jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity

agenix-rekey: add master identity
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m20s
Details

Browse Source
This commit is contained in:
Jordan Holt
2025-08-25 22:05:18 +01:00
parent 34304b9e91
commit 2e970c3ef4
2 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
hosts/common.nix
View File

@@ -7,11 +7,18 @@
{ {
imports = [ imports = [
inputs.agenix.nixosModules.default inputs.agenix.nixosModules.default
inputs.agenix-rekey.nixosModules.default
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
../modules/nixos ../modules/nixos
../modules/nixos/impermanence.nix ../modules/nixos/impermanence.nix
]; ];
age.rekey = {
masterIdentities = [ ../secrets/yubikey-nix-primary.pub ];
storageMode = "local";
localStorageDir = ./. + "/secrets/rekeyed/${config.networking.hostName}";
};
nixpkgs = { nixpkgs = {
config.allowUnfree = true; config.allowUnfree = true;
overlays = [ overlays = [

7
secrets/yubikey-nix-primary.pub Normal file
View File

@@ -0,0 +1,7 @@
# Serial: 24187788, Slot: 1
# Name: YubiKey Nix Primary
# Created: Mon, 25 Aug 2025 21:00:00 +0000
# PIN policy: Once (A PIN is required once per session, if set)
# Touch policy: Cached (A physical touch is required for decryption, and is cached for 15 seconds)
# Recipient: age1yubikey1qwwyem3502gqenzet20xdpjnuhhv2cezvzk590jdta9wqkw48p8gj7n4x96
AGE-PLUGIN-YUBIKEY-13SFHZQVZDDFHVHQGGYPC3