Commit 6c102017335b

Vincent Demeester <vincent@sbr.pm>
2021-10-26 18:52:32
users/vincent: add u2f_keys into sops-nix
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent 964fc3c
Changed files (2)
secrets
secrets.yaml
users
vincent
default.nix
secrets/secrets.yaml
@@ -1,12 +1,13 @@
 msmtprc: ENC[AES256_GCM,data:UK3LD90KSvyim3wH3pU7vkHTgyHgZmLjW7nkGjXRvSVsN5Tq0/8daWg6kgUWoaNdQaSIHR7QLRs+5pe3J8brnOuqqmOWgwyguXuq/gWGGVdAc/p3UcCRGxPKgnqAqOG9YSnnHRVJu9nR+TvZFw9Me2aMwf8CDlrxNL55jm81Xk7vO1z3/cnaa6bS4ZrrMfQ/g45woLdB2rkSwdDLIbrfAZt3Amfiu77TB8vyGGTyjxJO7Fm8xT4met/AVUvoV87rieeCmV55BHumZXe3rZc/RgkA,iv:XjPgnXzyOlm8hjc/NG86IuUjGduZTAuwuSZPhO0zD3U=,tag:QsFvme8ug4HLmGK4RKGjhg==,type:str]
+u2f_keys: ENC[AES256_GCM,data:WTgwH7/vUO+aEXWkkEQ8gZrD02pAFGMeHsXzV0U7zUiSvDd3xwKn4gxdNlwobaa2eiPbfeLGbQGsvLeCpsYszN0AfGk1wDUYl3HuBI/Aojd9uZK8GKJlHxsKCFbGj+G8CM+G+bpCWeuRvvYbmj34pzCIQ3l/BMpxz+CzdhiOrF8IN20GIqAlxQfiZz4WbjS29UeDmJzWIIrNPh7xzEPHlDdk4zFphNB0cpiEP1XWgIpNtNVNNqqBo3jmFjZxeU67YR8U5brPfwMjWzxggwpHLIUvZy5AhVfImJGKJrkrxoGwJQ==,iv:Oz+eUIIu30XIQPGErnPIFXblj1rA0x2rwEVo+VW1R/k=,tag:qmSmxNvbLqBUR3baO8mPsw==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2021-10-26T12:22:49Z"
-    mac: ENC[AES256_GCM,data:8waxJdIbg9mrvANpjEjG5dGFDFE2QH6qoVAnrNhJu6xcAG3GPdVI8SrT04zWuGYZjII1TCbWHUuxNsZ9FKpRlNrctcp4hdJydNU1vDvheAlZxPiu6ToVOD5IODPluUHURGI9GFJjoguLyugOrolox/yVLYQVuNPxhFkTTxxAdWM=,iv:oj/oVC56xW1MYfRHL27yOoQFMHqVM4pixRpJKAcHJGA=,tag:mUq+a4sv0ODXbz+JRh4Mig==,type:str]
+    lastmodified: "2021-10-26T15:49:25Z"
+    mac: ENC[AES256_GCM,data:gBIXaxYPpO7vfq6ftQ73jHwcYYBHNbgcHFI0BeNRPHrhs3naRbhpV/iPyAtgSkm3gfbjYpPNeBVlQaXaFAx58OOv3t8TTO/DCf6tfFduA3ijHS/Kmeenj2llxwPUQ0jMPh44ae+yGhfz5MF9HnMIjsA61w3mxFQZBexMm4lk5Dc=,iv:Ifg7A3AhS7zw22wkyf8r40aV5azK82ZxEC8tUkhzu+g=,tag:Hdkr6EDLQP5l8k/Jr4/weA==,type:str]
     pgp:
         - created_at: "2021-10-26T12:21:59Z"
           enc: |-
users/vincent/default.nix
@@ -16,6 +16,10 @@ let
 in
 {
   warnings = if (versionAtLeast config.system.nixos.release "21.11") then [ ] else [ "NixOS release: ${config.system.nixos.release}" ];
+  sops.secrets.u2f_keys = mkIf (config.profiles.yubikey.enable && config.profiles.yubikey.u2f) {
+    path = "/home/vincent/.config/Yubico/u2f_keys";
+    owner = "vincent";
+  };
   users.users.vincent = {
     createHome = true;
     uid = 1000;
@@ -94,9 +98,6 @@ in
           home.packages = with pkgs; [ docker docker-compose ];
         }
       ]
-      ++ optionals (config.profiles.yubikey.enable && config.profiles.yubikey.u2f) [{
-        home.file.".config/Yubico/u2f_keys".source = pkgs.mkSecret ../../secrets/u2f_keys;
-      }]
       ++ optionals (isContainersEnabled && config.profiles.dev.enable) [ (import ./containers) ]
       ++ optionals config.profiles.redhat.enable [{
         home.file.".local/share/applications/redhat-vpn.desktop".source = ./redhat/redhat-vpn.desktop;