diff --git a/flake.nix b/flake.nix index 2a3298a..1794d4c 100644 --- a/flake.nix +++ b/flake.nix @@ -109,8 +109,8 @@ in { secretsConfig = { - masterIdentities = [./secrets/NIXOSc.key.pub]; - #masterIdentities = [./secrets/NIXOSa.key.pub]; + # This should be a link to one of the age public keys is './keys' + masterIdentities = ["/run/decrypt.key.pub"]; extraEncryptionPubkeys = [./secrets/recipients.txt]; }; agenix-rekey = agenix-rekey.configure { diff --git a/hosts/desktopnix/default.nix b/hosts/desktopnix/default.nix index bcacc0a..06fe998 100644 --- a/hosts/desktopnix/default.nix +++ b/hosts/desktopnix/default.nix @@ -42,4 +42,8 @@ layout = "de"; xkbVariant = "bone"; }; + + system.activationScripts.decryptKey.text = '' + ln -s ${../../keys/PatC.key} /run/decrypt.key.pub + ''; } diff --git a/hosts/patricknix/default.nix b/hosts/patricknix/default.nix index ec5ec9b..ee5266a 100644 --- a/hosts/patricknix/default.nix +++ b/hosts/patricknix/default.nix @@ -50,4 +50,7 @@ }; }; }; + system.activationScripts.decryptKey.text = '' + ln -s ${../../keys/PatC.key} /run/decrypt.key.pub + ''; } diff --git a/secrets/NIXOSa.key.pub b/keys/PatA.key similarity index 100% rename from secrets/NIXOSa.key.pub rename to keys/PatA.key diff --git a/secrets/NIXOSc.key.pub b/keys/PatC.key similarity index 100% rename from secrets/NIXOSc.key.pub rename to keys/PatC.key diff --git a/modules/secrets.nix b/modules/secrets.nix index 6aea265..d4bf864 100644 --- a/modules/secrets.nix +++ b/modules/secrets.nix @@ -7,8 +7,6 @@ inherit (lib) mapAttrs - # Not really unused LSP is confuse - assertMsg types mkOption @@ -29,7 +27,7 @@ importEncrypted = path: constSet ( if builtins.pathExists path - then builtins.extraBuiltins.rageImportEncrypted inputs.self.secretsConfig.masterIdentities path + then rageImportEncrypted inputs.self.secretsConfig.masterIdentities path else {} ); cfg = config.secrets; diff --git a/smbpasswd.tdb b/smbpasswd.tdb deleted file mode 100644 index caaa5b6..0000000 Binary files a/smbpasswd.tdb and /dev/null differ