aboutsummaryrefslogtreecommitdiff
path: root/home
diff options
context:
space:
mode:
Diffstat (limited to 'home')
-rw-r--r--home/programs/age.nix37
1 files changed, 35 insertions, 2 deletions
diff --git a/home/programs/age.nix b/home/programs/age.nix
index e41d0d8..2e472ad 100644
--- a/home/programs/age.nix
+++ b/home/programs/age.nix
@@ -1,13 +1,46 @@
{ pkgs, config, ... }:
+let
+ # identities are stored outside of the store
+ passage_identity_dir = "${config.xdg.configHome}/passage";
+ passage_identities_file = "${passage_identity_dir}/identities";
+ passage_dir = "${config.xdg.dataHome}/passage/store";
+ passage_recipients_file = "${passage_dir}/.age-recipients";
+ passage-yubikey-update = pkgs.writeShellApplication {
+ name = "passage-yubikey-update";
+ runtimeInputs = with pkgs; [
+ age-plugin-yubikey
+ ];
+ text = ''
+ if ! [[ -d "${passage_dir}" ]]; then
+ echo >&2 "Error: ${passage_dir} must be created manually."
+ exit 1
+ fi
+
+ identitiesFile="${passage_identities_file}"
+ recipientsFile="${passage_recipients_file}"
+
+ mkdir -p "$(dirname "$identitiesFile")"
+ mkdir -p "$(dirname "$recipientsFile")"
+
+ age-plugin-yubikey --identity >> "$identitiesFile"
+ echo >&2 "Updated $identitiesFile"
+
+ age-plugin-yubikey --list >> "$recipientsFile"
+ echo >&2 "Updated $recipientsFile"
+ '';
+ };
+in
{
home.packages = with pkgs; [
age
age-plugin-yubikey
passage
+ passage-yubikey-update
];
home.sessionVariables = {
- "PASSAGE_DIR" = "${config.xdg.dataHome}/passage";
- "PASSAGE_IDENTITIES_FILE" = "${config.xdg.dataHome}/passage/identities";
+ PASSAGE_DIR = "${passage_dir}";
+ PASSAGE_RECIPIENTS_FILE = "${passage_dir}/.age-recipients";
+ PASSAGE_IDENTITIES_FILE = "${passage_identities_file}";
};
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-20 11:41:10 +0000