From 05f384a03520a62a1f656ced66387ab0f655b3fb Mon Sep 17 00:00:00 2001 From: reo101 Date: Mon, 25 Dec 2023 21:13:48 +0200 Subject: [PATCH] fix(agenix-rekey)!: wrong `generator` syntax --- .../nixos/x86_64-linux/jeeves/configuration.nix | 15 ++++++++++----- machines/nixos/x86_64-linux/jeeves/wireguard.nix | 12 +++++++----- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/machines/nixos/x86_64-linux/jeeves/configuration.nix b/machines/nixos/x86_64-linux/jeeves/configuration.nix index 799ccc2..360bcba 100644 --- a/machines/nixos/x86_64-linux/jeeves/configuration.nix +++ b/machines/nixos/x86_64-linux/jeeves/configuration.nix @@ -5,7 +5,6 @@ inputs.hardware.nixosModules.common-gpu-amd ./disko.nix inputs.agenix.nixosModules.default - # FIXME: agenix-rekey inputs.agenix-rekey.nixosModules.default ./network.nix ./wireguard.nix @@ -13,7 +12,6 @@ ./mindustry.nix ]; - # FIXME: agenix-rekey age.rekey = { hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPopSTZ81UyKp9JSljCLp+Syk51zacjh9fLteqxQ6/aB"; masterIdentities = [ "${inputs.self}/secrets/privkey.age" ]; @@ -57,6 +55,11 @@ config.nix.registry; settings = { + trusted-users = [ + "root" + "jeeves" + ]; + experimental-features = "nix-command flakes"; auto-optimise-store = true; }; @@ -72,9 +75,11 @@ # NOTE: made with `mkpasswd -m sha-516` age.secrets."jeeves.user.password" = { rekeyFile = "${inputs.self}/secrets/home/jeeves/user/password.age"; - generator = {pkgs, ...}: '' - ${pkgs.mkpasswd}/bin/mkpasswd -m sha-516 - ''; + generator = { + script = {pkgs, ...}: '' + ${pkgs.mkpasswd}/bin/mkpasswd -m sha-516 + ''; + }; }; users = { diff --git a/machines/nixos/x86_64-linux/jeeves/wireguard.nix b/machines/nixos/x86_64-linux/jeeves/wireguard.nix index e2ca942..aa6d6e9 100644 --- a/machines/nixos/x86_64-linux/jeeves/wireguard.nix +++ b/machines/nixos/x86_64-linux/jeeves/wireguard.nix @@ -13,11 +13,13 @@ age.secrets."wireguard.private" = { mode = "077"; rekeyFile = "${inputs.self}/secrets/home/jeeves/wireguard/private.age"; - generator = {lib, pkgs, file, ...}: '' - priv=$(${pkgs.wireguard-tools}/bin/wg genkey) - ${pkgs.wireguard-tools}/bin/wg pubkey <<< "$priv" > ${lib.escapeShellArg (lib.removeSuffix ".age" file + ".pub")} - echo "$priv" - ''; + generator = { + script = {lib, pkgs, file, ...}: '' + priv=$(${pkgs.wireguard-tools}/bin/wg genkey) + ${pkgs.wireguard-tools}/bin/wg pubkey <<< "$priv" > ${lib.escapeShellArg (lib.removeSuffix ".age" file + ".pub")} + echo "$priv" + ''; + }; }; networking.firewall.allowedUDPPorts = [51820];