separate age ssh key setup from nextcloud

This commit is contained in:
Noah Masur 2022-10-03 04:05:07 +00:00
parent 2434376963
commit 92223a49cd
3 changed files with 35 additions and 18 deletions

View File

@ -72,10 +72,11 @@
}; };
mu.enable = false; mu.enable = false;
notmuch.enable = false; notmuch.enable = false;
passwordCommand = passwordCommand = ''
"${pkgs.age}/bin/age --decrypt --identity ${config.homePath}/.ssh/id_ed25519 ${ ${pkgs.age}/bin/age --decrypt \
builtins.toString ./mailpass.age --identity ${config.identityFile} \
}"; ${builtins.toString ./mailpass.age}
'';
smtp = { smtp = {
host = "smtp.purelymail.com"; host = "smtp.purelymail.com";
port = 465; port = 465;

View File

@ -6,6 +6,8 @@ let
in { in {
imports = [ ../shell/age.nix ];
options = { options = {
nextcloudServer = lib.mkOption { nextcloudServer = lib.mkOption {
@ -65,20 +67,13 @@ in {
}]; }];
# Create credentials files # Create credentials files
system.activationScripts.nextcloud.text = system.activationScripts.nextcloud = {
let identityFile = "${config.homePath}/.ssh/id_ed25519"; deps = [ "age" ];
in '' text = ''
if [ ! -f "${identityFile}" ]; then
$DRY_RUN_CMD echo -e \nEnter the seed phrase for your SSH key...\n
$DRY_RUN_CMD echo -e \nThen press ^D when complete.\n\n
$DRY_RUN_CMD ${pkgs.melt}/bin/melt restore ${identityFile}
$DRY_RUN_CMD chown ${config.user}:wheel ${identityFile}*
$DRY_RUN_CMD echo -e \n\nContinuing activation.\n\n
fi
if [ ! -f "${adminpassFile}" ]; then if [ ! -f "${adminpassFile}" ]; then
$DRY_RUN_CMD mkdir --parents $VERBOSE_ARG $(dirname ${adminpassFile}) $DRY_RUN_CMD mkdir --parents $VERBOSE_ARG $(dirname ${adminpassFile})
$DRY_RUN_CMD ${pkgs.age}/bin/age --decrypt \ $DRY_RUN_CMD ${pkgs.age}/bin/age --decrypt \
--identity ${identityFile} \ --identity ${config.identityFile} \
--output ${adminpassFile} \ --output ${adminpassFile} \
${builtins.toString ../../private/nextcloud.age} ${builtins.toString ../../private/nextcloud.age}
$DRY_RUN_CMD chown nextcloud:nextcloud ${adminpassFile} $DRY_RUN_CMD chown nextcloud:nextcloud ${adminpassFile}
@ -86,12 +81,13 @@ in {
if [ ! -f "${s3SecretFile}" ]; then if [ ! -f "${s3SecretFile}" ]; then
$DRY_RUN_CMD mkdir --parents $VERBOSE_ARG $(dirname ${s3SecretFile}) $DRY_RUN_CMD mkdir --parents $VERBOSE_ARG $(dirname ${s3SecretFile})
$DRY_RUN_CMD ${pkgs.age}/bin/age --decrypt \ $DRY_RUN_CMD ${pkgs.age}/bin/age --decrypt \
--identity ${identityFile} \ --identity ${config.identityFile} \
--output ${s3SecretFile} \ --output ${s3SecretFile} \
${builtins.toString ../../private/nextcloud-s3.age} ${builtins.toString ../../private/nextcloud-s3.age}
$DRY_RUN_CMD chown nextcloud:nextcloud ${s3SecretFile} $DRY_RUN_CMD chown nextcloud:nextcloud ${s3SecretFile}
fi fi
''; '';
};
}; };

View File

@ -1,5 +1,25 @@
{ config, pkgs, ... }: { { config, pkgs, lib, ... }: {
home-manager.users.${config.user}.home.packages = with pkgs; [ age ]; options = {
identityFile = lib.mkOption {
type = lib.types.str;
description = "Path to SSH key for age";
default = "${config.homePath}/.ssh/id_ed25519";
};
};
config = {
home-manager.users.${config.user}.home.packages = with pkgs; [ age ];
system.activationScripts.age.text = ''
if [ ! -f "${config.identityFile}" ]; then
$DRY_RUN_CMD echo -e \nEnter the seed phrase for your SSH key...\n
$DRY_RUN_CMD echo -e \nThen press ^D when complete.\n\n
$DRY_RUN_CMD ${pkgs.melt}/bin/melt restore ${config.identityFile}
$DRY_RUN_CMD chown ${config.user}:wheel ${config.identityFile}*
$DRY_RUN_CMD echo -e \n\nContinuing activation.\n\n
fi
'';
};
} }