home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

commit 6c102017335b888dce6ccddadeb02735e46dd6fa
parent 964fc3cf823856d0c7ae2f03821819852b87f05b
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Tue, 26 Oct 2021 18:52:32 +0200

users/vincent: add u2f_keys into sops-nix

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Msecrets/secrets.yaml | 5+++--
Musers/vincent/default.nix | 7++++---
2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml @@ -1,12 +1,13 @@ msmtprc: ENC[AES256_GCM,data:UK3LD90KSvyim3wH3pU7vkHTgyHgZmLjW7nkGjXRvSVsN5Tq0/8daWg6kgUWoaNdQaSIHR7QLRs+5pe3J8brnOuqqmOWgwyguXuq/gWGGVdAc/p3UcCRGxPKgnqAqOG9YSnnHRVJu9nR+TvZFw9Me2aMwf8CDlrxNL55jm81Xk7vO1z3/cnaa6bS4ZrrMfQ/g45woLdB2rkSwdDLIbrfAZt3Amfiu77TB8vyGGTyjxJO7Fm8xT4met/AVUvoV87rieeCmV55BHumZXe3rZc/RgkA,iv:XjPgnXzyOlm8hjc/NG86IuUjGduZTAuwuSZPhO0zD3U=,tag:QsFvme8ug4HLmGK4RKGjhg==,type:str] +u2f_keys: ENC[AES256_GCM,data:WTgwH7/vUO+aEXWkkEQ8gZrD02pAFGMeHsXzV0U7zUiSvDd3xwKn4gxdNlwobaa2eiPbfeLGbQGsvLeCpsYszN0AfGk1wDUYl3HuBI/Aojd9uZK8GKJlHxsKCFbGj+G8CM+G+bpCWeuRvvYbmj34pzCIQ3l/BMpxz+CzdhiOrF8IN20GIqAlxQfiZz4WbjS29UeDmJzWIIrNPh7xzEPHlDdk4zFphNB0cpiEP1XWgIpNtNVNNqqBo3jmFjZxeU67YR8U5brPfwMjWzxggwpHLIUvZy5AhVfImJGKJrkrxoGwJQ==,iv:Oz+eUIIu30XIQPGErnPIFXblj1rA0x2rwEVo+VW1R/k=,tag:qmSmxNvbLqBUR3baO8mPsw==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2021-10-26T12:22:49Z" - mac: ENC[AES256_GCM,data:8waxJdIbg9mrvANpjEjG5dGFDFE2QH6qoVAnrNhJu6xcAG3GPdVI8SrT04zWuGYZjII1TCbWHUuxNsZ9FKpRlNrctcp4hdJydNU1vDvheAlZxPiu6ToVOD5IODPluUHURGI9GFJjoguLyugOrolox/yVLYQVuNPxhFkTTxxAdWM=,iv:oj/oVC56xW1MYfRHL27yOoQFMHqVM4pixRpJKAcHJGA=,tag:mUq+a4sv0ODXbz+JRh4Mig==,type:str] + lastmodified: "2021-10-26T15:49:25Z" + mac: ENC[AES256_GCM,data:gBIXaxYPpO7vfq6ftQ73jHwcYYBHNbgcHFI0BeNRPHrhs3naRbhpV/iPyAtgSkm3gfbjYpPNeBVlQaXaFAx58OOv3t8TTO/DCf6tfFduA3ijHS/Kmeenj2llxwPUQ0jMPh44ae+yGhfz5MF9HnMIjsA61w3mxFQZBexMm4lk5Dc=,iv:Ifg7A3AhS7zw22wkyf8r40aV5azK82ZxEC8tUkhzu+g=,tag:Hdkr6EDLQP5l8k/Jr4/weA==,type:str] pgp: - created_at: "2021-10-26T12:21:59Z" enc: |- diff --git a/users/vincent/default.nix b/users/vincent/default.nix @@ -16,6 +16,10 @@ let in { warnings = if (versionAtLeast config.system.nixos.release "21.11") then [ ] else [ "NixOS release: ${config.system.nixos.release}" ]; + sops.secrets.u2f_keys = mkIf (config.profiles.yubikey.enable && config.profiles.yubikey.u2f) { + path = "/home/vincent/.config/Yubico/u2f_keys"; + owner = "vincent"; + }; users.users.vincent = { createHome = true; uid = 1000; @@ -94,9 +98,6 @@ in home.packages = with pkgs; [ docker docker-compose ]; } ] - ++ optionals (config.profiles.yubikey.enable && config.profiles.yubikey.u2f) [{ - home.file.".config/Yubico/u2f_keys".source = pkgs.mkSecret ../../secrets/u2f_keys; - }] ++ optionals (isContainersEnabled && config.profiles.dev.enable) [ (import ./containers) ] ++ optionals config.profiles.redhat.enable [{ home.file.".local/share/applications/redhat-vpn.desktop".source = ./redhat/redhat-vpn.desktop;