summaryrefslogtreecommitdiffstats
path: root/lass/2configs/pass.nix
blob: a52fe4afc9ea7299bfe4495e8078e519a6b61af7 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

{ config, pkgs, ... }:

{
  users.users.mainUser.packages = with pkgs; [
    (pass.withExtensions (ext: [ ext.pass-otp ]))
    gnupg
    (pkgs.writers.writeDashBin "unlock" ''
      set -efu
      HOST=$1

      pw=$(pass show "admin/$HOST/luks")
      torify sshn root@$(pass "hosts/$HOST/initrd/hostname") "echo $pw > /crypt-ramfs/passphrase"
    '')
  ];

  programs.gnupg.agent.enable = true;
  systemd.tmpfiles.rules = [
    "L+ /home/lass/.password-store - - - - sync/pwstore"
  ];

}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 07:02:59 +0000