reo101/rix101
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(flake)!: convert everything to flake-parts-style flake modules

Browse source 
Use `agenix-rekey` flake module
Add `NixOS` module for `agenix-rekey`
- Default `masterIdentities`
- Default `localStorageDir`
This commit is contained in:
reo101 2024-07-19 01:06:58 +03:00
parent b3390f3565
commit 75ab40c7ca
Signed by: reo101
GPG key ID: 675AA7EF13964ACB
14 changed files with 628 additions and 575 deletions
Download patch file Download diff file Expand all files Collapse all files

14
modules/nixos/agenix-rekey-default/default.nix Normal file
View file

@ -0,0 +1,14 @@
{ inputs, outputs, lib, pkgs, config, options, ... }:
let
# NOTE: synced with <https://github.com/oddlama/agenix-rekey/blob/c071067f7d972552f5170cf8665643ed0ec19a6d/modules/agenix-rekey.nix#L38>
dummyPubkey = "age1qyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqs3290gq";
in {
# TODO: cleaner deep check
config = lib.mkIf (lib.all lib.id [(builtins.hasAttr "age" options) (builtins.hasAttr "rekey" options.age)]) {
age.rekey = lib.mkIf (config.age.rekey.hostPubkey != dummyPubkey) {
masterIdentities = [ "${inputs.self}/secrets/privkey.age" ];
storageMode = "local";
localStorageDir = "${inputs.self}/secrets/rekeyed/${config.networking.hostName}";
};
};
}