nixManager: use a shared agent.. does not work with confirm...
This commit is contained in:
parent
e8ea6e3359
commit
981727e81c
@ -27,7 +27,8 @@ rebuild() {
|
|||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
nixos-rebuild ${TRACE} --flake .#${1} --build-host root@${host} --target-host root@${host} switch
|
set -x
|
||||||
|
nixos-rebuild ${TRACE} --flake .#${1} --build-host ssh-ng://root@${host} --target-host ssh-ng://root@${host} switch
|
||||||
return $?
|
return $?
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -10,6 +10,7 @@
|
|||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@
|
${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@
|
||||||
'';
|
'';
|
||||||
|
cfg = config.nixManager;
|
||||||
in
|
in
|
||||||
with lib; {
|
with lib; {
|
||||||
options = {
|
options = {
|
||||||
@ -25,17 +26,31 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf config.nixManager.enable {
|
config = mkIf cfg.enable {
|
||||||
sops.defaultSopsFile = config.xin-secrets.manager;
|
sops.defaultSopsFile = config.xin-secrets.manager;
|
||||||
sops.secrets = {
|
sops.secrets = {
|
||||||
xin_status_key = {owner = config.nixManager.user;};
|
xin_status_key = {owner = cfg.user;};
|
||||||
xin_status_pubkey = {owner = config.nixManager.user;};
|
xin_status_pubkey = {owner = cfg.user;};
|
||||||
manager_key = {owner = config.nixManager.user;};
|
manager_key = {owner = cfg.user;};
|
||||||
manager_pubkey = {owner = config.nixManager.user;};
|
manager_pubkey = {owner = cfg.user;};
|
||||||
ca_key = {owner = config.nixManager.user;};
|
ca_key = {owner = cfg.user;};
|
||||||
ca_cert = {owner = config.nixManager.user;};
|
ca_cert = {owner = cfg.user;};
|
||||||
po_env = {owner = config.nixManager.user;};
|
po_env = {owner = cfg.user;};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services.ssh-agent = {
|
||||||
|
wantedBy = ["multi-user.target"];
|
||||||
|
environment.SSH_AUTH_SOCK = config.environment.variables.SSH_AUTH_SOCK;
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStartPre = "${pkgs.coreutils}/bin/rm -f $SSH_AUTH_SOCK";
|
||||||
|
ExecStart = "${pkgs.openssh}/bin/ssh-agent -D -a $SSH_AUTH_SOCK";
|
||||||
|
User = "${cfg.user}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.nix-daemon.environment.SSH_AUTH_SOCK = config.environment.variables.SSH_AUTH_SOCK;
|
||||||
|
environment.variables.SSH_AUTH_SOCK = "/tmp/ssh-agent.socket";
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
microca
|
microca
|
||||||
inputs.xintray.packages.${pkgs.system}.xintray
|
inputs.xintray.packages.${pkgs.system}.xintray
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user