diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-06-12 07:40:53 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-06-12 07:40:53 -0700 |
| commit | ec2afd9e927a521edfb68ad9eb3e0e8391d12156 (patch) | |
| tree | f348f44d197acf8ee9fff40fef5e04cc1c69b15b /flake.nix | |
| parent | configure `aspell` properly to work with Emacs (diff) | |
| download | infra-ec2afd9e927a521edfb68ad9eb3e0e8391d12156.tar.gz | |
use a dedicated SSH key for agenix
The key is still stored in 1password, and we add a script to
synchronize the key to the host.
The existing keys have been rekeyed with the new key.
Diffstat (limited to 'flake.nix')
| -rw-r--r-- | flake.nix | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -63,6 +63,7 @@ system: import nixpkgs { inherit system; + config.allowUnfree = true; overlays = overlays; }; @@ -182,6 +183,14 @@ echo "> darwin-rebuild build was successful ✅" echo "> macOS config was successfully applied 🚀" '') + (pkgs.writeScriptBin "sync-agenix-key" '' + set -e + echo "> Copying agenix SSH key from 1password ..." + mkdir -p ~/.ssh + ${pkgs._1password-cli}/bin/op --account my.1password.com read "op://Private/agenix/private key?ssh-format=openssh" > ~/.ssh/agenix + ${pkgs._1password-cli}/bin/op --account my.1password.com read "op://Private/agenix/public key" > ~/.ssh/agenix.pub + echo "> agenix SSH key copied successfully 🔐" + '') ] else [ ]; |