From 98f240f0637ebf4a819d1e3f9565ce629bf80abb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Gro=C3=9Fmann?= Date: Tue, 7 Nov 2023 20:07:45 +0100 Subject: [PATCH] feat: added masterIdentitiy symlink to allow for host specific decryption --- flake.nix | 4 ++-- hosts/desktopnix/default.nix | 4 ++++ hosts/patricknix/default.nix | 3 +++ secrets/NIXOSa.key.pub => keys/PatA.key | 0 secrets/NIXOSc.key.pub => keys/PatC.key | 0 modules/secrets.nix | 4 +--- smbpasswd.tdb | Bin 421888 -> 0 bytes 7 files changed, 10 insertions(+), 5 deletions(-) rename secrets/NIXOSa.key.pub => keys/PatA.key (100%) rename secrets/NIXOSc.key.pub => keys/PatC.key (100%) delete mode 100644 smbpasswd.tdb diff --git a/flake.nix b/flake.nix index 2a3298a..1794d4c 100644 --- a/flake.nix +++ b/flake.nix @@ -109,8 +109,8 @@ in { secretsConfig = { - masterIdentities = [./secrets/NIXOSc.key.pub]; - #masterIdentities = [./secrets/NIXOSa.key.pub]; + # This should be a link to one of the age public keys is './keys' + masterIdentities = ["/run/decrypt.key.pub"]; extraEncryptionPubkeys = [./secrets/recipients.txt]; }; agenix-rekey = agenix-rekey.configure { diff --git a/hosts/desktopnix/default.nix b/hosts/desktopnix/default.nix index bcacc0a..06fe998 100644 --- a/hosts/desktopnix/default.nix +++ b/hosts/desktopnix/default.nix @@ -42,4 +42,8 @@ layout = "de"; xkbVariant = "bone"; }; + + system.activationScripts.decryptKey.text = '' + ln -s ${../../keys/PatC.key} /run/decrypt.key.pub + ''; } diff --git a/hosts/patricknix/default.nix b/hosts/patricknix/default.nix index ec5ec9b..ee5266a 100644 --- a/hosts/patricknix/default.nix +++ b/hosts/patricknix/default.nix @@ -50,4 +50,7 @@ }; }; }; + system.activationScripts.decryptKey.text = '' + ln -s ${../../keys/PatC.key} /run/decrypt.key.pub + ''; } diff --git a/secrets/NIXOSa.key.pub b/keys/PatA.key similarity index 100% rename from secrets/NIXOSa.key.pub rename to keys/PatA.key diff --git a/secrets/NIXOSc.key.pub b/keys/PatC.key similarity index 100% rename from secrets/NIXOSc.key.pub rename to keys/PatC.key diff --git a/modules/secrets.nix b/modules/secrets.nix index 6aea265..d4bf864 100644 --- a/modules/secrets.nix +++ b/modules/secrets.nix @@ -7,8 +7,6 @@ inherit (lib) mapAttrs - # Not really unused LSP is confuse - assertMsg types mkOption @@ -29,7 +27,7 @@ importEncrypted = path: constSet ( if builtins.pathExists path - then builtins.extraBuiltins.rageImportEncrypted inputs.self.secretsConfig.masterIdentities path + then rageImportEncrypted inputs.self.secretsConfig.masterIdentities path else {} ); cfg = config.secrets; diff --git a/smbpasswd.tdb b/smbpasswd.tdb deleted file mode 100644 index caaa5b66e85f4e9e599be2d923a606f241478474..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 421888 zcmeI(JxEni902fZA3}j7WJ4d=3!*8|p$~HmU-3XR^agGZ0wuvO6s4eOh#(r<8Y*3) zhG=Ms8rq}Lh8lthLZYc5YSGTI`+6T(Ns4Lw{&4O&_k7*^es6o{|I&_=xq-o<{_V-q zF}%C((ACmV?nk5H?&UAJZ}aV??zO0&Y+8$_tnD+-@Bj1j`kJff%r0Y1^@{S{!J56w zBP(xBui(A@_UY-~>Xic@=3iI$xFbM-009C72oNAZfB*pk1PBlyK!5-N0t5&UAV8o} zU?@9d+ZQ?;LfI0^Z0pNCx5Bw_PobmO8sq5kwq#=XT=MqaeC#`tZSXbJ+d_F7%8mms z>f)NSz4@MEoEziHgY;4?vHk4c>Hb*aeSAoq6Az`+d~aIFcNO}Qx;Sm|5*w9K9x1mj zYz>pML*vFU`Oehy_ZMe|T5dPbO&)vv=uKQ7`|l^a!ZjDl!cr0XE8|mmwS~%#(2jk- zjmGSyb79ubP~!Y+H*fStk3!d}?v~-fk$d z3zY1e!rEvbhdSG5#^Rc;d|z4&Ur_RK^Wx5j7q3Y&*Il0^WA#Z>F6$^&!6)4y`2n@( z B+<*W8