commit 6c102017335b888dce6ccddadeb02735e46dd6fa
parent 964fc3cf823856d0c7ae2f03821819852b87f05b
Author: Vincent Demeester <vincent@sbr.pm>
Date: Tue, 26 Oct 2021 18:52:32 +0200
users/vincent: add u2f_keys into sops-nix
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
@@ -1,12 +1,13 @@
msmtprc: ENC[AES256_GCM,data:UK3LD90KSvyim3wH3pU7vkHTgyHgZmLjW7nkGjXRvSVsN5Tq0/8daWg6kgUWoaNdQaSIHR7QLRs+5pe3J8brnOuqqmOWgwyguXuq/gWGGVdAc/p3UcCRGxPKgnqAqOG9YSnnHRVJu9nR+TvZFw9Me2aMwf8CDlrxNL55jm81Xk7vO1z3/cnaa6bS4ZrrMfQ/g45woLdB2rkSwdDLIbrfAZt3Amfiu77TB8vyGGTyjxJO7Fm8xT4met/AVUvoV87rieeCmV55BHumZXe3rZc/RgkA,iv:XjPgnXzyOlm8hjc/NG86IuUjGduZTAuwuSZPhO0zD3U=,tag:QsFvme8ug4HLmGK4RKGjhg==,type:str]
+u2f_keys: ENC[AES256_GCM,data:WTgwH7/vUO+aEXWkkEQ8gZrD02pAFGMeHsXzV0U7zUiSvDd3xwKn4gxdNlwobaa2eiPbfeLGbQGsvLeCpsYszN0AfGk1wDUYl3HuBI/Aojd9uZK8GKJlHxsKCFbGj+G8CM+G+bpCWeuRvvYbmj34pzCIQ3l/BMpxz+CzdhiOrF8IN20GIqAlxQfiZz4WbjS29UeDmJzWIIrNPh7xzEPHlDdk4zFphNB0cpiEP1XWgIpNtNVNNqqBo3jmFjZxeU67YR8U5brPfwMjWzxggwpHLIUvZy5AhVfImJGKJrkrxoGwJQ==,iv:Oz+eUIIu30XIQPGErnPIFXblj1rA0x2rwEVo+VW1R/k=,tag:qmSmxNvbLqBUR3baO8mPsw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
- lastmodified: "2021-10-26T12:22:49Z"
- mac: ENC[AES256_GCM,data:8waxJdIbg9mrvANpjEjG5dGFDFE2QH6qoVAnrNhJu6xcAG3GPdVI8SrT04zWuGYZjII1TCbWHUuxNsZ9FKpRlNrctcp4hdJydNU1vDvheAlZxPiu6ToVOD5IODPluUHURGI9GFJjoguLyugOrolox/yVLYQVuNPxhFkTTxxAdWM=,iv:oj/oVC56xW1MYfRHL27yOoQFMHqVM4pixRpJKAcHJGA=,tag:mUq+a4sv0ODXbz+JRh4Mig==,type:str]
+ lastmodified: "2021-10-26T15:49:25Z"
+ mac: ENC[AES256_GCM,data:gBIXaxYPpO7vfq6ftQ73jHwcYYBHNbgcHFI0BeNRPHrhs3naRbhpV/iPyAtgSkm3gfbjYpPNeBVlQaXaFAx58OOv3t8TTO/DCf6tfFduA3ijHS/Kmeenj2llxwPUQ0jMPh44ae+yGhfz5MF9HnMIjsA61w3mxFQZBexMm4lk5Dc=,iv:Ifg7A3AhS7zw22wkyf8r40aV5azK82ZxEC8tUkhzu+g=,tag:Hdkr6EDLQP5l8k/Jr4/weA==,type:str]
pgp:
- created_at: "2021-10-26T12:21:59Z"
enc: |-
diff --git a/users/vincent/default.nix b/users/vincent/default.nix
@@ -16,6 +16,10 @@ let
in
{
warnings = if (versionAtLeast config.system.nixos.release "21.11") then [ ] else [ "NixOS release: ${config.system.nixos.release}" ];
+ sops.secrets.u2f_keys = mkIf (config.profiles.yubikey.enable && config.profiles.yubikey.u2f) {
+ path = "/home/vincent/.config/Yubico/u2f_keys";
+ owner = "vincent";
+ };
users.users.vincent = {
createHome = true;
uid = 1000;
@@ -94,9 +98,6 @@ in
home.packages = with pkgs; [ docker docker-compose ];
}
]
- ++ optionals (config.profiles.yubikey.enable && config.profiles.yubikey.u2f) [{
- home.file.".config/Yubico/u2f_keys".source = pkgs.mkSecret ../../secrets/u2f_keys;
- }]
++ optionals (isContainersEnabled && config.profiles.dev.enable) [ (import ./containers) ]
++ optionals config.profiles.redhat.enable [{
home.file.".local/share/applications/redhat-vpn.desktop".source = ./redhat/redhat-vpn.desktop;