feat: added masterIdentitiy symlink to allow for host specific

decryption
This commit is contained in:
Patrick Großmann 2023-11-07 20:07:45 +01:00
parent bee158875f
commit 98f240f063
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
7 changed files with 10 additions and 5 deletions

View file

@ -109,8 +109,8 @@
in
{
secretsConfig = {
masterIdentities = [./secrets/NIXOSc.key.pub];
#masterIdentities = [./secrets/NIXOSa.key.pub];
# This should be a link to one of the age public keys is './keys'
masterIdentities = ["/run/decrypt.key.pub"];
extraEncryptionPubkeys = [./secrets/recipients.txt];
};
agenix-rekey = agenix-rekey.configure {

View file

@ -42,4 +42,8 @@
layout = "de";
xkbVariant = "bone";
};
system.activationScripts.decryptKey.text = ''
ln -s ${../../keys/PatC.key} /run/decrypt.key.pub
'';
}

View file

@ -50,4 +50,7 @@
};
};
};
system.activationScripts.decryptKey.text = ''
ln -s ${../../keys/PatC.key} /run/decrypt.key.pub
'';
}

View file

@ -7,8 +7,6 @@
inherit
(lib)
mapAttrs
# Not really unused LSP is confuse
assertMsg
types
mkOption
@ -29,7 +27,7 @@
importEncrypted = path:
constSet (
if builtins.pathExists path
then builtins.extraBuiltins.rageImportEncrypted inputs.self.secretsConfig.masterIdentities path
then rageImportEncrypted inputs.self.secretsConfig.masterIdentities path
else {}
);
cfg = config.secrets;

Binary file not shown.