This commit is contained in:
albert 2024-05-05 16:56:47 +09:00
parent e0b3062ee3
commit 569b9c3cae
No known key found for this signature in database
GPG key ID: 64F6C4EB46C4543A
3 changed files with 16 additions and 3 deletions

View file

@ -13,6 +13,13 @@ keys:
- &host_nuc-server - &host_nuc-server
creation_rules: creation_rules:
- path_regex: secrets\/yubikey\.yaml$
key_groups:
- pgp:
- *user_albert
- *host_nixos-framework
- path_regex: secrets\/secrets\.yaml$ - path_regex: secrets\/secrets\.yaml$
key_groups: key_groups:
- pgp: - pgp:

View file

@ -4,9 +4,15 @@
debug = true; debug = true;
control = "required"; control = "required";
mode = "challenge-response"; mode = "challenge-response";
challengeResponsePath = /run/secrets/yubikey/;
id = [ "18550256" ]; id = [ "18550256" ];
}; };
sops.secrets."yubikey/albert-18550256" = {
owner = "root";
sopsFile = ../../secrets/yubikey.yaml;
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
yubico-pam yubico-pam
]; ];
@ -17,6 +23,6 @@
ENV{ID_MODEL_ID}=="0407",\ ENV{ID_MODEL_ID}=="0407",\
ENV{ID_VENDOR_ID}=="1050",\ ENV{ID_VENDOR_ID}=="1050",\
ENV{ID_VENDOR}=="Yubico",\ ENV{ID_VENDOR}=="Yubico",\
RUN+="${pkgs.systemd}/bin/loginctl lock-sessions" RUN+="shutdown -h now"
''; '';
} }

View file

@ -9,8 +9,8 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2024-04-28T11:40:09Z" lastmodified: "2024-05-05T07:52:02Z"
mac: ENC[AES256_GCM,data:0nfSYSCUKe4G5977jBuM8eQK531CkoA+rlrWGU6Dy8ukXkDCY3uG7nozKrbWgKFsiK22anfiHedcZbJ10tPvPGJK1WGiY26049cYoaDCCGGeZWS04YhbMomvNDRj2sqnj7NNcveJeLTThSSrkzv1f/KSSlnnuB8V3YjlrdX5D00=,iv:P4b+QtAz5QRwZfSONrg7YV7PhSZuTNrAfDJNxpq4gYk=,tag:JR4FZv8FMFCyHKJ4Pz6i5Q==,type:str] mac: ENC[AES256_GCM,data:xe5E4B0nIyAAEs7dJVlJOFiuC/xM8RCZ8/Gxj5C+kgcVRMqiL+UoaXMb6N4c5hAJDSbbF6SwDwqTy+bmZu7aV0NSoClICJl/zuyc1jPQrIFf/8GUWDe654mqSmsOijXPsNvPWWC+h2QDSEcut8fe1WQag6RA61ri4fL4ih4VukA=,iv:966NPVYUEdBspI7WhvutngvRs5SgwI+wyDVhldG9IqA=,tag:Pvmeir7NCw8mbN9rtoYsDg==,type:str]
pgp: pgp:
- created_at: "2024-04-28T00:33:16Z" - created_at: "2024-04-28T00:33:16Z"
enc: |- enc: |-