agenix-rekey: add master identity
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m20s
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m20s
This commit is contained in:
@@ -7,11 +7,18 @@
|
||||
{
|
||||
imports = [
|
||||
inputs.agenix.nixosModules.default
|
||||
inputs.agenix-rekey.nixosModules.default
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
../modules/nixos
|
||||
../modules/nixos/impermanence.nix
|
||||
];
|
||||
|
||||
age.rekey = {
|
||||
masterIdentities = [ ../secrets/yubikey-nix-primary.pub ];
|
||||
storageMode = "local";
|
||||
localStorageDir = ./. + "/secrets/rekeyed/${config.networking.hostName}";
|
||||
};
|
||||
|
||||
nixpkgs = {
|
||||
config.allowUnfree = true;
|
||||
overlays = [
|
||||
|
||||
7
secrets/yubikey-nix-primary.pub
Normal file
7
secrets/yubikey-nix-primary.pub
Normal file
@@ -0,0 +1,7 @@
|
||||
# Serial: 24187788, Slot: 1
|
||||
# Name: YubiKey Nix Primary
|
||||
# Created: Mon, 25 Aug 2025 21:00:00 +0000
|
||||
# PIN policy: Once (A PIN is required once per session, if set)
|
||||
# Touch policy: Cached (A physical touch is required for decryption, and is cached for 15 seconds)
|
||||
# Recipient: age1yubikey1qwwyem3502gqenzet20xdpjnuhhv2cezvzk590jdta9wqkw48p8gj7n4x96
|
||||
AGE-PLUGIN-YUBIKEY-13SFHZQVZDDFHVHQGGYPC3
|
||||
Reference in New Issue
Block a user