age with yubikey
This commit is contained in:
parent
c7d9d0f802
commit
19f05aec9f
10 changed files with 196 additions and 57 deletions
|
@ -4,4 +4,5 @@
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCy7X5ByG4/9y2XkQSnXcpMGnV5WPGUd+B6FaYCDNmPQ7xIZEteS+kCpu9oiMP6C/H/FT+i9DZvCflkzgdFAyujYLKRYaZbZ3K6F60qN0rkJ0z/ZO5c6rqwIwR6BEoB7dq5inkyH9fZ8/SI+PXxELmeWF9ehT7kkQC+o9Ujpcjd7ZuZllbAz4UQZFRbbpwdVJCEDenu9/63yuYbvMupgGk0edaTiFT0Q9MSzs/3pNP8xlAxmmZ3HzSjeF7gUzBF7CaIroTeguiUjSVybUEx48P8fy878t7dUZf4anEno9MS0B3aqfZvCKuuPdAUdeBfCbFHRqN7GuCylFIXGPe95Mxl grimmauld@grimmauld-nixos"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCy7X5ByG4/9y2XkQSnXcpMGnV5WPGUd+B6FaYCDNmPQ7xIZEteS+kCpu9oiMP6C/H/FT+i9DZvCflkzgdFAyujYLKRYaZbZ3K6F60qN0rkJ0z/ZO5c6rqwIwR6BEoB7dq5inkyH9fZ8/SI+PXxELmeWF9ehT7kkQC+o9Ujpcjd7ZuZllbAz4UQZFRbbpwdVJCEDenu9/63yuYbvMupgGk0edaTiFT0Q9MSzs/3pNP8xlAxmmZ3HzSjeF7gUzBF7CaIroTeguiUjSVybUEx48P8fy878t7dUZf4anEno9MS0B3aqfZvCKuuPdAUdeBfCbFHRqN7GuCylFIXGPe95Mxl grimmauld@grimmauld-nixos"
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClLZhya2A7SoRSX2DNNM6OWgnGhtOFUor/WdyY59L0l6u5tEo9VyX5bCR84eo+uN4jyahSiGD1WC3RGIoNtHuSkKPxr0rqQhlbuyxraHGj7hOLhcGWRd2eIdsntbma7uPsn4zC0skKjpVNR7PU4LfSxti0gBhgq6uQhMtlfywwJshmwt55q7oT/zC449Uz2vyviy7sQ53R9YoOWEjB/+vU8jHxGlqLatXhOGKlBtrQxKm8PZ6jBYxAC6sGA4APIHWC3KC0S0X7wlmi42Dx9bbBm0rUjy095vRZ22fkE8x9OSTKDY/vFTLw5vwVMa8dACfA1Kc0+EpgOK77lZddeTvD grimmauld.de"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClLZhya2A7SoRSX2DNNM6OWgnGhtOFUor/WdyY59L0l6u5tEo9VyX5bCR84eo+uN4jyahSiGD1WC3RGIoNtHuSkKPxr0rqQhlbuyxraHGj7hOLhcGWRd2eIdsntbma7uPsn4zC0skKjpVNR7PU4LfSxti0gBhgq6uQhMtlfywwJshmwt55q7oT/zC449Uz2vyviy7sQ53R9YoOWEjB/+vU8jHxGlqLatXhOGKlBtrQxKm8PZ6jBYxAC6sGA4APIHWC3KC0S0X7wlmi42Dx9bbBm0rUjy095vRZ22fkE8x9OSTKDY/vFTLw5vwVMa8dACfA1Kc0+EpgOK77lZddeTvD grimmauld.de"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJhM1Fk5ix4OZAdlfCxL891KxeEKpyIFrP5yYkC9mg7E grimmauld@grimmauld-nixos"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJhM1Fk5ix4OZAdlfCxL891KxeEKpyIFrP5yYkC9mg7E grimmauld@grimmauld-nixos"
|
||||||
|
(builtins.readFile ./ssh/id_ed25519_sk.pub )
|
||||||
]
|
]
|
||||||
|
|
|
@ -29,10 +29,12 @@ in
|
||||||
programs.git = {
|
programs.git = {
|
||||||
enable = true;
|
enable = true;
|
||||||
lfs.enable = true;
|
lfs.enable = true;
|
||||||
config = let
|
config =
|
||||||
|
let
|
||||||
key_file = ../../ssh/id_ed25519_sk.pub;
|
key_file = ../../ssh/id_ed25519_sk.pub;
|
||||||
allowed_signers_file = pkgs.writeText "allowed_signers" ''${tooling.git_email} namespaces="git" ${readFile key_file}'';
|
allowed_signers_file = pkgs.writeText "allowed_signers" ''${tooling.git_email} namespaces="git" ${readFile key_file}'';
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
|
|
||||||
init.defaultBranch = "main";
|
init.defaultBranch = "main";
|
||||||
credential.username = tooling.git_user;
|
credential.username = tooling.git_user;
|
||||||
|
|
|
@ -2,6 +2,8 @@
|
||||||
pkgs,
|
pkgs,
|
||||||
config,
|
config,
|
||||||
lib,
|
lib,
|
||||||
|
inputs,
|
||||||
|
system,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
|
@ -15,6 +17,8 @@ let
|
||||||
attrNames
|
attrNames
|
||||||
mkEnableOption
|
mkEnableOption
|
||||||
;
|
;
|
||||||
|
|
||||||
|
age_plugins = with pkgs; [ age-plugin-yubikey ];
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = mkIf enable {
|
config = mkIf enable {
|
||||||
|
@ -40,18 +44,36 @@ in
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
services.pcscd.enable = true;
|
||||||
|
age.ageBin =
|
||||||
|
let
|
||||||
|
rage_wrapped = pkgs.symlinkJoin {
|
||||||
|
name = "rage";
|
||||||
|
paths = [ pkgs.rage ];
|
||||||
|
buildInputs = [ pkgs.makeWrapper ];
|
||||||
|
postBuild = ''
|
||||||
|
wrapProgram $out/bin/rage \
|
||||||
|
--prefix PATH : ${lib.makeBinPath age_plugins}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
in
|
||||||
|
lib.getExe' rage_wrapped "rage";
|
||||||
|
|
||||||
|
programs.yubikey-touch-detector.enable = graphical;
|
||||||
|
|
||||||
environment.systemPackages =
|
environment.systemPackages =
|
||||||
(with pkgs; [
|
(with pkgs; [
|
||||||
mkpasswd
|
mkpasswd
|
||||||
gnupg
|
gnupg
|
||||||
libsecret
|
libsecret
|
||||||
vulnix
|
vulnix
|
||||||
# agenix
|
(inputs.agenix.packages."${system}".default.override { plugins = age_plugins; })
|
||||||
|
|
||||||
yubikey-manager
|
yubikey-manager
|
||||||
yubico-pam
|
yubico-pam
|
||||||
yubikey-personalization
|
yubikey-personalization
|
||||||
])
|
])
|
||||||
|
++ age_plugins
|
||||||
++ (optionals (tooling.enable && tooling.pass) [
|
++ (optionals (tooling.enable && tooling.pass) [
|
||||||
pkgs.pass
|
pkgs.pass
|
||||||
(pkgs.writeShellScriptBin "passw" "pass $@")
|
(pkgs.writeShellScriptBin "passw" "pass $@")
|
||||||
|
|
98
flake.lock
98
flake.lock
|
@ -45,10 +45,35 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"agenix": {
|
"agenix": {
|
||||||
|
"inputs": {
|
||||||
|
"agenix": "agenix_2",
|
||||||
|
"crane": "crane",
|
||||||
|
"flake-utils": "flake-utils",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"rust-overlay": "rust-overlay_2"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1726755133,
|
||||||
|
"narHash": "sha256-03XIEjHeZEjHXctsXYUB+ZLQmM0WuhR6qWQjwekFk/M=",
|
||||||
|
"owner": "yaxitech",
|
||||||
|
"repo": "ragenix",
|
||||||
|
"rev": "687ee92114bce9c4724376cf6b21235abe880bfa",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "yaxitech",
|
||||||
|
"repo": "ragenix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"agenix_2": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"darwin": "darwin",
|
"darwin": "darwin",
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
"agenix",
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
"systems": "systems"
|
"systems": "systems"
|
||||||
|
@ -107,9 +132,25 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"crane": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1732906089,
|
||||||
|
"narHash": "sha256-NvYSSiKsC0rqn9yY0a9zglLXrFp92EwKhTFZC38voCQ=",
|
||||||
|
"owner": "ipetkov",
|
||||||
|
"repo": "crane",
|
||||||
|
"rev": "9ed3180f45c2d1499e5af98c4ab7ffee8e886f5f",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "ipetkov",
|
||||||
|
"repo": "crane",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"darwin": {
|
"darwin": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
"agenix",
|
||||||
"agenix",
|
"agenix",
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
]
|
]
|
||||||
|
@ -191,6 +232,24 @@
|
||||||
"url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%3D0.1.5.tar.gz"
|
"url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%3D0.1.5.tar.gz"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"flake-utils": {
|
||||||
|
"inputs": {
|
||||||
|
"systems": "systems_2"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1731533236,
|
||||||
|
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"gitignore": {
|
"gitignore": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
@ -216,6 +275,7 @@
|
||||||
"home-manager": {
|
"home-manager": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
"agenix",
|
||||||
"agenix",
|
"agenix",
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
]
|
]
|
||||||
|
@ -283,7 +343,7 @@
|
||||||
"nixpkgs-update",
|
"nixpkgs-update",
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
"systems": "systems_2"
|
"systems": "systems_3"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1710694589,
|
"lastModified": 1710694589,
|
||||||
|
@ -542,6 +602,27 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"rust-overlay_2": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"agenix",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1732933841,
|
||||||
|
"narHash": "sha256-dge02pUSe2QeC/B3PriA0R8eAX+EU3aDoXj9FcS3XDw=",
|
||||||
|
"owner": "oxalica",
|
||||||
|
"repo": "rust-overlay",
|
||||||
|
"rev": "c65e91d4a33abc3bc4a892d3c5b5b378bad64ea1",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "oxalica",
|
||||||
|
"repo": "rust-overlay",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"systems": {
|
"systems": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1681028828,
|
"lastModified": 1681028828,
|
||||||
|
@ -572,6 +653,21 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"systems_3": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681028828,
|
||||||
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"treefmt-nix": {
|
"treefmt-nix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
agenix = {
|
agenix = {
|
||||||
url = "github:ryantm/agenix";
|
url = "github:yaxitech/ragenix";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
nixos-mailserver = {
|
nixos-mailserver = {
|
||||||
|
|
|
@ -1,12 +1,21 @@
|
||||||
age-encryption.org/v1
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
-> ssh-rsa skhaxw
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2Egc2toYXh3CkZvNHRCU3Mz
|
||||||
jJVp7UZ5GPCU9072EIGSp1cTrD4blUhuVox94VsdBJDcuhAfiBtyxq80795wl3t5
|
d2dHZTRGYnQ5aWdxSDNxdVpYcnQ5a3VOcmZ2RHVHQ01BUmZ3dHJlVWxpZ0tIYm4z
|
||||||
z/IjGIJZfnwTD0xsVDN3MgwKvS3RvhLSBKzTmThcMjBpdf04w5Qs3bT1t3oVdl/W
|
MW9ZR2hnc0kKYVVScElPcE1xRGdadTF0OHhMS0l2OFpEM0V5dEhiUHc2ZHV3ajBG
|
||||||
w2MuJBLeWJnZnEN2vpBvGLpKYmvdVlcM4eMgeBDN0bHQUKgIefE5YwHMkn8EiNOo
|
OWJLWmtrTVFJSWxSOUtWYk9tMm1Cb3hmYgpXeVMxWUx3NTQ5M2NFZzdXdVBRZktL
|
||||||
eYkl7XUUlDGRjGFi34LKiuUWRw2gXv732YsX3awQkC4EXSbshkudRDXG/mFBx7vO
|
Z0paZmVpbEJDeW5SQzJHRi96RFZuSEFGR3cvUHR3Tml1cEVSdVhCL0Q4CjFXaUxK
|
||||||
neOaBJR+tsyGV7XQA6p1jcXBQpEi7ctg3aN6wRUnZCyt+JsHhJi3O12Yku8JxB+F
|
YjVVMnFtdzgvU0Y0OEdOOVoraW9Vb3g0aWU5SHBMbzkvRmR1Vk5vNTJhRFo2a1RP
|
||||||
ac9BSp0ivq/1izXM4dV6+A
|
SEM3WkNvK09lZ0wKOHp6VisvT3BoejFkNVFNUFRtbHZaQnRpQitOVi9sam1nSUlw
|
||||||
-> ssh-ed25519 RbssYw 6IaH4azVjA+/8AzOE4syrepqZHm0FAeOxK4rkhKXHE8
|
WVVrMy9aekNIMTdJdzNHY0piK0xvRWxEUW9XWgpnV3IvWFJWWm9yNGpOR0tzSzN4
|
||||||
uN2saodZfJvZMyZLWLaibqnmQTTplTNIXOg4BwxZvN8
|
Y3Z3Ci0+IHNzaC1lZDI1NTE5IFJic3NZdyBYcHExZUkyV2tjbnJiUkdOZFZ0eGtj
|
||||||
--- IxnIgYAbNLV9/lBsaS7fdTQyDfk/6gJDMW+qVRpbwVw
|
RzJ4WWFFY3d3OU5jZGpvdzE1UUVzCktZdG9BeUJ3V1dyZ2ptSXBxTk5LNkYxOGRk
|
||||||
kŒƒ¦”¦[Ð"¾cß:øàÂú
ÄÅ@-Y=l<>¤ý…,ZÚV˜Gè½%äiµ9
|
SEd4SXlwNzcySWI5WUY5bm8KLT4gcGl2LXAyNTYgNStEZmRnIEE5NmJJMGd4THVF
|
||||||
|
akhHV2J2Ykh3RnlqUWhScVhQWWNEa2NURHVibEFJYWRuCmZUR0VBbFU2MVY3MXE4
|
||||||
|
QWNzblF2WEVpWlB4c0JoaXlRRkpWWVNBcDlvWmcKLT4gJFZzJy8tZ3JlYXNlIEBJ
|
||||||
|
IHZbaiVlcCdzIC8uWSNxJyAyR0ZCSkw3CmdZa1d6RE1aMnRWczVvaXEvZmVlZng3
|
||||||
|
WVJ5eGxjZVBqbU5hYTE3dFE2aTNpZ2hJS0Zydzl6V0JsVGhVajNGeWMKSmlSemNi
|
||||||
|
eFRNWkpCT2l1bjhKeEhyajBOSExteHdpTTZFYVFiRlE4aEh3TWQxaUZLbCtpeXZL
|
||||||
|
RG4KLS0tIHArS3RoaHp5OXUyK2pkS1g4ak1meXp4THJMTVljZGU2OE9aeXY3M0VE
|
||||||
|
L1UK89ztHzsKK4tXOn8S9yjuqFYiNSCY3D5LqwXohNiWOV1Bdwh/xCzbXgl3nMol
|
||||||
|
rBCL
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
let
|
let
|
||||||
laptop_pub = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCy7X5ByG4/9y2XkQSnXcpMGnV5WPGUd+B6FaYCDNmPQ7xIZEteS+kCpu9oiMP6C/H/FT+i9DZvCflkzgdFAyujYLKRYaZbZ3K6F60qN0rkJ0z/ZO5c6rqwIwR6BEoB7dq5inkyH9fZ8/SI+PXxELmeWF9ehT7kkQC+o9Ujpcjd7ZuZllbAz4UQZFRbbpwdVJCEDenu9/63yuYbvMupgGk0edaTiFT0Q9MSzs/3pNP8xlAxmmZ3HzSjeF7gUzBF7CaIroTeguiUjSVybUEx48P8fy878t7dUZf4anEno9MS0B3aqfZvCKuuPdAUdeBfCbFHRqN7GuCylFIXGPe95Mxl grimmauld@grimmauld-nixos";
|
laptop_pub = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCy7X5ByG4/9y2XkQSnXcpMGnV5WPGUd+B6FaYCDNmPQ7xIZEteS+kCpu9oiMP6C/H/FT+i9DZvCflkzgdFAyujYLKRYaZbZ3K6F60qN0rkJ0z/ZO5c6rqwIwR6BEoB7dq5inkyH9fZ8/SI+PXxELmeWF9ehT7kkQC+o9Ujpcjd7ZuZllbAz4UQZFRbbpwdVJCEDenu9/63yuYbvMupgGk0edaTiFT0Q9MSzs/3pNP8xlAxmmZ3HzSjeF7gUzBF7CaIroTeguiUjSVybUEx48P8fy878t7dUZf4anEno9MS0B3aqfZvCKuuPdAUdeBfCbFHRqN7GuCylFIXGPe95Mxl grimmauld@grimmauld-nixos";
|
||||||
laptop_pub_ed = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJhM1Fk5ix4OZAdlfCxL891KxeEKpyIFrP5yYkC9mg7E grimmauld@grimmauld-nixos";
|
laptop_pub_ed = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJhM1Fk5ix4OZAdlfCxL891KxeEKpyIFrP5yYkC9mg7E grimmauld@grimmauld-nixos";
|
||||||
|
yubi = "age1yubikey1qghu93392cf93jzpyqmwhf005xxkrzf0rv20gyx652lyhkxjznyfw7w8j0s";
|
||||||
|
|
||||||
# obtained with `ssh-keyscan [ip]`
|
# obtained with `ssh-keyscan [ip]`
|
||||||
contabo_nix_pub = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCCsCsjhJleQCBm0gwnUj5R7zewC0SoRvth1qhXtUCeWM3KHkX+CjiHvVaHs+ftYE9uCe5jwVMB+b4UPkNU8EfQeL99iOYtkcn+fEQqjUJe/x/Pn0NxfS1DCvFpI6s3485ysDmagi640XN9S+eIiiMZIqWTsIlUtkEwGF0wuv+xqzbBOlUtIkL2AMpMeFCFovOcpu2JwEAIpDUiW+FanAFImw6rvNmpAtaaFGheYOGJwnpVfdaIeRPqEN3fqtIRBIQVgxt25BGYX83vaIH3Y/OaEKMGUa/4Fe/PRpGJyhCtdae6kcVfx57hs0e7/HezjgfS90HTu2cy6BrJOvGUspCjCbdElddfboE9wtBeNYsgjUOdU926m2M1tTn7Ex6ZMOQRKRlVFac6Yo+CedRTe4u6lkrWcsDdmnajel7uxoW8VMEre/CBCtK+ZlGaDwJjIVNCn7J3KZBKeaB/t/1iSr7/buaXYh5VV1Q0gv0mtvx+D7YLngaTv3sLFpLV8Wk1mgXt9R2hHxcRBKGJYx5RWa8aMHK62RP1GRc5yCzREj2Mc5qUJyd8oirnQYms/BsaDybUJde9IL4REeMzIBYyi/MG/+OAIUSAtdYygABWco+Swv4jP52UODHikcmyejHdFhRngsb4IYzGZXbS5pobkCyqCMJ20v5BG3WNFmujAlXRw==";
|
contabo_nix_pub = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCCsCsjhJleQCBm0gwnUj5R7zewC0SoRvth1qhXtUCeWM3KHkX+CjiHvVaHs+ftYE9uCe5jwVMB+b4UPkNU8EfQeL99iOYtkcn+fEQqjUJe/x/Pn0NxfS1DCvFpI6s3485ysDmagi640XN9S+eIiiMZIqWTsIlUtkEwGF0wuv+xqzbBOlUtIkL2AMpMeFCFovOcpu2JwEAIpDUiW+FanAFImw6rvNmpAtaaFGheYOGJwnpVfdaIeRPqEN3fqtIRBIQVgxt25BGYX83vaIH3Y/OaEKMGUa/4Fe/PRpGJyhCtdae6kcVfx57hs0e7/HezjgfS90HTu2cy6BrJOvGUspCjCbdElddfboE9wtBeNYsgjUOdU926m2M1tTn7Ex6ZMOQRKRlVFac6Yo+CedRTe4u6lkrWcsDdmnajel7uxoW8VMEre/CBCtK+ZlGaDwJjIVNCn7J3KZBKeaB/t/1iSr7/buaXYh5VV1Q0gv0mtvx+D7YLngaTv3sLFpLV8Wk1mgXt9R2hHxcRBKGJYx5RWa8aMHK62RP1GRc5yCzREj2Mc5qUJyd8oirnQYms/BsaDybUJde9IL4REeMzIBYyi/MG/+OAIUSAtdYygABWco+Swv4jP52UODHikcmyejHdFhRngsb4IYzGZXbS5pobkCyqCMJ20v5BG3WNFmujAlXRw==";
|
||||||
|
@ -8,6 +9,7 @@ in
|
||||||
{
|
{
|
||||||
"nextcloud_pass.age".publicKeys = [
|
"nextcloud_pass.age".publicKeys = [
|
||||||
laptop_pub
|
laptop_pub
|
||||||
|
yubi
|
||||||
laptop_pub_ed
|
laptop_pub_ed
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
7
secrets/yubikey-identity.txt
Normal file
7
secrets/yubikey-identity.txt
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
# Serial: 26681512, Slot: 1
|
||||||
|
# Name: age identity e7e0df76
|
||||||
|
# Created: Sat, 30 Nov 2024 09:42:11 +0000
|
||||||
|
# PIN policy: Never (A PIN is NOT required to decrypt)
|
||||||
|
# Touch policy: Never (A physical touch is NOT required to decrypt)
|
||||||
|
# Recipient: age1yubikey1qghu93392cf93jzpyqmwhf005xxkrzf0rv20gyx652lyhkxjznyfw7w8j0s
|
||||||
|
AGE-PLUGIN-YUBIKEY-14QSFWQVZULSD7ASD5UX5U
|
|
@ -12,7 +12,7 @@
|
||||||
./../../sway
|
./../../sway
|
||||||
];
|
];
|
||||||
|
|
||||||
age.identityPaths = [ "/root/.ssh/id_ed25519" ];
|
age.identityPaths = [ ../../secrets/yubikey-identity.txt ];
|
||||||
|
|
||||||
services.zfs.trim.enable = true;
|
services.zfs.trim.enable = true;
|
||||||
boot.supportedFilesystems.zfs = true;
|
boot.supportedFilesystems.zfs = true;
|
||||||
|
|
|
@ -182,7 +182,7 @@
|
||||||
aw-bundle = (
|
aw-bundle = (
|
||||||
pkgs.writeShellScriptBin "aw-bundle" ''
|
pkgs.writeShellScriptBin "aw-bundle" ''
|
||||||
export RUST_BACKTRACE=full
|
export RUST_BACKTRACE=full
|
||||||
export PATH=$PATH:${lib.makeBinPath (aw-modules ++ [pkgs.coreutils-full])}
|
export PATH=$PATH:${lib.makeBinPath (aw-modules ++ [ pkgs.coreutils-full ])}
|
||||||
${getExe' pkgs.coreutils-full "sleep"} 5
|
${getExe' pkgs.coreutils-full "sleep"} 5
|
||||||
${getExe pkgs.aw-qt} --autostart-modules ${aw-modules-list}
|
${getExe pkgs.aw-qt} --autostart-modules ${aw-modules-list}
|
||||||
''
|
''
|
||||||
|
|
Loading…
Reference in a new issue