fireproof/nixos
1
0
Fork 0
mirror of https://github.com/nickolaj-jepsen/nixos.git synced 2026-01-22 08:06:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

update

Browse source
This commit is contained in:
Nickolaj Jepsen 2025-02-20 22:50:06 +01:00
parent 2b7b63a18c
commit 638ef7093e
140 changed files with 307 additions and 121 deletions
Download patch file Download diff file Expand all files Collapse all files

20
modules/base/secrets.nix Normal file
View file

@ -0,0 +1,20 @@
{hostname, ...}: let
hostSecrets = ../../secrets/hosts + ("/" + hostname);
publicKey = builtins.readFile (hostSecrets + "/id_ed25519.pub");
in {
age.identityPaths = ["/etc/ssh/ssh_host_ed25519_key"];
age.rekey = {
storageMode = "local";
hostPubkey = publicKey;
masterIdentities = [
{
identity = ../../secrets/yubikey-identity.pub;
}
];
extraEncryptionPubkeys = [
"age1pzrfw28f8qvsk9g8p2stundf4ph466jut0g6q47sse76zljtqy9q2w32zr" # Backup key (bitwarden)
];
localStorageDir = hostSecrets + /.rekey;
generatedSecretsDir = hostSecrets;
};
}