From 2a6e6c4ad1a591ede82e12b0956fb040df394995 Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Thu, 26 Jan 2023 16:06:00 +0100
Subject: [PATCH] feat: add public keys for secrets

---
 modules/yubikey.nix      | 1 +
 secrets/backup.txt       | 1 +
 secrets/recipients.txt   | 4 ++++
 secrets/yk1-nix-rage.txt | 7 +++++++
 users/common/default.nix | 1 +
 5 files changed, 14 insertions(+)
 create mode 100644 secrets/backup.txt
 create mode 100644 secrets/recipients.txt
 create mode 100644 secrets/yk1-nix-rage.txt

diff --git a/modules/yubikey.nix b/modules/yubikey.nix
index a500e34..b84c20e 100644
--- a/modules/yubikey.nix
+++ b/modules/yubikey.nix
@@ -1,4 +1,5 @@
 {pkgs, ...}: {
+  environment.systemPackages = with pkgs; [yubikey-manager yubikey-personalization age-plugin-yubikey];
   services.udev.packages = with pkgs; [yubikey-personalization libu2f-host];
   services.pcscd.enable = true;
 }
diff --git a/secrets/backup.txt b/secrets/backup.txt
new file mode 100644
index 0000000..d27935f
--- /dev/null
+++ b/secrets/backup.txt
@@ -0,0 +1 @@
+age1dnljckavy0lz98s672faeh6rg62yu7qpgrx254yy7dxcnkaluvmq2erktc
diff --git a/secrets/recipients.txt b/secrets/recipients.txt
new file mode 100644
index 0000000..6926a3e
--- /dev/null
+++ b/secrets/recipients.txt
@@ -0,0 +1,4 @@
+# backup
+age1dnljckavy0lz98s672faeh6rg62yu7qpgrx254yy7dxcnkaluvmq2erktc
+# yk1-nix-rage
+age1yubikey1qgf2k486ctg6rs66mlm6wudwcwg6r5h5jme2cr3ympluyjl84dgkjxpzup9
diff --git a/secrets/yk1-nix-rage.txt b/secrets/yk1-nix-rage.txt
new file mode 100644
index 0000000..fe3ce9e
--- /dev/null
+++ b/secrets/yk1-nix-rage.txt
@@ -0,0 +1,7 @@
+#       Serial: 15209174, Slot: 1
+#         Name: YK1 Nix Rage
+#      Created: Thu, 26 Jan 2023 14:46:49 +0000
+#   PIN policy: Once   (A PIN is required once per session, if set)
+# Touch policy: Cached (A physical touch is required for decryption, and is cached for 15 seconds)
+#    Recipient: age1yubikey1qgf2k486ctg6rs66mlm6wudwcwg6r5h5jme2cr3ympluyjl84dgkjxpzup9
+AGE-PLUGIN-YUBIKEY-16CFWSQYZC6JFAUGPQESMC
diff --git a/users/common/default.nix b/users/common/default.nix
index 9e5b98e..d7b788e 100644
--- a/users/common/default.nix
+++ b/users/common/default.nix
@@ -26,6 +26,7 @@
       ripgrep
       rsync
       tree
+      rage
     ];
     shellAliases = {
       l = "ls -lahF --group-directories-first --show-control-chars --quoting-style=escape --color=auto";