison@stevie-nixos" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDt/rcYuGGlXBcRUJvzUCgOW8PNVkJJ5TwEOha1/KGM4 imalison@stevie-nixos"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJr9kVlYIZIPXfXom4Fi7S2yvp5sWJ6BSM5m3uLh+8y5 imalison@adele" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJr9kVlYIZIPXfXom4Fi7S2yvp5sWJ6BSM5m3uLh+8y5 imalison@adele"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOFkA5JZkq8mRd7St0jP2P6WyYYhW2CChmQoY20N45f imalison@ryzen-shine"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIiZd2FiyTJvuvDh5hH0L3BqZV3E/kwwyau57QD7pz7C cardno:000614590850" # Dfinity Admin "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIiZd2FiyTJvuvDh5hH0L3BqZV3E/kwwyau57QD7pz7C cardno:000614590850" # Dfinity Admin
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOEt0T+Hxxat5tbkD9mSu8T271QjRrLr2EA0rIDXUNL cardno:000614590748" # Dfinity Read-Only "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOEt0T+Hxxat5tbkD9mSu8T271QjRrLr2EA0rIDXUNL cardno:000614590748" # Dfinity Read-Only
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMCJ08qswd3OoApAIHQwojEUJ4sre89vSngbM3x5pBP2 imalison@jay-lenovo.local" # Kat's Lenovo Legion "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMCJ08qswd3OoApAIHQwojEUJ4sre89vSngbM3x5pBP2 imalison@jay-lenovo.local" # Kat's Lenovo Legion

21
nixos/secrets.nix Normal file
View File

@ -0,0 +1,21 @@
{ inputs, pkgs, ... }: {
home-manager.users.imalison = ({ config, ... }: {
imports = [ inputs.agenix.homeManagerModules.default ];
age.identityPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
home.packages = [
inputs.agenix.packages."${pkgs.system}".default
];
age.secrets.gpg-keys.file = ./secrets/gpg-keys.age;
systemd.user.services.import-gpg-key = {
Unit = {
Description = "Import GPG private key";
};
Install.WantedBy = [ "default.target" ];
Service = {
Type = "oneshot";
ExecStart = "${pkgs.gnupg}/bin/gpg --batch --import /run/user/%U/agenix/gpg-keys";
};
};
});
}

BIN
nixos/secrets/gpg-keys.age Normal file
View File

Binary file not shown.

5
nixos/secrets/secrets.nix Normal file
View File

@ -0,0 +1,5 @@
let keys = (import ../keys.nix);
in
{
"gpg-keys.age".publicKeys = keys.kanivanKeys;
}