From 92223a49cdbc57a3038aa0cea393f9931b9d36b8 Mon Sep 17 00:00:00 2001 From: Noah Masur <7386960+nmasur@users.noreply.github.com> Date: Mon, 3 Oct 2022 04:05:07 +0000 Subject: [PATCH] separate age ssh key setup from nextcloud --- modules/mail/himalaya.nix | 9 +++++---- modules/services/nextcloud.nix | 20 ++++++++------------ modules/shell/age.nix | 24 ++++++++++++++++++++++-- 3 files changed, 35 insertions(+), 18 deletions(-) diff --git a/modules/mail/himalaya.nix b/modules/mail/himalaya.nix index 4e8963a..9fe91e0 100644 --- a/modules/mail/himalaya.nix +++ b/modules/mail/himalaya.nix @@ -72,10 +72,11 @@ }; mu.enable = false; notmuch.enable = false; - passwordCommand = - "${pkgs.age}/bin/age --decrypt --identity ${config.homePath}/.ssh/id_ed25519 ${ - builtins.toString ./mailpass.age - }"; + passwordCommand = '' + ${pkgs.age}/bin/age --decrypt \ + --identity ${config.identityFile} \ + ${builtins.toString ./mailpass.age} + ''; smtp = { host = "smtp.purelymail.com"; port = 465; diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index 415a8c7..39db55d 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -6,6 +6,8 @@ let in { + imports = [ ../shell/age.nix ]; + options = { nextcloudServer = lib.mkOption { @@ -65,20 +67,13 @@ in { }]; # Create credentials files - system.activationScripts.nextcloud.text = - let identityFile = "${config.homePath}/.ssh/id_ed25519"; - in '' - if [ ! -f "${identityFile}" ]; then - $DRY_RUN_CMD echo -e \nEnter the seed phrase for your SSH key...\n - $DRY_RUN_CMD echo -e \nThen press ^D when complete.\n\n - $DRY_RUN_CMD ${pkgs.melt}/bin/melt restore ${identityFile} - $DRY_RUN_CMD chown ${config.user}:wheel ${identityFile}* - $DRY_RUN_CMD echo -e \n\nContinuing activation.\n\n - fi + system.activationScripts.nextcloud = { + deps = [ "age" ]; + text = '' if [ ! -f "${adminpassFile}" ]; then $DRY_RUN_CMD mkdir --parents $VERBOSE_ARG $(dirname ${adminpassFile}) $DRY_RUN_CMD ${pkgs.age}/bin/age --decrypt \ - --identity ${identityFile} \ + --identity ${config.identityFile} \ --output ${adminpassFile} \ ${builtins.toString ../../private/nextcloud.age} $DRY_RUN_CMD chown nextcloud:nextcloud ${adminpassFile} @@ -86,12 +81,13 @@ in { if [ ! -f "${s3SecretFile}" ]; then $DRY_RUN_CMD mkdir --parents $VERBOSE_ARG $(dirname ${s3SecretFile}) $DRY_RUN_CMD ${pkgs.age}/bin/age --decrypt \ - --identity ${identityFile} \ + --identity ${config.identityFile} \ --output ${s3SecretFile} \ ${builtins.toString ../../private/nextcloud-s3.age} $DRY_RUN_CMD chown nextcloud:nextcloud ${s3SecretFile} fi ''; + }; }; diff --git a/modules/shell/age.nix b/modules/shell/age.nix index 338be8e..87cf6df 100644 --- a/modules/shell/age.nix +++ b/modules/shell/age.nix @@ -1,5 +1,25 @@ -{ config, pkgs, ... }: { +{ config, pkgs, lib, ... }: { - home-manager.users.${config.user}.home.packages = with pkgs; [ age ]; + options = { + identityFile = lib.mkOption { + type = lib.types.str; + description = "Path to SSH key for age"; + default = "${config.homePath}/.ssh/id_ed25519"; + }; + }; + + config = { + home-manager.users.${config.user}.home.packages = with pkgs; [ age ]; + + system.activationScripts.age.text = '' + if [ ! -f "${config.identityFile}" ]; then + $DRY_RUN_CMD echo -e \nEnter the seed phrase for your SSH key...\n + $DRY_RUN_CMD echo -e \nThen press ^D when complete.\n\n + $DRY_RUN_CMD ${pkgs.melt}/bin/melt restore ${config.identityFile} + $DRY_RUN_CMD chown ${config.user}:wheel ${config.identityFile}* + $DRY_RUN_CMD echo -e \n\nContinuing activation.\n\n + fi + ''; + }; }