diff options
| author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-09-29 14:35:09 +0200 |
|---|---|---|
| committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-09-29 14:38:56 +0200 |
| commit | a5d3beece5fe71c53bb4150ae8a4e422efebacf7 (patch) | |
| tree | 7ac07fdb783239d62be1cec3139548db5980514e /modules/system/secrets | |
| parent | fix(flake/devshell): Re-add `ragenix` and `rage` (diff) | |
| download | nixos-config-a5d3beece5fe71c53bb4150ae8a4e422efebacf7.zip | |
refactor(sys/secrets/lf_cdpaths): Add a `.age` fileextension
Diffstat (limited to '')
| -rw-r--r-- | modules/system/secrets/default.nix | 2 | ||||
| -rw-r--r-- | modules/system/secrets/secrets.nix | 2 | ||||
| -rwxr-xr-x | modules/system/secrets/update_secrets.sh | 8 |
3 files changed, 6 insertions, 6 deletions
diff --git a/modules/system/secrets/default.nix b/modules/system/secrets/default.nix index 8441c49b..8b3188b0 100644 --- a/modules/system/secrets/default.nix +++ b/modules/system/secrets/default.nix @@ -22,7 +22,7 @@ in { age = { secrets = { lf_cd_paths = { - file = ./lf/cd_paths; + file = ./lf/cd_paths.age; mode = "700"; owner = "soispha"; group = "users"; diff --git a/modules/system/secrets/secrets.nix b/modules/system/secrets/secrets.nix index 4c224576..ff97c0fd 100644 --- a/modules/system/secrets/secrets.nix +++ b/modules/system/secrets/secrets.nix @@ -4,7 +4,7 @@ let tiamat = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMD87QQIUXdEv3TaNRrI9clD9VgpsuVLFg2CrNGa5lVB"; apzu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBivF5b6PyxsR/t+4Qg4IEDXHVXrjmZpslTUNXpvcVbO"; in { - "lf/cd_paths".publicKeys = [soispha tiamat apzu]; + "lf/cd_paths.age".publicKeys = [soispha tiamat apzu]; "serverphone/ca.key".publicKeys = [soispha tiamat apzu]; "serverphone/server.key".publicKeys = [soispha tiamat apzu]; diff --git a/modules/system/secrets/update_secrets.sh b/modules/system/secrets/update_secrets.sh index 877d2892..f1c27d77 100755 --- a/modules/system/secrets/update_secrets.sh +++ b/modules/system/secrets/update_secrets.sh @@ -8,7 +8,7 @@ cleanup() { trap cleanup EXIT update_lf_cd_paths() { - echo "Starting to update the lf/cd_paths file.." + echo "Starting to update the lf/cd_paths.age file.." cd "$(git rev-parse --show-toplevel)/modules/system/secrets" || { echo "A secrets dir does not exist! (This is most likely a bug)" @@ -17,15 +17,15 @@ update_lf_cd_paths() { key_file="$(mktemp)" - nix eval -f ./secrets.nix --json | jq --raw-output '.["lf/cd_paths"].publicKeys | join("\n")' >"$key_file" + nix eval -f ./secrets.nix --json | jq --raw-output '.["lf/cd_paths.age"].publicKeys | join("\n")' >"$key_file" # `lf-make-map` is provided by the dev shell { lf-make-map --quiet --depth 4 visualize ~/media ~/repos ~/school | sed 's|\(.*\)|# \1|' lf-make-map --quiet --depth 4 generate ~/media ~/repos ~/school - } | age --recipients-file "$key_file" --encrypt --armor --output ./lf/cd_paths + } | age --recipients-file "$key_file" --encrypt --armor --output ./lf/cd_paths.age - echo "Finished updating the lf/cd_paths file.." + echo "Finished updating the lf/cd_paths.age file.." } main() { |