titaniumtown/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

secureboot keys

Browse Source
This commit is contained in:
Simon Gardling 2024-09-19 13:31:56 -04:00
parent 3700ff0ffe
commit 932b1f739b
Signed by: titaniumtown
GPG Key ID: 9AB28AC10ECE533D
6 changed files with 29 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitattributes vendored
View File

@ -1,2 +1,3 @@
nix/home-manager/secrets/factorio.nix filter=git-agecrypt diff=git-agecrypt nix/home-manager/secrets/factorio.nix filter=git-agecrypt diff=git-agecrypt
nix/etcnixos/secrets/wifi-passwords.nix filter=git-agecrypt diff=git-agecrypt nix/etcnixos/secrets/wifi-passwords.nix filter=git-agecrypt diff=git-agecrypt
nix/etcnixos/secrets/secureboot.tar filter=git-agecrypt diff=git-agecrypt

12
git-agecrypt.toml
View File

@ -1,9 +1,13 @@
[config] [config]
"nix/etcnixos/secrets/wifi-passwords.nix" = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH",
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJjT5QZ3zRDb+V6Em20EYpSEgPW5e/U+06uQGJdraxi",
]
"nix/home-manager/secrets/factorio.nix" = [ "nix/home-manager/secrets/factorio.nix" = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH", "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH",
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJjT5QZ3zRDb+V6Em20EYpSEgPW5e/U+06uQGJdraxi", "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJjT5QZ3zRDb+V6Em20EYpSEgPW5e/U+06uQGJdraxi",
] ]
"nix/etcnixos/secrets/secureboot.tar" = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH",
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJjT5QZ3zRDb+V6Em20EYpSEgPW5e/U+06uQGJdraxi",
]
"nix/etcnixos/secrets/wifi-passwords.nix" = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH",
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJjT5QZ3zRDb+V6Em20EYpSEgPW5e/U+06uQGJdraxi",
]

4
justfile
View File

@ -7,11 +7,11 @@ format_system:
run0 nixfmt /etc/nixos run0 nixfmt /etc/nixos
system_update: system_update:
run0 nix flake update --flake /etc/nixos run0 nix flake update /etc/nixos
run0 nixos-rebuild boot --impure run0 nixos-rebuild boot --impure
home_update: home_update:
nix flake update --flake ~/.config/home-manager nix flake update ~/.config/home-manager
rm -fr ~/.gtkrc-2.0 rm -fr ~/.gtkrc-2.0
home-manager switch --impure home-manager switch --impure

6
nix/etcnixos/flake.lock generated
View File

@ -332,11 +332,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1726759964, "lastModified": 1726766095,
"narHash": "sha256-d7ej4YWIxJs81uxlQSeiAUTqRLHJFhEtmbqIltKN1SI=", "narHash": "sha256-QapPXaSkDmiaJ3WcCIvF8vnyzCfuxd0xgUO+H7ShJ5E=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6886cfd66b1a58135d1e262d76834f77b2235f35", "rev": "223f611353f687cc301b0285f4fabe015d100754",
"type": "github" "type": "github"
}, },
"original": { "original": {

BIN
nix/etcnixos/secrets/secureboot.tar Normal file
View File

Binary file not shown.

15
nix/etcnixos/system-mreow.nix
View File

@ -109,4 +109,19 @@
#weird hack to get swaylock working? idk, if you don't put this here, password entry doesnt work #weird hack to get swaylock working? idk, if you don't put this here, password entry doesnt work
#if I move to another lock screen program, i will have to replace `swaylock` #if I move to another lock screen program, i will have to replace `swaylock`
security.pam.services.swaylock = { }; security.pam.services.swaylock = { };
system.activationScripts = {
"secureboot-keys".text =
let
secureboot_path = "/etc/secureboot";
in
''
#!/bin/sh
rm -fr ${secureboot_path}
mkdir -p ${secureboot_path}
${pkgs.gnutar}/bin/tar xf /etc/nixos/secrets/secureboot.tar -C ${secureboot_path}
'';
};
} }