Commit 4d576f6
Changed files (5)
modules
core
flake
vaultix
secrets
modules/core/vaultix.nix
@@ -0,0 +1,10 @@
+topArgs: {
+ flake.modules.nixos.core = {config, ...}: let
+ hostName = config.networking.hostName;
+ hostMeta = topArgs.config.flake.meta.host.hosts.${hostName};
+ in {
+ imports = [topArgs.inputs.vaultix.nixosModules.default];
+
+ vaultix.settings.hostPubkey = hostMeta.hostPubKey;
+ };
+}
modules/flake/vaultix/picokey.pub
@@ -0,0 +1,2 @@
+# public key: age1qt29euvhskr9pjcww9l5upe0kul76stgnkhj9cpcljkjnvt0quxs7jlhyc
+AGE-PLUGIN-FIDO2-HMAC-1QQPQZTL8S8T7YVZGFCV5M6EKKZ7U9JZJQJWKK3NMW3TPMET2JLTMTJS278GQYQKUHG5ULEUWQ26QUFYNNV6KPLFU5U3UZ0V6MW550GL83UJY08RYGAH5Z67KZYDJ9E4WCND7A3QD6C874ZUL8EY4HN8M5AUFFHZUYKSFEML5Z7L5RUYDJG30QWMRYYLGCJA4JQYL208KEJA9F44LUXPSGNLHV6520NXVA0VKXM7KXFFXXDKCUCCCJN2KG3UZ8M64N0942WPYHG562PVP8NZ4J03C0F9TRY6EUM344X85NYT9SV5W24M705SGNGNXMDCWT0WVYTJCYPM3LYSGVMAKX9T6CTJ8PLVLWMPL0965PNJEHDG5PRSSMD4J82
modules/flake/vaultix/vaultix.nix
@@ -0,0 +1,19 @@
+{
+ inputs,
+ config,
+ lib,
+ withSystem,
+ ...
+}: {
+ imports = [inputs.vaultix.flakeModules.default];
+
+ flake.vaultix = let
+ secretDir = lib.path.append config.flake.meta.rootPath "secret";
+ in {
+ defaultSecretDirectory = secretDir;
+ identity = ./picokey.pub;
+ # TODO: Should not specific the editor host's plantform
+ # Need upstream fix
+ extraPackages = withSystem "x86_64-linux" ({pkgs, ...}: [pkgs.age-plugin-fido2-hmac]);
+ };
+}
secrets/cache/kevin/fed998e52455666c786df08f3bc46c8876b27861d1a4405638e8a6de47a8ada7
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 WM7kiQ N5NtMP0WYrfTFrIFjneq1EgJBhEM5SSF4Yuj+/Wb0Wk
+pH4xCnWDQubHYg9P+HiQx20BT9eV1kj9C1I/DfTkmNQ
+-> (S\V'-grease Zl}]B}q [iTEro[+
+OKQ1+Vz373LabsDb8Ogr0qYRFXPUhkVmrm0T7upLSj4nmJDb1mSzZMiLhK7LtK4
+--- 0REryYt8ASIBXB3iaSSs8Oa8pAZvnqb37dBthPSeivo
+f�Jn�Ǯ��
+5��S�T9݉���*�/��{��p��>2T�M�j6�+>%�)l�(
R`c�3K(�)N6�f{���0B�e�F!����|�'Ύ��=Q��sN�Hq�4�m@||zFڃ�5
\ No newline at end of file
secrets/cache/pardofelis/241c59505d23b92b65f42ca413c857580e06f0f67448445dc30e2d7a0794aa16
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 B1HLiw DCsW3Q9E8AqtU+lzmhhwTrcXapzm5Ue+tkqRHvWznTY
+BQVV5eZRTjzw5o5k2bfi1hMZq2Rd/uy71vfb065BFd8
+-> jm-grease AD/+P ~xh4f@;F V
+VqXwVyo6Vp0pQsOKnBq6b3O8FnN7Xa/Rce4tun7mddndh/iJ1Ov2o09UUn3jAYWa
+ucezQCy4j4XqGy8
+--- 8BLZvOYWgiDXtzTfaQhO7lXgIhiVcQHIDRteDbQgn2A
+�/D����6ܘ��6g[`��o+-7��TQ%j�V6��P+���h7�@��W��Ds�s�ܻ��I5��_9z��7�bC������3�ϥ�xy
yuE��QK�^f�"Sd��)a,�
\ No newline at end of file