| Skyler Grey | 67cf8aa | 2024-07-28 13:21:32 +0000 | [diff] [blame] | 1 | # SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors |
| 2 | # SPDX-FileCopyrightText: 2024 Clicks Codes |
| 3 | # |
| 4 | # SPDX-License-Identifier: GPL-3.0-only |
| 5 | |
| 6 | { config, lib, pkgs, inputs, ... }: let |
| 7 | cfg = config.clicks.security.secrets; |
| 8 | in { |
| 9 | options.clicks.security.secrets.enable = lib.mkOption { |
| 10 | description = "Enable using agenix-rekey for secrets"; |
| 11 | type = lib.types.bool; |
| Skyler Grey | 4bf2de5 | 2024-07-29 17:55:05 +0000 | [diff] [blame] | 12 | default = config.clicks.defaults.enable; |
| Skyler Grey | 67cf8aa | 2024-07-28 13:21:32 +0000 | [diff] [blame] | 13 | }; |
| 14 | |
| Skyler Grey | ec13fbd | 2024-08-03 08:11:04 +0000 | [diff] [blame] | 15 | options.age = {}; # Required definition for lib.optionalAttrs... |
| 16 | |
| 17 | config.age = lib.optionalAttrs cfg.enable { |
| 18 | rekey = { |
| Samuel Shuert | c6f6303 | 2024-12-31 11:09:23 -0500 | [diff] [blame^] | 19 | masterIdentities = |
| 20 | let |
| 21 | keyPath = "${inputs.self}/secrets/keys"; |
| 22 | in [ |
| 23 | "${keyPath}/minion/collabora-yubikey.pub" |
| 24 | "${keyPath}/minion/tiny-yubikey.pub" |
| 25 | "${keyPath}/minion/iyubikey.pub" |
| 26 | "${keyPath}/coded/ShorthairNano.pub" |
| Skyler Grey | 67cf8aa | 2024-07-28 13:21:32 +0000 | [diff] [blame] | 27 | ]; |
| 28 | storageMode = "local"; |
| 29 | generatedSecretsDir = lib.snowfall.fs.get-snowfall-file "secrets/generated/${config.networking.hostName}"; |
| 30 | localStorageDir = lib.snowfall.fs.get-snowfall-file "secrets/rekeyed/${config.networking.hostName}"; |
| 31 | }; |
| 32 | |
| Skyler Grey | ec13fbd | 2024-08-03 08:11:04 +0000 | [diff] [blame] | 33 | identityPaths = lib.mkIf config.clicks.storage.impermanence.enable [ |
| Skyler Grey | 67cf8aa | 2024-07-28 13:21:32 +0000 | [diff] [blame] | 34 | "/persist/data/etc/ssh/ssh_host_ed25519_key" |
| 35 | "/persist/data/etc/ssh/ssh_host_rsa_key" |
| 36 | ]; |
| 37 | }; |
| 38 | } |