Commit 4d576f6

HPCesia <me@hpcesia.com>
2025-09-30 15:11:55
feat: vaultix basic config
1 parent 1576e85
modules/core/vaultix.nix
@@ -0,0 +1,10 @@
+topArgs: {
+  flake.modules.nixos.core = {config, ...}: let
+    hostName = config.networking.hostName;
+    hostMeta = topArgs.config.flake.meta.host.hosts.${hostName};
+  in {
+    imports = [topArgs.inputs.vaultix.nixosModules.default];
+
+    vaultix.settings.hostPubkey = hostMeta.hostPubKey;
+  };
+}
modules/flake/vaultix/picokey.pub
@@ -0,0 +1,2 @@
+# public key: age1qt29euvhskr9pjcww9l5upe0kul76stgnkhj9cpcljkjnvt0quxs7jlhyc
+AGE-PLUGIN-FIDO2-HMAC-1QQPQZTL8S8T7YVZGFCV5M6EKKZ7U9JZJQJWKK3NMW3TPMET2JLTMTJS278GQYQKUHG5ULEUWQ26QUFYNNV6KPLFU5U3UZ0V6MW550GL83UJY08RYGAH5Z67KZYDJ9E4WCND7A3QD6C874ZUL8EY4HN8M5AUFFHZUYKSFEML5Z7L5RUYDJG30QWMRYYLGCJA4JQYL208KEJA9F44LUXPSGNLHV6520NXVA0VKXM7KXFFXXDKCUCCCJN2KG3UZ8M64N0942WPYHG562PVP8NZ4J03C0F9TRY6EUM344X85NYT9SV5W24M705SGNGNXMDCWT0WVYTJCYPM3LYSGVMAKX9T6CTJ8PLVLWMPL0965PNJEHDG5PRSSMD4J82
modules/flake/vaultix/vaultix.nix
@@ -0,0 +1,19 @@
+{
+  inputs,
+  config,
+  lib,
+  withSystem,
+  ...
+}: {
+  imports = [inputs.vaultix.flakeModules.default];
+
+  flake.vaultix = let
+    secretDir = lib.path.append config.flake.meta.rootPath "secret";
+  in {
+    defaultSecretDirectory = secretDir;
+    identity = ./picokey.pub;
+    # TODO: Should not specific the editor host's plantform
+    # Need upstream fix
+    extraPackages = withSystem "x86_64-linux" ({pkgs, ...}: [pkgs.age-plugin-fido2-hmac]);
+  };
+}
secrets/cache/kevin/fed998e52455666c786df08f3bc46c8876b27861d1a4405638e8a6de47a8ada7
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 WM7kiQ N5NtMP0WYrfTFrIFjneq1EgJBhEM5SSF4Yuj+/Wb0Wk
+pH4xCnWDQubHYg9P+HiQx20BT9eV1kj9C1I/DfTkmNQ
+-> (S\V'-grease Zl}]B}q [iTEro[+
+OKQ1+Vz373LabsDb8Ogr0qYRFXPUhkVmrm0T7upLSj4nmJDb1mSzZMiLhK7LtK4
+--- 0REryYt8ASIBXB3iaSSs8Oa8pAZvnqb37dBthPSeivo
+f�Jn�Ǯ��
+5��S�T9݉���*�/��{��p��>2T�M�j6�+>%�)l�(
R`c�3K(�)N6�f{���0B�e�F!����|�'Ύ��=Q��sN�Hq�4�m@||zFڃ�5
\ No newline at end of file
secrets/cache/pardofelis/241c59505d23b92b65f42ca413c857580e06f0f67448445dc30e2d7a0794aa16
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 B1HLiw DCsW3Q9E8AqtU+lzmhhwTrcXapzm5Ue+tkqRHvWznTY
+BQVV5eZRTjzw5o5k2bfi1hMZq2Rd/uy71vfb065BFd8
+-> jm-grease AD/+P ~xh4f@;F V
+VqXwVyo6Vp0pQsOKnBq6b3O8FnN7Xa/Rce4tun7mddndh/iJ1Ov2o09UUn3jAYWa
+ucezQCy4j4XqGy8
+--- 8BLZvOYWgiDXtzTfaQhO7lXgIhiVcQHIDRteDbQgn2A
+�/D����6ܘ��6g[`��o+-7��TQ%j�V6��P+���h7�@��W��Ds�s�ܻ��I5��_9z��7�bC������3�ϥ�œxy
 yuE��QK�^f�"S׿d��)a,�
\ No newline at end of file