nixManager: use a shared agent.. does not work with confirm...
This commit is contained in:
parent
e8ea6e3359
commit
981727e81c
@ -27,7 +27,8 @@ rebuild() {
|
||||
return 0
|
||||
fi
|
||||
|
||||
nixos-rebuild ${TRACE} --flake .#${1} --build-host root@${host} --target-host root@${host} switch
|
||||
set -x
|
||||
nixos-rebuild ${TRACE} --flake .#${1} --build-host ssh-ng://root@${host} --target-host ssh-ng://root@${host} switch
|
||||
return $?
|
||||
}
|
||||
|
||||
|
@ -10,6 +10,7 @@
|
||||
#!/usr/bin/env sh
|
||||
${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@
|
||||
'';
|
||||
cfg = config.nixManager;
|
||||
in
|
||||
with lib; {
|
||||
options = {
|
||||
@ -25,17 +26,31 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.nixManager.enable {
|
||||
config = mkIf cfg.enable {
|
||||
sops.defaultSopsFile = config.xin-secrets.manager;
|
||||
sops.secrets = {
|
||||
xin_status_key = {owner = config.nixManager.user;};
|
||||
xin_status_pubkey = {owner = config.nixManager.user;};
|
||||
manager_key = {owner = config.nixManager.user;};
|
||||
manager_pubkey = {owner = config.nixManager.user;};
|
||||
ca_key = {owner = config.nixManager.user;};
|
||||
ca_cert = {owner = config.nixManager.user;};
|
||||
po_env = {owner = config.nixManager.user;};
|
||||
xin_status_key = {owner = cfg.user;};
|
||||
xin_status_pubkey = {owner = cfg.user;};
|
||||
manager_key = {owner = cfg.user;};
|
||||
manager_pubkey = {owner = cfg.user;};
|
||||
ca_key = {owner = cfg.user;};
|
||||
ca_cert = {owner = cfg.user;};
|
||||
po_env = {owner = cfg.user;};
|
||||
};
|
||||
|
||||
systemd.services.ssh-agent = {
|
||||
wantedBy = ["multi-user.target"];
|
||||
environment.SSH_AUTH_SOCK = config.environment.variables.SSH_AUTH_SOCK;
|
||||
serviceConfig = {
|
||||
ExecStartPre = "${pkgs.coreutils}/bin/rm -f $SSH_AUTH_SOCK";
|
||||
ExecStart = "${pkgs.openssh}/bin/ssh-agent -D -a $SSH_AUTH_SOCK";
|
||||
User = "${cfg.user}";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.nix-daemon.environment.SSH_AUTH_SOCK = config.environment.variables.SSH_AUTH_SOCK;
|
||||
environment.variables.SSH_AUTH_SOCK = "/tmp/ssh-agent.socket";
|
||||
|
||||
environment.systemPackages = [
|
||||
microca
|
||||
inputs.xintray.packages.${pkgs.system}.xintray
|
||||
|
Loading…
Reference in New Issue
Block a user