home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

move age keys to /etc

Browse source 
closes #33
This commit is contained in:
Pim Kunis 2024-01-08 20:47:12 +01:00
parent aba16d3fd1
commit 0d150b3236
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
bootstrap.sh
View file

@ -34,12 +34,12 @@ trap cleanup EXIT
# Create directory where age key will go. # Create directory where age key will go.
# Nixos-anwhere creates a kind of overlay and retains this structure on the final file system. # Nixos-anwhere creates a kind of overlay and retains this structure on the final file system.
mkdir "$temp/root" mkdir "$temp/etc"
secret-tool lookup age-identity "$servername" > "$temp/root/age_ed25519" secret-tool lookup age-identity "$servername" > "$temp/etc/age_ed25519"
# Set the correct permissions # Set the correct permissions
chmod 600 "$temp/root/age_ed25519" chmod 600 "$temp/etc/age_ed25519"
# Install NixOS to the host system with our age identity # Install NixOS to the host system with our age identity
nix run github:numtide/nixos-anywhere -- --extra-files "$temp" --flake ".#${servername}" "root@${hostname}" nix run github:numtide/nixos-anywhere -- --extra-files "$temp" --flake ".#${servername}" "root@${hostname}"

2
nixos/default.nix
View file

@ -117,7 +117,7 @@
hardware.cpu.intel.updateMicrocode = hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware; lib.mkDefault config.hardware.enableRedistributableFirmware;
age.identityPaths = [ "/root/age_ed25519" ]; age.identityPaths = [ "/etc/age_ed25519" ];
virtualisation.libvirtd.enable = true; virtualisation.libvirtd.enable = true;