fireproof/nixos
1
0
Fork 0
mirror of https://github.com/nickolaj-jepsen/nixos.git synced 2026-01-22 08:06:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

complete rework v3

Browse source
This commit is contained in:
Nickolaj Jepsen 2025-02-18 20:17:57 +01:00
parent 7409e9ca10
commit 366a0e221a
131 changed files with 20171 additions and 585 deletions
Download patch file Download diff file Expand all files Collapse all files

20
parts/modules/base/secrets.nix Normal file
View file

@ -0,0 +1,20 @@
{hostname, ...}: let
hostSecrets = ../../../secrets/hosts + ("/" + hostname);
publicKey = builtins.readFile (hostSecrets + "/id_ed25519.pub");
in {
age.rekey = {
storageMode = "local";
hostPubkey = publicKey;
masterIdentities = [
{
identity = ../../../secrets/yubikey-identity.pub;
# pubkey = "age1yubikey1q25a8ax2t0ujv7q5wvpmlpa52h599n6682jprxuftlw4zpxy2xu9s6lhrel";
}
];
extraEncryptionPubkeys = [
"age1pzrfw28f8qvsk9g8p2stundf4ph466jut0g6q47sse76zljtqy9q2w32zr" # Backup key (bitwarden)
];
localStorageDir = hostSecrets + /.rekey;
generatedSecretsDir = hostSecrets;
};
}