forked from colonelpanic/dotfiles
[NixOS] Provide passphrase when importing gpg key
This commit is contained in:
parent
8faca502c7
commit
3c1619c598
@ -6,6 +6,7 @@
|
|||||||
inputs.agenix.packages."${pkgs.system}".default
|
inputs.agenix.packages."${pkgs.system}".default
|
||||||
];
|
];
|
||||||
age.secrets.gpg-keys.file = ./secrets/gpg-keys.age;
|
age.secrets.gpg-keys.file = ./secrets/gpg-keys.age;
|
||||||
|
age.secrets.gpg-passphrase.file = ./secrets/gpg-passphrase.age;
|
||||||
|
|
||||||
systemd.user.services.import-gpg-key = {
|
systemd.user.services.import-gpg-key = {
|
||||||
Unit = {
|
Unit = {
|
||||||
@ -23,7 +24,8 @@
|
|||||||
Restart = "onfailure";
|
Restart = "onfailure";
|
||||||
ExecStart =
|
ExecStart =
|
||||||
let path = config.age.secrets.gpg-keys.path;
|
let path = config.age.secrets.gpg-keys.path;
|
||||||
in "${pkgs.gnupg}/bin/gpg --batch --import ${path}";
|
passphrasePath = config.age.secrets.gpg-passphrase.path;
|
||||||
|
in "${pkgs.gnupg}/bin/gpg --pinentry-mode loopback --passphrase-file ${passphrasePath} --import ${path}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
44
nixos/secrets/gpg-passphrase.age
Normal file
44
nixos/secrets/gpg-passphrase.age
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 ZgrTqA Crvk4lZGqUPHWFVHoMHL6wTXLqgOwfYWcQRI1GR8fCo
|
||||||
|
95KzRsEvEgK7KoBGB9V0XEHoMat3x+C5mU/HoaQmOBQ
|
||||||
|
-> ssh-ed25519 ZaBdSg TuQ9k+CyR2Fog+BxOmqP+hvqw63qzTkJTu0H2sBVZD0
|
||||||
|
HeLbVIYN3gCKq1K212cAKqmdxwvRxl2kssRtoIKe8u0
|
||||||
|
-> ssh-ed25519 MHZylw i91Etee30Plo+zKWe41RsPITr0yRsw3GmX9UTFgIB1w
|
||||||
|
QFf3/DS2/5AiyiXC9oiighxzdP/qsAN4A+JOo3CPPxc
|
||||||
|
-> ssh-rsa gwJx0Q
|
||||||
|
xLrGVWlIyyfj92zF2hthtntxY8mBFuPvb/rJyI2DJ3brG7gFIr8w5k4yZyicT/X2
|
||||||
|
nbucLPwAbQ4SQUs0cadHcA4JI+2C3VUudMqAXMyC1Fkv/ql13DLuy9bPucgDHUU8
|
||||||
|
nc8FDJ6iPxypnD7IgTSw+BcNlKcskOoL0zDxVyXcsq2js3W/9fc2P5D6lCZ1ZIWb
|
||||||
|
Z5P+k6ZwFpeRBrm4zrnLr5pPU/3cUBuEyR/EVEWh0kYXlg2VpvBOcHqrZfuxAVxE
|
||||||
|
eshb0TSZPhP+OaewXkWnS2slLEPS7QGeEVfQpwF1q50LAUiqw4Uwh8dIVQz5xAY9
|
||||||
|
YZvOGGZkzFuVa9dJPA4X8w
|
||||||
|
-> ssh-ed25519 YFIoHA B/icDEIQH0u/GqDhO90QgUbP03UCnxpSPw6isfdcjRs
|
||||||
|
RndPZzM2yWqgrbALMbNsf2oxBCjgkNKcFl0FZd27n1w
|
||||||
|
-> ssh-ed25519 KQfiow 3Geq61Xd0m59b2FIIrgZP2wheXDiNiC/pVyId1fTDwY
|
||||||
|
m3c0/OZNR2nssBh8nAjlwVp6UpeDYaZphiBNdndpFG8
|
||||||
|
-> ssh-ed25519 kScIxg mzfbaeTVFDX384nmohh3Nsht2uXIqHei3mlgaC2fm2w
|
||||||
|
/ERHHlPIHau33TMLqgL1EGcfOl87/ofN3PW/g0ysGNg
|
||||||
|
-> ssh-ed25519 HzX1zw hYappU4Fqrb1x8ZDlOQXCilsArhFwlFkJxNoygF4jQ0
|
||||||
|
hTeadEzZ6F+I9d2bXidBRNfbQgcGsSePtb+HzWqHfBI
|
||||||
|
-> ssh-ed25519 KQfiow /LRG537/z+OHDhK5Fl1i3uJZO8Y1KY+3x9hn0zIVTTo
|
||||||
|
dfulMIkTSg35STjGPXmqNJ0ATM8rgJAuVpexBcOo2kI
|
||||||
|
-> ssh-ed25519 1o2X0w WTK2J/tOSMm/tW7wHQrQla2HH4cdj+j9rM7CMVZZoCk
|
||||||
|
bEtjp3iXkD6tanBS6tvsBQ85Yd3MQOXWgjsf0KCeWKw
|
||||||
|
-> ssh-ed25519 KQ5iUA r7eMLpwOF+PfvP0Z8CtC1y8tz2XCL6chBID2s9n5Vg8
|
||||||
|
WiNsSDcafBCnYXR51fjNe1AqWzQexLwZGhEwITYFzso
|
||||||
|
-> ssh-ed25519 0eS5+A xHVBjsGS8jX6DNiYen0mUJe4dUi9ayYjqwxnIRAjDls
|
||||||
|
wQUPdJmf5s7RtygtcSaCPHHqC24dZGxyM0HJVqSTheQ
|
||||||
|
-> ssh-ed25519 9/4Prw vYEnPBSo0LfS6L0oUVgbFVhfE2RFCnbFUWYDPS6UlhU
|
||||||
|
U5lw/k/G/KX4JzD7zUohVGnERfeh/wJu9B9Q7OSiE8w
|
||||||
|
-> ssh-ed25519 gAk3+Q LSVYDdzb/X7yw4U0wi4v1w2hnhCKiqxMFol1DwsioGA
|
||||||
|
TwOQRpeYWtcuF/SCf4IhvapkXt3IzKbL+6TYSwMYZj8
|
||||||
|
-> ssh-ed25519 X6eGtQ 7AkAvWIx9b6NTZadb6c9Y+OsyLIYhtilCrXNqJObEg0
|
||||||
|
Sf347ATzrPaf4bch3H3TPNbCiBNewTuDrk8ap9dZipU
|
||||||
|
-> ssh-ed25519 0ma8Cw oXWdHur4lg5biytTl1ixUv5P40nHHg31NNoxfzGJUTo
|
||||||
|
Q4nNfFnXiOhLVrLZIWsIIH9QB1T3v9qIyYH5bTa7hWk
|
||||||
|
-> QbL-grease t1 K-'
|
||||||
|
0rLMhdyodWAFmH1zD9QKXLcxfJaSp4Ud1qiPDHzenbzE0C5bqDP9PjvVTL85Tgkh
|
||||||
|
MY0D7KlIw79dN3t0drnuLR3Y2GmWFmA4wsgU2/nTU5nw5izYuYw
|
||||||
|
--- PLCCiAtKWcacH4p370GCBv2qUPQkQR6h4is8eorrfOQ
|
||||||
|
^<03>NêáÝoj4C H1ºr¶5„Ôç
|
||||||
|
|Æ+í 3öz82 €¹å}Ä]0
|
@ -2,5 +2,6 @@ let keys = (import ../keys.nix);
|
|||||||
in
|
in
|
||||||
{
|
{
|
||||||
"gpg-keys.age".publicKeys = keys.agenixKeys;
|
"gpg-keys.age".publicKeys = keys.agenixKeys;
|
||||||
|
"gpg-passphrase.age".publicKeys = keys.agenixKeys;
|
||||||
"cache-priv-key.pem.age".publicKeys = keys.agenixKeys;
|
"cache-priv-key.pem.age".publicKeys = keys.agenixKeys;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user