blob: 2e472ad0d0de48b5eb00a99d4d6805ffadca7080 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
{ pkgs, config, ... }:
let
# identities are stored outside of the store
passage_identity_dir = "${config.xdg.configHome}/passage";
passage_identities_file = "${passage_identity_dir}/identities";
passage_dir = "${config.xdg.dataHome}/passage/store";
passage_recipients_file = "${passage_dir}/.age-recipients";
passage-yubikey-update = pkgs.writeShellApplication {
name = "passage-yubikey-update";
runtimeInputs = with pkgs; [
age-plugin-yubikey
];
text = ''
if ! [[ -d "${passage_dir}" ]]; then
echo >&2 "Error: ${passage_dir} must be created manually."
exit 1
fi
identitiesFile="${passage_identities_file}"
recipientsFile="${passage_recipients_file}"
mkdir -p "$(dirname "$identitiesFile")"
mkdir -p "$(dirname "$recipientsFile")"
age-plugin-yubikey --identity >> "$identitiesFile"
echo >&2 "Updated $identitiesFile"
age-plugin-yubikey --list >> "$recipientsFile"
echo >&2 "Updated $recipientsFile"
'';
};
in
{
home.packages = with pkgs; [
age
age-plugin-yubikey
passage
passage-yubikey-update
];
home.sessionVariables = {
PASSAGE_DIR = "${passage_dir}";
PASSAGE_RECIPIENTS_FILE = "${passage_dir}/.age-recipients";
PASSAGE_IDENTITIES_FILE = "${passage_identities_file}";
};
}
|
