Testing
This commit is contained in:
parent
e0b3062ee3
commit
569b9c3cae
3 changed files with 16 additions and 3 deletions
|
@ -13,6 +13,13 @@ keys:
|
||||||
- &host_nuc-server
|
- &host_nuc-server
|
||||||
|
|
||||||
creation_rules:
|
creation_rules:
|
||||||
|
|
||||||
|
- path_regex: secrets\/yubikey\.yaml$
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *user_albert
|
||||||
|
- *host_nixos-framework
|
||||||
|
|
||||||
- path_regex: secrets\/secrets\.yaml$
|
- path_regex: secrets\/secrets\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp:
|
- pgp:
|
||||||
|
|
|
@ -4,9 +4,15 @@
|
||||||
debug = true;
|
debug = true;
|
||||||
control = "required";
|
control = "required";
|
||||||
mode = "challenge-response";
|
mode = "challenge-response";
|
||||||
|
challengeResponsePath = /run/secrets/yubikey/;
|
||||||
id = [ "18550256" ];
|
id = [ "18550256" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sops.secrets."yubikey/albert-18550256" = {
|
||||||
|
owner = "root";
|
||||||
|
sopsFile = ../../secrets/yubikey.yaml;
|
||||||
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
yubico-pam
|
yubico-pam
|
||||||
];
|
];
|
||||||
|
@ -17,6 +23,6 @@
|
||||||
ENV{ID_MODEL_ID}=="0407",\
|
ENV{ID_MODEL_ID}=="0407",\
|
||||||
ENV{ID_VENDOR_ID}=="1050",\
|
ENV{ID_VENDOR_ID}=="1050",\
|
||||||
ENV{ID_VENDOR}=="Yubico",\
|
ENV{ID_VENDOR}=="Yubico",\
|
||||||
RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
|
RUN+="shutdown -h now"
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,8 +9,8 @@ sops:
|
||||||
azure_kv: []
|
azure_kv: []
|
||||||
hc_vault: []
|
hc_vault: []
|
||||||
age: []
|
age: []
|
||||||
lastmodified: "2024-04-28T11:40:09Z"
|
lastmodified: "2024-05-05T07:52:02Z"
|
||||||
mac: ENC[AES256_GCM,data:0nfSYSCUKe4G5977jBuM8eQK531CkoA+rlrWGU6Dy8ukXkDCY3uG7nozKrbWgKFsiK22anfiHedcZbJ10tPvPGJK1WGiY26049cYoaDCCGGeZWS04YhbMomvNDRj2sqnj7NNcveJeLTThSSrkzv1f/KSSlnnuB8V3YjlrdX5D00=,iv:P4b+QtAz5QRwZfSONrg7YV7PhSZuTNrAfDJNxpq4gYk=,tag:JR4FZv8FMFCyHKJ4Pz6i5Q==,type:str]
|
mac: ENC[AES256_GCM,data:xe5E4B0nIyAAEs7dJVlJOFiuC/xM8RCZ8/Gxj5C+kgcVRMqiL+UoaXMb6N4c5hAJDSbbF6SwDwqTy+bmZu7aV0NSoClICJl/zuyc1jPQrIFf/8GUWDe654mqSmsOijXPsNvPWWC+h2QDSEcut8fe1WQag6RA61ri4fL4ih4VukA=,iv:966NPVYUEdBspI7WhvutngvRs5SgwI+wyDVhldG9IqA=,tag:Pvmeir7NCw8mbN9rtoYsDg==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2024-04-28T00:33:16Z"
|
- created_at: "2024-04-28T00:33:16Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
Loading…
Reference in a new issue