From 94f382952b3a3840b30f1bbe6549367c20cd8f9b Mon Sep 17 00:00:00 2001 From: etwas Date: Mon, 26 May 2025 15:37:14 +0200 Subject: [PATCH] feat: agenix-rekey fuckery? --- flake.lock | 422 +++++++++++++++++++++++++-- flake.nix | 22 +- home/default.nix | 6 +- home/misc_pkgs/packages.nix | 10 +- modules/utils/agenix/agenix.nix | 101 +++++++ modules/utils/agenix/default.nix | 5 + modules/utils/agenix/token2_hmac.pub | 2 + 7 files changed, 537 insertions(+), 31 deletions(-) create mode 100644 modules/utils/agenix/agenix.nix create mode 100644 modules/utils/agenix/default.nix create mode 100644 modules/utils/agenix/token2_hmac.pub diff --git a/flake.lock b/flake.lock index f085d82..4e1550e 100644 --- a/flake.lock +++ b/flake.lock @@ -21,12 +21,61 @@ "type": "github" } }, + "agenix-rekey": { + "inputs": { + "devshell": "devshell", + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks": "pre-commit-hooks", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1745855194, + "narHash": "sha256-l6ZmjOBl4KOjJ+KQEjR3GQdMP9Q+NlM+13BQ/N7vkOI=", + "owner": "oddlama", + "repo": "agenix-rekey", + "rev": "7584efc530a1e3c71d20fe07ce33c0ce96ca2afe", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "agenix-rekey", + "type": "github" + } + }, + "agenix-rekey_2": { + "inputs": { + "devshell": "devshell_2", + "flake-parts": "flake-parts_2", + "nixpkgs": [ + "private-config", + "nixpkgs" + ], + "pre-commit-hooks": "pre-commit-hooks_2", + "treefmt-nix": "treefmt-nix_2" + }, + "locked": { + "lastModified": 1745855194, + "narHash": "sha256-l6ZmjOBl4KOjJ+KQEjR3GQdMP9Q+NlM+13BQ/N7vkOI=", + "owner": "oddlama", + "repo": "agenix-rekey", + "rev": "7584efc530a1e3c71d20fe07ce33c0ce96ca2afe", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "agenix-rekey", + "type": "github" + } + }, "agenix_2": { "inputs": { "darwin": "darwin_2", "home-manager": "home-manager_3", "nixpkgs": "nixpkgs_4", - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1747575206, @@ -47,11 +96,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1747989804, - "narHash": "sha256-FACXQA+OH5jHx/MZIJoGNxg5H5XolsxOMmBLMWUCIQs=", + "lastModified": 1748080874, + "narHash": "sha256-sUebEzAkrY8Aq5G0GHFyRddmRNGP/a2iTtV7ISNvi/c=", "owner": "catppuccin", "repo": "nix", - "rev": "21e495cba91b63e8897d1a00155d58787d0e6e18", + "rev": "0ba11b12be81f0849a89ed17ab635164ea8f0112", "type": "github" }, "original": { @@ -105,10 +154,146 @@ "type": "github" } }, + "devshell": { + "inputs": { + "nixpkgs": [ + "agenix-rekey", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", + "owner": "numtide", + "repo": "devshell", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_2": { + "inputs": { + "nixpkgs": [ + "private-config", + "agenix-rekey", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", + "owner": "numtide", + "repo": "devshell", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "agenix-rekey", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "private-config", + "agenix-rekey", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems_2" }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_3" + }, "locked": { "lastModified": 1726560853, "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", @@ -123,6 +308,24 @@ "type": "github" } }, + "flake-utils_3": { + "inputs": { + "systems": "systems_5" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -138,6 +341,51 @@ "type": "github" } }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "agenix-rekey", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { + "inputs": { + "nixpkgs": [ + "private-config", + "agenix-rekey", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -166,11 +414,11 @@ ] }, "locked": { - "lastModified": 1747978958, - "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", + "lastModified": 1748227609, + "narHash": "sha256-SaSdslyo6UGDpPUlmrPA4dWOEuxCy2ihRN9K6BnqYsA=", "owner": "nix-community", "repo": "home-manager", - "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", + "rev": "d23d20f55d49d8818ac1f1b2783671e8a6725022", "type": "github" }, "original": { @@ -217,7 +465,7 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -243,11 +491,11 @@ ] }, "locked": { - "lastModified": 1747540584, - "narHash": "sha256-cxCQ413JTUuRv9Ygd8DABJ1D6kuB/nTfQqC0Lu9C0ls=", + "lastModified": 1748145500, + "narHash": "sha256-t9fx0l61WOxtWxXCqlXPWSuG/0XMF9DtE2T7KXgMqJw=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "ec179dd13fb7b4c6844f55be91436f7857226dce", + "rev": "a98adbf54d663395df0b9929f6481d4d80fc8927", "type": "github" }, "original": { @@ -306,11 +554,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1747744144, - "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", + "lastModified": 1748026106, + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", "type": "github" }, "original": { @@ -338,11 +586,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1747744144, - "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", + "lastModified": 1748026106, + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", "type": "github" }, "original": { @@ -352,17 +600,66 @@ "type": "github" } }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "agenix-rekey", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735882644, + "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_2": { + "inputs": { + "flake-compat": "flake-compat_2", + "gitignore": "gitignore_2", + "nixpkgs": [ + "private-config", + "agenix-rekey", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735882644, + "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "private-config": { "inputs": { "agenix": "agenix_2", + "agenix-rekey": "agenix-rekey_2", + "flake-utils": "flake-utils_3", "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1744793605, - "narHash": "sha256-Szla2CcSe+4ftRP0BqRGKnThcvoaBRBKQ2apHMMkwtg=", + "lastModified": 1748262172, + "narHash": "sha256-PMcBVjbFXBSmWDnbOESI58OgFzX8roO8CgHKS4wk4ME=", "ref": "refs/heads/main", - "rev": "3b37b2e597c0323e197edf0ebd2c9f14f90661e7", - "revCount": 32, + "rev": "a3749d7870c613e7ad9e12f8e69be69cceef7104", + "revCount": 35, "type": "git", "url": "ssh://git@git.catgirl.dog/etwas/private-nix-configs" }, @@ -374,7 +671,9 @@ "root": { "inputs": { "agenix": "agenix", + "agenix-rekey": "agenix-rekey", "catppuccin": "catppuccin", + "flake-utils": "flake-utils", "home-manager": "home-manager_2", "lix-module": "lix-module", "nix-index-database": "nix-index-database", @@ -389,14 +688,14 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems_4" + "systems": "systems_6" }, "locked": { - "lastModified": 1747607404, - "narHash": "sha256-xj2Ji+rE+oYjf0BsTDT7K/StnYuZQK9MTbX8U1DUcC0=", + "lastModified": 1748147548, + "narHash": "sha256-9IaAQkgyF4PFtVyui8vF6oJah0iVcO9DaOefjdTMthE=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "8c1be0e5e9a7f35ccd6f7b10bcfa08f2734dad91", + "rev": "f0595e3b59260457042450749eaec00a5a47db35", "type": "github" }, "original": { @@ -464,6 +763,79 @@ "repo": "default", "type": "github" } + }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "agenix-rekey", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735135567, + "narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "9e09d30a644c57257715902efbb3adc56c79cf28", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { + "inputs": { + "nixpkgs": [ + "private-config", + "agenix-rekey", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735135567, + "narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "9e09d30a644c57257715902efbb3adc56c79cf28", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 2f09634..cff8771 100644 --- a/flake.nix +++ b/flake.nix @@ -1,5 +1,5 @@ { - description = "Rhea's flakes"; + description = "Etwas's flakes"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; @@ -15,6 +15,13 @@ agenix.url = "github:ryantm/agenix"; + agenix-rekey = { + url = "github:oddlama/agenix-rekey"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + flake-utils.url = "github:numtide/flake-utils"; + spicetify-nix = { url = "github:Gerg-L/spicetify-nix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -41,6 +48,7 @@ nixpkgs, nixos-hardware, agenix, + agenix-rekey, spicetify-nix, nix-index-database, lix-module, @@ -53,6 +61,7 @@ inherit inputs; inherit spicetify-nix; inherit agenix; + inherit agenix-rekey; inherit private-config; }; @@ -60,15 +69,24 @@ # List all Modules to load modules = [ + agenix.nixosModules.default + agenix-rekey.nixosModules.default nixos-hardware.nixosModules.framework-13-7040-amd lix-module.nixosModules.default nix-index-database.nixosModules.nix-index - private-config.nixosModules.default + # private-config.nixosModules.default ./modules ./home ]; }; + agenix-rekey = agenix-rekey.configure { + userFlake = self; + nixosConfigurations = self.nixosConfigurations; + # Example for colmena: + # nixosConfigurations = ((colmena.lib.makeHive self.colmena).introspect (x: x)).nodes; + }; + formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style; }; } diff --git a/home/default.nix b/home/default.nix index 5a2bd9d..74f9cd9 100644 --- a/home/default.nix +++ b/home/default.nix @@ -3,6 +3,7 @@ inputs, spicetify-nix, agenix, + agenix-rekey, ... }: { @@ -19,6 +20,7 @@ extraSpecialArgs = { inherit spicetify-nix; inherit agenix; + inherit agenix-rekey; }; users.rhea = { @@ -39,7 +41,7 @@ inputs.catppuccin.homeModules.catppuccin inputs.spicetify-nix.homeManagerModules.default inputs.nix-index-database.hmModules.nix-index - inputs.agenix.homeManagerModules.age + # inputs.agenix.homeManagerModules.age inputs.private-config.homeManagerModules.default ] ++ [ @@ -53,7 +55,7 @@ users.users.rhea = { isNormalUser = true; - description = "Rhea"; + description = "etwas"; extraGroups = [ "networkmanager" "wheel" diff --git a/home/misc_pkgs/packages.nix b/home/misc_pkgs/packages.nix index 5c5e3f8..87f1d3c 100644 --- a/home/misc_pkgs/packages.nix +++ b/home/misc_pkgs/packages.nix @@ -1,4 +1,8 @@ -{ pkgs, agenix, ... }: +{ + pkgs, + agenix-rekey, + ... +}: { nixpkgs.config.allowUnfree = true; @@ -40,6 +44,7 @@ ranger nautilus fido2-manage + age-plugin-fido2-hmac unzip pandoc file-roller @@ -65,7 +70,8 @@ nix-output-monitor nil nh - agenix.packages.${system}.default + # agenix.packages.${system}.default + agenix-rekey.packages.${system}.default nixfmt-rfc-style # Dev Things diff --git a/modules/utils/agenix/agenix.nix b/modules/utils/agenix/agenix.nix new file mode 100644 index 0000000..175f613 --- /dev/null +++ b/modules/utils/agenix/agenix.nix @@ -0,0 +1,101 @@ +{ + config, + pkgs, + ... +}: +{ + # TODO: Get a token2 and set up https://github.com/oddlama/agenix-rekey + age = { + identityPaths = [ "/var/lib/persistent/host_id_ed25519" ]; + + rekey = { + agePlugins = [ pkgs.age-plugin-fido2-hmac ]; + + # Obtain this using `ssh-keyscan` or by looking it up in your ~/.ssh/known_hosts + hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJynM8SLRXRrfGRJd43T4wabsOHFcWeeuTym9h7vl7Io"; + # The path to the master identity used for decryption. See the option's description for more information. + masterIdentities = [ ./token2_hmac.pub ]; + #masterIdentities = [ "/home/myuser/master-key" ]; # External master key + #masterIdentities = [ + # # It is possible to specify an identity using the following alternate syntax, + # # this can be used to avoid unecessary prompts during encryption. + # { + # identity = "/home/myuser/master-key.age"; # Password protected external master key + # pubkey = "age1qyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqs3290gq"; # Specify the public key explicitly + # } + #]; + storageMode = "local"; + # Choose a directory to store the rekeyed secrets for this host. + # This cannot be shared with other hosts. Please refer to this path + # from your flake's root directory and not by a direct path literal like ./secrets + localStorageDir = inputs.private-config/modules/secrets + "/rekeyed/${config.networking.hostName}"; + }; + + secrets = { + access-tokens-github.file = inputs.private-config/modules/secrets/gh_argstr.age; + + fbda-wg-privkey.file = inputs.private-config/modules/secrets/fbda_wg_priv_key.age; + fbda-wg-psk.file = inputs.private-config/modules/secrets/fbda_wg_psk.age; + + obvps-id = { + file = inputs.private-config/modules/secrets/1bvps.age; + path = "/home/rhea/.ssh/id_1bvps"; + owner = "rhea"; + symlink = false; + }; + + ncvps-id = { + file = inputs.private-config/modules/secrets/ncvps.age; + path = "/home/rhea/.ssh/id_ncvps"; + owner = "rhea"; + symlink = false; + }; + + gh_etwas = { + file = inputs.private-config/modules/secrets/gh_token.age; + path = "/home/rhea/.ssh/id_gh_etwas"; + owner = "rhea"; + symlink = false; + }; + + gcd_etwas = { + file = inputs.private-config/modules/secrets/gcd_etwas.age; + path = "/home/rhea/.ssh/id_gcd_etwas"; + owner = "rhea"; + symlink = false; + }; + + ebd_rhea = { + file = inputs.private-config/modules/secrets/ebd_token.age; + path = "/home/rhea/.ssh/id_ebd_rhea"; + owner = "rhea"; + symlink = false; + }; + + glrwth_tuda = { + file = inputs.private-config/modules/secrets/glrwth_token.age; + path = "/home/rhea/.ssh/id_glrwth_tuda"; + owner = "rhea"; + symlink = false; + }; + + etwas_sign_key = { + file = inputs.private-config/modules/secrets/sign_etwas.age; + path = "/home/rhea/.ssh/etwas_sign_key"; + owner = "rhea"; + symlink = false; + }; + + ffda_outoor_key = { + file = inputs.private-config/modules/secrets/ffda_token.age; + path = "/home/rhea/.ssh/id_ffda_outdoor"; + owner = "rhea"; + symlink = false; + }; + }; + }; + + nix.extraOptions = '' + !include ${config.age.secrets.access-tokens-github.path} + ''; +} diff --git a/modules/utils/agenix/default.nix b/modules/utils/agenix/default.nix new file mode 100644 index 0000000..6d00db9 --- /dev/null +++ b/modules/utils/agenix/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./agenix.nix + ]; +} diff --git a/modules/utils/agenix/token2_hmac.pub b/modules/utils/agenix/token2_hmac.pub new file mode 100644 index 0000000..b71b0a9 --- /dev/null +++ b/modules/utils/agenix/token2_hmac.pub @@ -0,0 +1,2 @@ +# public key: age13df3ep0jm5f5nd63rm9lqscclcq6ckkpah4s8jnr986c2qajuq8saw67ju +AGE-PLUGIN-FIDO2-HMAC-1QQPQRFE05VSA89230US6NVEN6J07306NRQATZ7D5D3GUDERJXPHA22L3RMQM34HFCM5QVRSJTGJHD6PLG4LEWNZ0URE07450UKV5S3ZKMU8AHK7QE7JZD0T7SDW8TNLKDWWN929Q7LCRZ84HCX23TUCQ67377LLCKHU336CLSHS6UWGGJGQPEF44EN0V43P9EQJKJJWECJER5P0D7Y76MLG9