sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: automatically get (impure) current system for rekeying.

Browse source
This commit is contained in:
oddlama 2023-04-17 17:04:47 +02:00
parent 12d840c7bf
commit 3730ae7cf7
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
2 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
hosts/common/core/default.nix
View file

@ -27,7 +27,9 @@
extraEncryptionPubkeys extraEncryptionPubkeys
; ;
forceRekeyOnSystem = "x86_64-linux"; # This is technically impure, but intended. We need to rekey on the
# current system due to yubikey availability.
forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem;
hostPubkey = let hostPubkey = let
pubkeyPath = ../.. + "/${nodeName}/secrets/host.pub"; pubkeyPath = ../.. + "/${nodeName}/secrets/host.pub";
in in

2
nix/extra-builtins.nix
View file

@ -29,4 +29,6 @@ in {
assert assertMsg (builtins.isPath nixFile) "The file to decrypt must be given as a path to prevent impurity."; assert assertMsg (builtins.isPath nixFile) "The file to decrypt must be given as a path to prevent impurity.";
assert assertMsg (hasSuffix ".nix.age" nixFile) "The content of the decrypted file must be a nix expression and should therefore end in .nix.age"; assert assertMsg (hasSuffix ".nix.age" nixFile) "The content of the decrypted file must be a nix expression and should therefore end in .nix.age";
exec ([./rage-decrypt-and-cache.sh nixFile] ++ identities); exec ([./rage-decrypt-and-cache.sh nixFile] ++ identities);
# currentSystem
unsafeCurrentSystem = exec ["nix" "eval" "--impure" "--expr" "builtins.currentSystem"];
} }