diff --git a/machines/nixos/x86_64-linux/jeeves/configuration.nix b/machines/nixos/x86_64-linux/jeeves/configuration.nix index a665ec4..0b12a3b 100644 --- a/machines/nixos/x86_64-linux/jeeves/configuration.nix +++ b/machines/nixos/x86_64-linux/jeeves/configuration.nix @@ -17,9 +17,9 @@ age.rekey = { hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPopSTZ81UyKp9JSljCLp+Syk51zacjh9fLteqxQ6/aB"; - masterIdentities = [ "${inputs.self}/secrets/privkey.age" ]; - storageMode = "derivation"; - # forceRekeyOnSystem = "aarch64-linux"; + # masterIdentities = [ "${inputs.self}/secrets/privkey.age" ]; + # storageMode = "local"; + # localStorageDir = "${inputs.self}/secrets/rekeyed/${config.networking.hostName}"; }; nixpkgs = { diff --git a/modules/nixos/agenix-rekey-default/default.nix b/modules/nixos/agenix-rekey-default/default.nix index 6863599..78c313d 100644 --- a/modules/nixos/agenix-rekey-default/default.nix +++ b/modules/nixos/agenix-rekey-default/default.nix @@ -6,9 +6,9 @@ in { # TODO: cleaner deep check config = lib.mkIf (lib.all lib.id [(builtins.hasAttr "age" options) (builtins.hasAttr "rekey" options.age)]) { age.rekey = lib.mkIf (config.age.rekey.hostPubkey != dummyPubkey) { - masterIdentities = [ "${inputs.self}/secrets/privkey.age" ]; - storageMode = "local"; - localStorageDir = "${inputs.self}/secrets/rekeyed/${config.networking.hostName}"; + masterIdentities = lib.mkDefault [ "${inputs.self}/secrets/privkey.age" ]; + storageMode = lib.mkDefault "local"; + localStorageDir = lib.mkDefault "${inputs.self}/secrets/rekeyed/${config.networking.hostName}"; }; }; }