fix(agenix-rekey)!: wrong generator syntax

This commit is contained in:
reo101 2023-12-25 21:13:48 +02:00
parent 5efe96a1de
commit 05f384a035
Signed by: reo101
GPG key ID: 675AA7EF13964ACB
2 changed files with 17 additions and 10 deletions

View file

@ -5,7 +5,6 @@
inputs.hardware.nixosModules.common-gpu-amd inputs.hardware.nixosModules.common-gpu-amd
./disko.nix ./disko.nix
inputs.agenix.nixosModules.default inputs.agenix.nixosModules.default
# FIXME: agenix-rekey
inputs.agenix-rekey.nixosModules.default inputs.agenix-rekey.nixosModules.default
./network.nix ./network.nix
./wireguard.nix ./wireguard.nix
@ -13,7 +12,6 @@
./mindustry.nix ./mindustry.nix
]; ];
# FIXME: agenix-rekey
age.rekey = { age.rekey = {
hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPopSTZ81UyKp9JSljCLp+Syk51zacjh9fLteqxQ6/aB"; hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPopSTZ81UyKp9JSljCLp+Syk51zacjh9fLteqxQ6/aB";
masterIdentities = [ "${inputs.self}/secrets/privkey.age" ]; masterIdentities = [ "${inputs.self}/secrets/privkey.age" ];
@ -57,6 +55,11 @@
config.nix.registry; config.nix.registry;
settings = { settings = {
trusted-users = [
"root"
"jeeves"
];
experimental-features = "nix-command flakes"; experimental-features = "nix-command flakes";
auto-optimise-store = true; auto-optimise-store = true;
}; };
@ -72,10 +75,12 @@
# NOTE: made with `mkpasswd -m sha-516` # NOTE: made with `mkpasswd -m sha-516`
age.secrets."jeeves.user.password" = { age.secrets."jeeves.user.password" = {
rekeyFile = "${inputs.self}/secrets/home/jeeves/user/password.age"; rekeyFile = "${inputs.self}/secrets/home/jeeves/user/password.age";
generator = {pkgs, ...}: '' generator = {
script = {pkgs, ...}: ''
${pkgs.mkpasswd}/bin/mkpasswd -m sha-516 ${pkgs.mkpasswd}/bin/mkpasswd -m sha-516
''; '';
}; };
};
users = { users = {
mutableUsers = true; mutableUsers = true;

View file

@ -13,12 +13,14 @@
age.secrets."wireguard.private" = { age.secrets."wireguard.private" = {
mode = "077"; mode = "077";
rekeyFile = "${inputs.self}/secrets/home/jeeves/wireguard/private.age"; rekeyFile = "${inputs.self}/secrets/home/jeeves/wireguard/private.age";
generator = {lib, pkgs, file, ...}: '' generator = {
script = {lib, pkgs, file, ...}: ''
priv=$(${pkgs.wireguard-tools}/bin/wg genkey) priv=$(${pkgs.wireguard-tools}/bin/wg genkey)
${pkgs.wireguard-tools}/bin/wg pubkey <<< "$priv" > ${lib.escapeShellArg (lib.removeSuffix ".age" file + ".pub")} ${pkgs.wireguard-tools}/bin/wg pubkey <<< "$priv" > ${lib.escapeShellArg (lib.removeSuffix ".age" file + ".pub")}
echo "$priv" echo "$priv"
''; '';
}; };
};
networking.firewall.allowedUDPPorts = [51820]; networking.firewall.allowedUDPPorts = [51820];
systemd.network = { systemd.network = {