nixManager: use a shared agent.. does not work with confirm...

This commit is contained in:
Aaron Bieber 2023-07-12 10:38:50 -06:00
parent e8ea6e3359
commit 981727e81c
No known key found for this signature in database
2 changed files with 25 additions and 9 deletions

View File

@ -27,7 +27,8 @@ rebuild() {
return 0
fi
nixos-rebuild ${TRACE} --flake .#${1} --build-host root@${host} --target-host root@${host} switch
set -x
nixos-rebuild ${TRACE} --flake .#${1} --build-host ssh-ng://root@${host} --target-host ssh-ng://root@${host} switch
return $?
}

View File

@ -10,6 +10,7 @@
#!/usr/bin/env sh
${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@
'';
cfg = config.nixManager;
in
with lib; {
options = {
@ -25,17 +26,31 @@ in
};
};
config = mkIf config.nixManager.enable {
config = mkIf cfg.enable {
sops.defaultSopsFile = config.xin-secrets.manager;
sops.secrets = {
xin_status_key = {owner = config.nixManager.user;};
xin_status_pubkey = {owner = config.nixManager.user;};
manager_key = {owner = config.nixManager.user;};
manager_pubkey = {owner = config.nixManager.user;};
ca_key = {owner = config.nixManager.user;};
ca_cert = {owner = config.nixManager.user;};
po_env = {owner = config.nixManager.user;};
xin_status_key = {owner = cfg.user;};
xin_status_pubkey = {owner = cfg.user;};
manager_key = {owner = cfg.user;};
manager_pubkey = {owner = cfg.user;};
ca_key = {owner = cfg.user;};
ca_cert = {owner = cfg.user;};
po_env = {owner = cfg.user;};
};
systemd.services.ssh-agent = {
wantedBy = ["multi-user.target"];
environment.SSH_AUTH_SOCK = config.environment.variables.SSH_AUTH_SOCK;
serviceConfig = {
ExecStartPre = "${pkgs.coreutils}/bin/rm -f $SSH_AUTH_SOCK";
ExecStart = "${pkgs.openssh}/bin/ssh-agent -D -a $SSH_AUTH_SOCK";
User = "${cfg.user}";
};
};
systemd.services.nix-daemon.environment.SSH_AUTH_SOCK = config.environment.variables.SSH_AUTH_SOCK;
environment.variables.SSH_AUTH_SOCK = "/tmp/ssh-agent.socket";
environment.systemPackages = [
microca
inputs.xintray.packages.${pkgs.system}.xintray