feat(secrets): declare agenix-rekey hostPubkey in meta

This commit is contained in:
reo101 2024-09-02 21:52:40 +03:00
parent 6e88fae58b
commit 9c709598d1
Signed by: reo101
GPG key ID: 675AA7EF13964ACB
3 changed files with 6 additions and 8 deletions

View file

@ -24,14 +24,6 @@
# services.kanidm = { }; # services.kanidm = { };
age.rekey = {
# TODO: store in `meta`
hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPopSTZ81UyKp9JSljCLp+Syk51zacjh9fLteqxQ6/aB";
# masterIdentities = [ "${inputs.self}/secrets/privkey.age" ];
# storageMode = "local";
# localStorageDir = "${inputs.self}/secrets/rekeyed/${config.networking.hostName}";
};
networking.hostName = "jeeves"; networking.hostName = "jeeves";
boot = { boot = {

View file

@ -2,6 +2,9 @@
# The `system` of the host # The `system` of the host
system = "x86_64-linux"; system = "x86_64-linux";
# The host SSH key, used for encrypting agenix secrets
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPopSTZ81UyKp9JSljCLp+Syk51zacjh9fLteqxQ6/aB";
# `deploy-rs` configuration # `deploy-rs` configuration
deploy = { deploy = {
# This is the hostname by which you'll refer to this machine using reploy-rs # This is the hostname by which you'll refer to this machine using reploy-rs

View file

@ -64,6 +64,9 @@ let
# (r)agenix && agenix-rekey # (r)agenix && agenix-rekey
inputs.ragenix.nixosModules.default inputs.ragenix.nixosModules.default
inputs.agenix-rekey.nixosModules.default inputs.agenix-rekey.nixosModules.default
(lib.optionalAttrs (meta ? pubkey) {
age.rekey.hostPubkey = meta.pubkey;
})
# nix-topology # nix-topology
inputs.nix-topology.nixosModules.default inputs.nix-topology.nixosModules.default
# Sane default `networking.hostName` # Sane default `networking.hostName`