fix(agenix-rekey)!: wrong generator
syntax
This commit is contained in:
parent
5efe96a1de
commit
05f384a035
2 changed files with 17 additions and 10 deletions
|
@ -5,7 +5,6 @@
|
||||||
inputs.hardware.nixosModules.common-gpu-amd
|
inputs.hardware.nixosModules.common-gpu-amd
|
||||||
./disko.nix
|
./disko.nix
|
||||||
inputs.agenix.nixosModules.default
|
inputs.agenix.nixosModules.default
|
||||||
# FIXME: agenix-rekey
|
|
||||||
inputs.agenix-rekey.nixosModules.default
|
inputs.agenix-rekey.nixosModules.default
|
||||||
./network.nix
|
./network.nix
|
||||||
./wireguard.nix
|
./wireguard.nix
|
||||||
|
@ -13,7 +12,6 @@
|
||||||
./mindustry.nix
|
./mindustry.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# FIXME: agenix-rekey
|
|
||||||
age.rekey = {
|
age.rekey = {
|
||||||
hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPopSTZ81UyKp9JSljCLp+Syk51zacjh9fLteqxQ6/aB";
|
hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPopSTZ81UyKp9JSljCLp+Syk51zacjh9fLteqxQ6/aB";
|
||||||
masterIdentities = [ "${inputs.self}/secrets/privkey.age" ];
|
masterIdentities = [ "${inputs.self}/secrets/privkey.age" ];
|
||||||
|
@ -57,6 +55,11 @@
|
||||||
config.nix.registry;
|
config.nix.registry;
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
|
trusted-users = [
|
||||||
|
"root"
|
||||||
|
"jeeves"
|
||||||
|
];
|
||||||
|
|
||||||
experimental-features = "nix-command flakes";
|
experimental-features = "nix-command flakes";
|
||||||
auto-optimise-store = true;
|
auto-optimise-store = true;
|
||||||
};
|
};
|
||||||
|
@ -72,10 +75,12 @@
|
||||||
# NOTE: made with `mkpasswd -m sha-516`
|
# NOTE: made with `mkpasswd -m sha-516`
|
||||||
age.secrets."jeeves.user.password" = {
|
age.secrets."jeeves.user.password" = {
|
||||||
rekeyFile = "${inputs.self}/secrets/home/jeeves/user/password.age";
|
rekeyFile = "${inputs.self}/secrets/home/jeeves/user/password.age";
|
||||||
generator = {pkgs, ...}: ''
|
generator = {
|
||||||
|
script = {pkgs, ...}: ''
|
||||||
${pkgs.mkpasswd}/bin/mkpasswd -m sha-516
|
${pkgs.mkpasswd}/bin/mkpasswd -m sha-516
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
users = {
|
users = {
|
||||||
mutableUsers = true;
|
mutableUsers = true;
|
||||||
|
|
|
@ -13,12 +13,14 @@
|
||||||
age.secrets."wireguard.private" = {
|
age.secrets."wireguard.private" = {
|
||||||
mode = "077";
|
mode = "077";
|
||||||
rekeyFile = "${inputs.self}/secrets/home/jeeves/wireguard/private.age";
|
rekeyFile = "${inputs.self}/secrets/home/jeeves/wireguard/private.age";
|
||||||
generator = {lib, pkgs, file, ...}: ''
|
generator = {
|
||||||
|
script = {lib, pkgs, file, ...}: ''
|
||||||
priv=$(${pkgs.wireguard-tools}/bin/wg genkey)
|
priv=$(${pkgs.wireguard-tools}/bin/wg genkey)
|
||||||
${pkgs.wireguard-tools}/bin/wg pubkey <<< "$priv" > ${lib.escapeShellArg (lib.removeSuffix ".age" file + ".pub")}
|
${pkgs.wireguard-tools}/bin/wg pubkey <<< "$priv" > ${lib.escapeShellArg (lib.removeSuffix ".age" file + ".pub")}
|
||||||
echo "$priv"
|
echo "$priv"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
networking.firewall.allowedUDPPorts = [51820];
|
networking.firewall.allowedUDPPorts = [51820];
|
||||||
systemd.network = {
|
systemd.network = {
|
||||||
|
|
Loading…
Reference in a new issue