Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

flake: migrate to agenix-rekey

Browse source
This commit is contained in:
Infinidoge 2025-02-18 21:47:38 -05:00
parent 26734c2196
commit b54be3998f
Signed by: Infinidoge
SSH key fingerprint: SHA256:oAMyvotlNFraMmZmr+p6AxnNfW/GioTs1pOn3V4tQ7A
61 changed files with 306 additions and 190 deletions
Download patch file Download diff file Expand all files Collapse all files

16
users/infinidoge/default.nix
View file

@ -43,7 +43,7 @@ in
POP_SMTP_HOST = common.email.smtp.address;
POP_SMTP_PORT = common.email.smtp.STARTTLS;
POP_SMTP_USERNAME = common.email.withUser "infinidoge";
POP_SMTP_PASSWORD = "$(cat ${secrets.personal-smtp-password})";
POP_SMTP_PASSWORD = "$(cat ${secrets.smtp-personal})";
};
home.packages =
@ -110,10 +110,22 @@ in
adb.enable = config.info.graphical;
};
age.rekey.masterIdentities = [
./keys/primary_age.pub
./keys/backup_age.pub
];
age.secrets = {
password-infinidoge.rekeyFile = ./password.age;
smtp-personal.rekeyFile = ./smtp-personal.age;
smtp-personal.owner = "infinidoge";
};
user.hashedPasswordFile = mkIf config.modules.secrets.enable secrets.password-infinidoge;
user = {
name = "infinidoge";
uid = 1000;
hashedPasswordFile = mkIf config.modules.secrets.enable config.secrets.infinidoge-password;
description = "Infinidoge, primary user of the system";
group = "users";
isNormalUser = true;

7
users/infinidoge/keys/backup_age.pub Normal file
View file

@ -0,0 +1,7 @@
# Serial: 26969244, Slot: 1
# Name: BACKUP_AGE
# Created: Wed, 19 Feb 2025 01:58:28 +0000
# PIN policy: Once (A PIN is required once per session, if set)
# Touch policy: Cached (A physical touch is required for decryption, and is cached for 15 seconds)
# Recipient: age1yubikey1q2dxqlvpp0jpjumgmm3rk952dqexy6r2ff4ul62luman3uga6s0l5llfumw
AGE-PLUGIN-YUBIKEY-1NJZFKQVZUM4H93SSLXN5A

7
users/infinidoge/keys/primary_age.pub Normal file
View file

@ -0,0 +1,7 @@
# Serial: 24623451, Slot: 1
# Name: PRIMARY_AGE
# Created: Wed, 19 Feb 2025 00:53:27 +0000
# PIN policy: Once (A PIN is required once per session, if set)
# Touch policy: Cached (A physical touch is required for decryption, and is cached for 15 seconds)
# Recipient: age1yubikey1q2mfklp6cectpmkefv6edr9elreeypdzwhpzsnwry9nzjq3epnswstkyq5w
AGE-PLUGIN-YUBIKEY-1TWUHWQVZPYLV4KGFG23L9

BIN
users/infinidoge/password.age Normal file
View file

Binary file not shown.

BIN
users/infinidoge/smtp-personal.age Normal file
View file

Binary file not shown.