pederbs/config
2
1
Fork 0
Code Issues Pull Requests Releases Activity

more hm sops

Browse Source
This commit is contained in:
Peder Bergebakken Sundt
2024-02-18 18:50:17 +01:00
parent 9cfc9101b6
commit 018f42e359
2 changed files with 36 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
users/pbsds/home/profiles/sops.nix
View File

@@ -1,4 +1,8 @@
{ pkgs, config, ... }:
{ lib, pkgs, config, ... }:
let
keyFile = lib.escapeShellArg config.sops.age.keyFile;
in
{
@@ -6,8 +10,30 @@
sops.age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
sops.defaultSopsFile = ../../../../secrets/user-pbsds.yaml;
sops.secrets."age/pvv-infra".path = "%r/sops/age/pvv-infra.txt";
sops.secrets."hm-age-keys".path = "%r/sops/age/keys-hm.txt";
/**/
home.activation.append-hm-sops-keys = lib.hm.dag.entryAfter ["writeBoundary"] ''
if ! test -f ${keyFile}; then
$DRY_RUN_CMD mkdir -p "$(dirname ${keyFile})"
$DRY_RUN_CMD ${lib.getBin pkgs.age}/bin/age-keygen -o ${keyFile} >/dev/null
fi
if test -s "$XDG_RUNTIME_DIR"/sops/age/keys-hm.txt; then
if test -w ${keyFile}; then
for pubkey in $(age-keygen -y "$XDG_RUNTIME_DIR"/sops/age/keys-hm.txt); do
if ! grep -q "$pubkey" <(${lib.getBin pkgs.age}/bin/age-keygen -y ${keyFile}); then
# TODO: deduplicate
cat "$XDG_RUNTIME_DIR"/sops/age/keys-hm.txt | $DRY_RUN_CMD tee --append ${keyFile} > /dev/null
break
fi
done
fi
fi
'';
/**/
/** /
home.sessionVariables = {
#SOPS_AGE_KEY_FILE = config.sops.age.keyFile;
SOPS_AGE_KEY_FILE = "$XDG_RUNTIME_DIR/sops/age/keys.txt";
@@ -25,12 +51,14 @@
test -f ${config.sops.age.keyFile}
install -Dm600 -t "$XDG_RUNTIME_DIR/sops/age/keys.txt" <(
cat ${config.sops.age.keyFile}
if test -s "$XDG_RUNTIME_DIR"/sops/age/pvv-infra.txt; then
cat "$XDG_RUNTIME_DIR"/pvv-infra.txt
if test -s "$XDG_RUNTIME_DIR"/sops/age/keys-hm.txt; then
cat "$XDG_RUNTIME_DIR"/hm-keys.txt
fi
)
'';
};
};
/**/
}