feat: add public keys for secrets

modules/yubikey.nix

@@ -1,4 +1,5 @@
 {pkgs, ...}: {
+  environment.systemPackages = with pkgs; [yubikey-manager yubikey-personalization age-plugin-yubikey];
   services.udev.packages = with pkgs; [yubikey-personalization libu2f-host];
   services.pcscd.enable = true;
 }

secrets/backup.txt

@@ -0,0 +1 @@
+age1dnljckavy0lz98s672faeh6rg62yu7qpgrx254yy7dxcnkaluvmq2erktc

secrets/recipients.txt

@@ -0,0 +1,4 @@
+# backup
+age1dnljckavy0lz98s672faeh6rg62yu7qpgrx254yy7dxcnkaluvmq2erktc
+# yk1-nix-rage
+age1yubikey1qgf2k486ctg6rs66mlm6wudwcwg6r5h5jme2cr3ympluyjl84dgkjxpzup9

secrets/yk1-nix-rage.txt

@@ -0,0 +1,7 @@
+#       Serial: 15209174, Slot: 1
+#         Name: YK1 Nix Rage
+#      Created: Thu, 26 Jan 2023 14:46:49 +0000
+#   PIN policy: Once   (A PIN is required once per session, if set)
+# Touch policy: Cached (A physical touch is required for decryption, and is cached for 15 seconds)
+#    Recipient: age1yubikey1qgf2k486ctg6rs66mlm6wudwcwg6r5h5jme2cr3ympluyjl84dgkjxpzup9
+AGE-PLUGIN-YUBIKEY-16CFWSQYZC6JFAUGPQESMC

users/common/default.nix

@@ -26,6 +26,7 @@
       ripgrep
       rsync
       tree
+      rage
     ];
     shellAliases = {
       l = "ls -lahF --group-directories-first --show-control-chars --quoting-style=escape --color=auto";