wip a different secret

2023-04-05 16:50:43 +03:00 · 2023-04-05 16:50:43 +03:00 · a0c620725b
parent c4acd525c7
commit a0c620725b
5 changed files with 37 additions and 1 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -102,6 +102,7 @@ in {
    };
  };
  time.timeZone = "UTC";
  users = {
--- a/flake.nix
+++ b/flake.nix
@ -39,6 +39,11 @@
          ./zfs.nix
          agenix.nixosModules.default
          {
            #age.secrets.zfs-passphrase.file = ./secrets/hel1-a/zfs-passphrase.age;
            age.secrets.x.file = ./secrets/hel1-a/zfs-passphrase.age;
          }
        ];
      };
@ -62,7 +67,8 @@
      devShells.default = with pkgs;
        mkShell {
          packages = [
-              pkgs.age
+              pkgs.rage
              pkgs.age-plugin-yubikey
              agenix.packages.${system}.agenix
              deploy-rs.packages.${system}.deploy-rs
          ];
--- a/secrets.nix
+++ b/secrets.nix
@ -0,0 +1,10 @@
 let
  motiejus = "age1yubikey1qtwmhf7h7ljs3dyx06wyzme4st6w4calkdpmsxgpxc9t2cldezvasd6n8wg";
  users = [ motiejus ];
  hel1-a = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6Wd2lKrpP2Gqul10obMo2dc1xKaaLv0I4FAnfIaFKu";
  systems = [ hel1-a ];
 in
 {
  "secrets/hel1-a/zfs-passphrase.age".publicKeys = [ motiejus hel1-a ];
 }
--- a/secrets/hel1-a/zfs-passphrase.age
+++ b/secrets/hel1-a/zfs-passphrase.age
@ -0,0 +1,10 @@
 age-encryption.org/v1
 -> ssh-ed25519 vDjOfg KnpCkORn/iztI4mW7KJSPWz7w5+suCy0DbpSal9/NUY
 1brrf3mbnQuswCz96J/vy0cnKw5gFH1SZ0pQFKZK4Do
 -> piv-p256 +y2G/w Ayr131SxWAZEaUgyXLS8TcyccefAkG5MG/Zx6xHj0kOH
 eyy7OTR7xQb94FI6vWRULLC0kpps5S7jDMmZh6PNyBQ
 -> Bgmf{-grease
 J0eB9JaT3C/6anoo+SSMly9Pr7PIOckxVwi8WXx47tCfbzHUVq5xW07QNoT8QJPS
 EghExahZE0OEgMwVB1gS0IHnaygSpkklCUTJ235cQTadBXyDRYdTJ5BHFtb0
 --- xYpDb8+FYgwnhvK5U+VS9uhj7z6WwoYuZieFtuQYtKs
 Ø¹ +sDàŠ$Ç²00îWºÞÐƒ³ðX9¹ÔRQoòÏkú<6B>^UqtL‚	©N._6sl5¬—íN4âä¼3;
--- a/secrets/identity.txt
+++ b/secrets/identity.txt
@ -0,0 +1,9 @@
 #       Serial: 9089636, Slot: 1
 #         Name: motiejus/config-secrets
 #      Created: Wed, 05 Apr 2023 12:14:28 +0000
 #   PIN policy: Once   (A PIN is required once per session, if set)
 # Touch policy: Cached (A physical touch is required for decryption, and is cached for 15 seconds)
 #    Recipient: age1yubikey1qtwmhf7h7ljs3dyx06wyzme4st6w4calkdpmsxgpxc9t2cldezvasd6n8wg
 AGE-PLUGIN-YUBIKEY-1VJEG5QYZLVKCDLCCDUEEX