AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

attempt to fix secrets module

Browse Source
This commit is contained in:
Dmitriy Kholkin 2022-08-18 18:57:47 +03:00
parent 4294c03bd2
commit 4bb565b0d2
2 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
modules/secrets.nix
View File

@ -2,7 +2,7 @@
with lib; with lib;
with types; with types;
let let
password-store = "${config.home-manager.users.alukard.xdg.dataHome}/password-store"; password-store = config.secretsConfig.password-store;
secret = { name, ... }: { secret = { name, ... }: {
options = { options = {
encrypted = mkOption { encrypted = mkOption {
@ -16,6 +16,7 @@ let
decrypt = mkOption { decrypt = mkOption {
default = pkgs.writeShellScript "gpg-decrypt" '' default = pkgs.writeShellScript "gpg-decrypt" ''
set -euo pipefail set -euo pipefail
export GNUPGHOME=${config.secretsConfig.gnupgHome}
export GPG_TTY="$(tty)" export GPG_TTY="$(tty)"
${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye 1>&2 ${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye 1>&2
${pkgs.gnupg}/bin/gpg --batch --no-tty --decrypt ${pkgs.gnupg}/bin/gpg --batch --no-tty --decrypt
@ -120,6 +121,14 @@ in {
}; };
options.secretsConfig = { options.secretsConfig = {
password-store = lib.mkOption {
type = lib.types.path;
default = "${config.home-manager.users.alukard.xdg.dataHome}/password-store";
};
gnupgHome = lib.mkOption {
type = lib.types.path;
default = "${config.home-manager.users.alukard.xdg.dataHome}/gnupg";
};
repo = lib.mkOption { repo = lib.mkOption {
type = str; type = str;
default = "gitea@code.ataraxiadev.com:AtaraxiaDev/pass.git"; default = "gitea@code.ataraxiadev.com:AtaraxiaDev/pass.git";
@ -152,12 +161,12 @@ in {
Service = { Service = {
Environment = [ Environment = [
"PASSWORD_STORE_DIR=${password-store}" "PASSWORD_STORE_DIR=${password-store}"
"PATH=${with pkgs; lib.makeBinPath [ pass inotify-tools gnupg git ]}" "PATH=${with pkgs; lib.makeBinPath [ pass inotify-tools gnupg ]}"
]; ];
ExecStart = toString (pkgs.writeShellScript "pass-store-sync" '' ExecStart = toString (pkgs.writeShellScript "pass-store-sync" ''
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
while inotifywait "$PASSWORD_STORE_DIR" -r -e move -e close_write -e create -e delete --exclude .git; do while inotifywait "$PASSWORD_STORE_DIR" -r -e move -e close_write -e create -e delete --exclude .git; do
sleep 1 sleep 0.1
pass git add --all pass git add --all
pass git commit -m "$(date +%F)_$(date +%T)" pass git commit -m "$(date +%F)_$(date +%T)"
pass git pull --rebase pass git pull --rebase

4
profiles/workspace/gpg.nix
View File

@ -3,7 +3,7 @@ with config.deviceSpecific; {
home-manager.users.alukard = { home-manager.users.alukard = {
programs.gpg = { programs.gpg = {
enable = true; enable = true;
homedir = "${config.home-manager.users.alukard.xdg.dataHome}/gnupg"; homedir = config.secretsConfig.gnupgHome;
}; };
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
@ -20,7 +20,7 @@ with config.deviceSpecific; {
Environment = lib.mkForce [ Environment = lib.mkForce [
"GPG_TTY=/dev/tty1" "GPG_TTY=/dev/tty1"
"DISPLAY=:0" "DISPLAY=:0"
"GNUPGHOME=${config.home-manager.users.alukard.xdg.dataHome}/gnupg" "GNUPGHOME=${config.secretsConfig.gnupgHome}"
]; ];
}; };
}; };