andreijiroh.dev / nixops-config
NixOS + home-manager configs, mirrored from GitLab SaaS. gitlab.com/andreijiroh-dev/nixops-config
nix-flake nixos home-manager nixpkgs nix-flakes
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

nixops-config / shared / agenix.nix
at 491d2abd3fd4e2964a879f58fdd2ac9f6ea7f957 45 lines 1.1 kB view raw
Andrei Jiroh Halili chore(agenix); dedupe imports and prep for system rebuilds later
391a6f33
1# This is my agenix setup for all things SecretOps on my NixOS and home-manager 2# configurations. 3{ 4 lib, 5 pkgs, 6 config, 7 self, 8 agenix-rekey, 9 agenix, 10 ... 11}: 12 13let 14 cfg = config.nixops-config.secretOps.agenix; 15 16 # the you do you part 17 pubkeys = import ../shared/ssh-keys.nix; 18 main = pubkeys.personal.y2022; 19 work = pubkeys.work.recaptime-dev.crew; 20 hackclub_yk = pubkeys.fido2Keys.hackclub_yubikey; 21in 22{ 23 #imports = [ 24 # agenix.nixosModules.default 25 # agenix-rekey.nixosModules.default 26 #]; 27 28 config = { 29 age.rekey = { 30 # Master identity - private key used for decryption (must exist on machine running rekey) 31 masterIdentities = [ 32 main 33 work 34 hackclub_yk.main 35 ]; 36 37 # Store rekeyed secrets locally per-host 38 storageMode = "local"; 39 localStorageDir = lib.mkDefault (self + "/secrets/rekeyed/${config.networking.hostName}"); 40 41 # Host pubkey must be set per-host in configurations/nixos/<host>/default.nix: 42 # age.rekey.hostPubkey = "ssh-ed25519 AAAA..."; 43 }; 44 }; 45}