patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

feat: sign store paths

Browse source
This commit is contained in:
Patrick 2024-12-07 15:05:58 +01:00
parent 048aa1cfc4
commit 1d499c5fc3
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
4 changed files with 43 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
config/basic/nix.nix
View file

@ -1,4 +1,8 @@
{ inputs, stateVersion, ... }: {
inputs,
stateVersion,
...
}:
{ {
nix = { nix = {
channel.enable = false; channel.enable = false;
@ -25,6 +29,7 @@
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA=" "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
"ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc=" "ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc="
(builtins.readFile ../../secrets/nix-key.pub)
]; ];
cores = 0; cores = 0;
max-jobs = "auto"; max-jobs = "auto";

15
secrets/nix-key.age Normal file
View file

@ -0,0 +1,15 @@
age-encryption.org/v1
-> X25519 ZSqhSMLNYE+Zuy7fviIS8WrGJ9s1v697QI09MBephxk
ghtdboWmw743Q2/ZxO/wNb2nfWA/4SD5YIe/QJ/OLcU
-> piv-p256 ZFgiIw A6hz4+nNIewj/lOuAFkq90pQGlRmLXjYC7/kzuqrDWfn
5TegHKLn0xp6ZHOw2xPVgbILuWz66ommzGgvgegx8/4
-> piv-p256 XTQkUA A3JpjyVeyfR9rTpda7PjN1KqLLUlHfjVFX4nEZi9RIk6
gPK+N+tFlCQrdWuMk6Sch+ZO1Rm9y8C1HXpx4CelSIs
-> piv-p256 ZFgiIw A1tUke9w5HVAzPNqbRWPff3jNamve/5Vx55wnSAATSXu
x97X+GIa68umqbmTibcK29AfIvwkTrDpXHbYhLpexP4
-> piv-p256 5vmPtQ AvdJ4kYYAONx3vrYR4tYY0HrR/EAjsTo7Guk32BhpsJN
UWY49vwtTDrX/wgn4hbinadCp+7v7Qu8vJg+4yA2dGo
-> `nceeU-grease nKj9l >n>
dcVffNSdSw
--- leA1O4oK5yJtoHRZLzFBTY8Hvvl96f/CdbAO6zL92Js
0Ïû™çüÝ{rgØD¨×Z€ qÖ<71>u"Y”á_œc©`65ÜE”fŸž|†×Ì<kCÔµ†ü›žôŠ!àk{ž€àá¿Æuú<75>,æ»ôî7ë¡Ù¯ãNþœ$þ²<hE£U®=Ñ. ¦ÀiOœ“uäep31 ímeö0¨B->qȵ?÷ÀEÄ'

1
secrets/nix-key.pub Normal file
View file

@ -0,0 +1 @@
patrickdag.lel.lol-1:MrJBnSnIfvBm/fUdrtXnKstu3yo0NfZa6hKgfDvnsFg=

21
users/patrick/dev.nix
View file

@ -7,6 +7,27 @@
... ...
}: }:
lib.optionalAttrs (!minimal) { lib.optionalAttrs (!minimal) {
age.secrets.nix-key = {
rekeyFile = ../../secrets/nix-key.age;
generator.script =
{
pkgs,
file,
...
}:
''
priv=$(${lib.getExe pkgs.nix} key generate-secret --key-name patrickdag.lel.lol-1)
${lib.getExe pkgs.nix} key convert-secret-to-public <<< "$priv" > ${
lib.escapeShellArg (lib.removeSuffix ".age" file + ".pub")
}
echo "$priv"
'';
};
nix.settings = {
secret-key-files = [
config.age.secrets.nix-key.path
];
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
python3 python3
jq jq