etwas/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: agenix-rekey fuckery?

Browse source
This commit is contained in:
etwas 2025-05-26 15:37:14 +02:00
parent b066c52ff1
commit 94f382952b
Signed by: etwas
SSH key fingerprint: SHA256:bHhIeAdn/2k9jmOs6+u6ox98VYmoHUN3HfnpV2w8Ws0
7 changed files with 537 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

422
flake.lock
View file

@ -21,12 +21,61 @@
"type": "github" "type": "github"
} }
}, },
"agenix-rekey": {
"inputs": {
"devshell": "devshell",
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1745855194,
"narHash": "sha256-l6ZmjOBl4KOjJ+KQEjR3GQdMP9Q+NlM+13BQ/N7vkOI=",
"owner": "oddlama",
"repo": "agenix-rekey",
"rev": "7584efc530a1e3c71d20fe07ce33c0ce96ca2afe",
"type": "github"
},
"original": {
"owner": "oddlama",
"repo": "agenix-rekey",
"type": "github"
}
},
"agenix-rekey_2": {
"inputs": {
"devshell": "devshell_2",
"flake-parts": "flake-parts_2",
"nixpkgs": [
"private-config",
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks_2",
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1745855194,
"narHash": "sha256-l6ZmjOBl4KOjJ+KQEjR3GQdMP9Q+NlM+13BQ/N7vkOI=",
"owner": "oddlama",
"repo": "agenix-rekey",
"rev": "7584efc530a1e3c71d20fe07ce33c0ce96ca2afe",
"type": "github"
},
"original": {
"owner": "oddlama",
"repo": "agenix-rekey",
"type": "github"
}
},
"agenix_2": { "agenix_2": {
"inputs": { "inputs": {
"darwin": "darwin_2", "darwin": "darwin_2",
"home-manager": "home-manager_3", "home-manager": "home-manager_3",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_4",
"systems": "systems_3" "systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1747575206, "lastModified": 1747575206,
@ -47,11 +96,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1747989804, "lastModified": 1748080874,
"narHash": "sha256-FACXQA+OH5jHx/MZIJoGNxg5H5XolsxOMmBLMWUCIQs=", "narHash": "sha256-sUebEzAkrY8Aq5G0GHFyRddmRNGP/a2iTtV7ISNvi/c=",
"owner": "catppuccin", "owner": "catppuccin",
"repo": "nix", "repo": "nix",
"rev": "21e495cba91b63e8897d1a00155d58787d0e6e18", "rev": "0ba11b12be81f0849a89ed17ab635164ea8f0112",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -105,10 +154,146 @@
"type": "github" "type": "github"
} }
}, },
"devshell": {
"inputs": {
"nixpkgs": [
"agenix-rekey",
"nixpkgs"
]
},
"locked": {
"lastModified": 1728330715,
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
"owner": "numtide",
"repo": "devshell",
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"devshell_2": {
"inputs": {
"nixpkgs": [
"private-config",
"agenix-rekey",
"nixpkgs"
]
},
"locked": {
"lastModified": 1728330715,
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
"owner": "numtide",
"repo": "devshell",
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"agenix-rekey",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"private-config",
"agenix-rekey",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": { "locked": {
"lastModified": 1726560853, "lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
@ -123,6 +308,24 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_3": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": { "flakey-profile": {
"locked": { "locked": {
"lastModified": 1712898590, "lastModified": 1712898590,
@ -138,6 +341,51 @@
"type": "github" "type": "github"
} }
}, },
"gitignore": {
"inputs": {
"nixpkgs": [
"agenix-rekey",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"private-config",
"agenix-rekey",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -166,11 +414,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747978958, "lastModified": 1748227609,
"narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", "narHash": "sha256-SaSdslyo6UGDpPUlmrPA4dWOEuxCy2ihRN9K6BnqYsA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "7419250703fd5eb50e99bdfb07a86671939103ea", "rev": "d23d20f55d49d8818ac1f1b2783671e8a6725022",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -217,7 +465,7 @@
}, },
"lix-module": { "lix-module": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"flakey-profile": "flakey-profile", "flakey-profile": "flakey-profile",
"lix": "lix", "lix": "lix",
"nixpkgs": [ "nixpkgs": [
@ -243,11 +491,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747540584, "lastModified": 1748145500,
"narHash": "sha256-cxCQ413JTUuRv9Ygd8DABJ1D6kuB/nTfQqC0Lu9C0ls=", "narHash": "sha256-t9fx0l61WOxtWxXCqlXPWSuG/0XMF9DtE2T7KXgMqJw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "ec179dd13fb7b4c6844f55be91436f7857226dce", "rev": "a98adbf54d663395df0b9929f6481d4d80fc8927",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -306,11 +554,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1747744144, "lastModified": 1748026106,
"narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -338,11 +586,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1747744144, "lastModified": 1748026106,
"narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -352,17 +600,66 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"agenix-rekey",
"nixpkgs"
]
},
"locked": {
"lastModified": 1735882644,
"narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "a5a961387e75ae44cc20f0a57ae463da5e959656",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pre-commit-hooks_2": {
"inputs": {
"flake-compat": "flake-compat_2",
"gitignore": "gitignore_2",
"nixpkgs": [
"private-config",
"agenix-rekey",
"nixpkgs"
]
},
"locked": {
"lastModified": 1735882644,
"narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "a5a961387e75ae44cc20f0a57ae463da5e959656",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"private-config": { "private-config": {
"inputs": { "inputs": {
"agenix": "agenix_2", "agenix": "agenix_2",
"agenix-rekey": "agenix-rekey_2",
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1744793605, "lastModified": 1748262172,
"narHash": "sha256-Szla2CcSe+4ftRP0BqRGKnThcvoaBRBKQ2apHMMkwtg=", "narHash": "sha256-PMcBVjbFXBSmWDnbOESI58OgFzX8roO8CgHKS4wk4ME=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "3b37b2e597c0323e197edf0ebd2c9f14f90661e7", "rev": "a3749d7870c613e7ad9e12f8e69be69cceef7104",
"revCount": 32, "revCount": 35,
"type": "git", "type": "git",
"url": "ssh://git@git.catgirl.dog/etwas/private-nix-configs" "url": "ssh://git@git.catgirl.dog/etwas/private-nix-configs"
}, },
@ -374,7 +671,9 @@
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"agenix-rekey": "agenix-rekey",
"catppuccin": "catppuccin", "catppuccin": "catppuccin",
"flake-utils": "flake-utils",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"lix-module": "lix-module", "lix-module": "lix-module",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
@ -389,14 +688,14 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"systems": "systems_4" "systems": "systems_6"
}, },
"locked": { "locked": {
"lastModified": 1747607404, "lastModified": 1748147548,
"narHash": "sha256-xj2Ji+rE+oYjf0BsTDT7K/StnYuZQK9MTbX8U1DUcC0=", "narHash": "sha256-9IaAQkgyF4PFtVyui8vF6oJah0iVcO9DaOefjdTMthE=",
"owner": "Gerg-L", "owner": "Gerg-L",
"repo": "spicetify-nix", "repo": "spicetify-nix",
"rev": "8c1be0e5e9a7f35ccd6f7b10bcfa08f2734dad91", "rev": "f0595e3b59260457042450749eaec00a5a47db35",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -464,6 +763,79 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"agenix-rekey",
"nixpkgs"
]
},
"locked": {
"lastModified": 1735135567,
"narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "9e09d30a644c57257715902efbb3adc56c79cf28",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"private-config",
"agenix-rekey",
"nixpkgs"
]
},
"locked": {
"lastModified": 1735135567,
"narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "9e09d30a644c57257715902efbb3adc56c79cf28",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

22
flake.nix
View file

@ -1,5 +1,5 @@
{ {
description = "Rhea's flakes"; description = "Etwas's flakes";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
@ -15,6 +15,13 @@
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";
agenix-rekey = {
url = "github:oddlama/agenix-rekey";
inputs.nixpkgs.follows = "nixpkgs";
};
flake-utils.url = "github:numtide/flake-utils";
spicetify-nix = { spicetify-nix = {
url = "github:Gerg-L/spicetify-nix"; url = "github:Gerg-L/spicetify-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -41,6 +48,7 @@
nixpkgs, nixpkgs,
nixos-hardware, nixos-hardware,
agenix, agenix,
agenix-rekey,
spicetify-nix, spicetify-nix,
nix-index-database, nix-index-database,
lix-module, lix-module,
@ -53,6 +61,7 @@
inherit inputs; inherit inputs;
inherit spicetify-nix; inherit spicetify-nix;
inherit agenix; inherit agenix;
inherit agenix-rekey;
inherit private-config; inherit private-config;
}; };
@ -60,15 +69,24 @@
# List all Modules to load # List all Modules to load
modules = [ modules = [
agenix.nixosModules.default
agenix-rekey.nixosModules.default
nixos-hardware.nixosModules.framework-13-7040-amd nixos-hardware.nixosModules.framework-13-7040-amd
lix-module.nixosModules.default lix-module.nixosModules.default
nix-index-database.nixosModules.nix-index nix-index-database.nixosModules.nix-index
private-config.nixosModules.default # private-config.nixosModules.default
./modules ./modules
./home ./home
]; ];
}; };
agenix-rekey = agenix-rekey.configure {
userFlake = self;
nixosConfigurations = self.nixosConfigurations;
# Example for colmena:
# nixosConfigurations = ((colmena.lib.makeHive self.colmena).introspect (x: x)).nodes;
};
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style; formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
}; };
} }

6
home/default.nix
View file

@ -3,6 +3,7 @@
inputs, inputs,
spicetify-nix, spicetify-nix,
agenix, agenix,
agenix-rekey,
... ...
}: }:
{ {
@ -19,6 +20,7 @@
extraSpecialArgs = { extraSpecialArgs = {
inherit spicetify-nix; inherit spicetify-nix;
inherit agenix; inherit agenix;
inherit agenix-rekey;
}; };
users.rhea = { users.rhea = {
@ -39,7 +41,7 @@
inputs.catppuccin.homeModules.catppuccin inputs.catppuccin.homeModules.catppuccin
inputs.spicetify-nix.homeManagerModules.default inputs.spicetify-nix.homeManagerModules.default
inputs.nix-index-database.hmModules.nix-index inputs.nix-index-database.hmModules.nix-index
inputs.agenix.homeManagerModules.age # inputs.agenix.homeManagerModules.age
inputs.private-config.homeManagerModules.default inputs.private-config.homeManagerModules.default
] ]
++ [ ++ [
@ -53,7 +55,7 @@
users.users.rhea = { users.users.rhea = {
isNormalUser = true; isNormalUser = true;
description = "Rhea"; description = "etwas";
extraGroups = [ extraGroups = [
"networkmanager" "networkmanager"
"wheel" "wheel"

10
home/misc_pkgs/packages.nix
View file

@ -1,4 +1,8 @@
{ pkgs, agenix, ... }: {
pkgs,
agenix-rekey,
...
}:
{ {
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
@ -40,6 +44,7 @@
ranger ranger
nautilus nautilus
fido2-manage fido2-manage
age-plugin-fido2-hmac
unzip unzip
pandoc pandoc
file-roller file-roller
@ -65,7 +70,8 @@
nix-output-monitor nix-output-monitor
nil nil
nh nh
agenix.packages.${system}.default # agenix.packages.${system}.default
agenix-rekey.packages.${system}.default
nixfmt-rfc-style nixfmt-rfc-style
# Dev Things # Dev Things

101
modules/utils/agenix/agenix.nix Normal file
View file

@ -0,0 +1,101 @@
{
config,
pkgs,
...
}:
{
# TODO: Get a token2 and set up https://github.com/oddlama/agenix-rekey
age = {
identityPaths = [ "/var/lib/persistent/host_id_ed25519" ];
rekey = {
agePlugins = [ pkgs.age-plugin-fido2-hmac ];
# Obtain this using `ssh-keyscan` or by looking it up in your ~/.ssh/known_hosts
hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJynM8SLRXRrfGRJd43T4wabsOHFcWeeuTym9h7vl7Io";
# The path to the master identity used for decryption. See the option's description for more information.
masterIdentities = [ ./token2_hmac.pub ];
#masterIdentities = [ "/home/myuser/master-key" ]; # External master key
#masterIdentities = [
# # It is possible to specify an identity using the following alternate syntax,
# # this can be used to avoid unecessary prompts during encryption.
# {
# identity = "/home/myuser/master-key.age"; # Password protected external master key
# pubkey = "age1qyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqs3290gq"; # Specify the public key explicitly
# }
#];
storageMode = "local";
# Choose a directory to store the rekeyed secrets for this host.
# This cannot be shared with other hosts. Please refer to this path
# from your flake's root directory and not by a direct path literal like ./secrets
localStorageDir = inputs.private-config/modules/secrets + "/rekeyed/${config.networking.hostName}";
};
secrets = {
access-tokens-github.file = inputs.private-config/modules/secrets/gh_argstr.age;
fbda-wg-privkey.file = inputs.private-config/modules/secrets/fbda_wg_priv_key.age;
fbda-wg-psk.file = inputs.private-config/modules/secrets/fbda_wg_psk.age;
obvps-id = {
file = inputs.private-config/modules/secrets/1bvps.age;
path = "/home/rhea/.ssh/id_1bvps";
owner = "rhea";
symlink = false;
};
ncvps-id = {
file = inputs.private-config/modules/secrets/ncvps.age;
path = "/home/rhea/.ssh/id_ncvps";
owner = "rhea";
symlink = false;
};
gh_etwas = {
file = inputs.private-config/modules/secrets/gh_token.age;
path = "/home/rhea/.ssh/id_gh_etwas";
owner = "rhea";
symlink = false;
};
gcd_etwas = {
file = inputs.private-config/modules/secrets/gcd_etwas.age;
path = "/home/rhea/.ssh/id_gcd_etwas";
owner = "rhea";
symlink = false;
};
ebd_rhea = {
file = inputs.private-config/modules/secrets/ebd_token.age;
path = "/home/rhea/.ssh/id_ebd_rhea";
owner = "rhea";
symlink = false;
};
glrwth_tuda = {
file = inputs.private-config/modules/secrets/glrwth_token.age;
path = "/home/rhea/.ssh/id_glrwth_tuda";
owner = "rhea";
symlink = false;
};
etwas_sign_key = {
file = inputs.private-config/modules/secrets/sign_etwas.age;
path = "/home/rhea/.ssh/etwas_sign_key";
owner = "rhea";
symlink = false;
};
ffda_outoor_key = {
file = inputs.private-config/modules/secrets/ffda_token.age;
path = "/home/rhea/.ssh/id_ffda_outdoor";
owner = "rhea";
symlink = false;
};
};
};
nix.extraOptions = ''
!include ${config.age.secrets.access-tokens-github.path}
'';
}

5
modules/utils/agenix/default.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
./agenix.nix
];
}

2
modules/utils/agenix/token2_hmac.pub Normal file
View file

@ -0,0 +1,2 @@
# public key: age13df3ep0jm5f5nd63rm9lqscclcq6ckkpah4s8jnr986c2qajuq8saw67ju
AGE-PLUGIN-FIDO2-HMAC-1QQPQRFE05VSA89230US6NVEN6J07306NRQATZ7D5D3GUDERJXPHA22L3RMQM34HFCM5QVRSJTGJHD6PLG4LEWNZ0URE07450UKV5S3ZKMU8AHK7QE7JZD0T7SDW8TNLKDWWN929Q7LCRZ84HCX23TUCQ67377LLCKHU336CLSHS6UWGGJGQPEF44EN0V43P9EQJKJJWECJER5P0D7Y76MLG9