This commit is contained in:
albert 2024-05-05 16:56:47 +09:00
parent e0b3062ee3
commit 569b9c3cae
No known key found for this signature in database
GPG key ID: 64F6C4EB46C4543A
3 changed files with 16 additions and 3 deletions

View file

@ -13,6 +13,13 @@ keys:
- &host_nuc-server
creation_rules:
- path_regex: secrets\/yubikey\.yaml$
key_groups:
- pgp:
- *user_albert
- *host_nixos-framework
- path_regex: secrets\/secrets\.yaml$
key_groups:
- pgp:

View file

@ -4,8 +4,14 @@
debug = true;
control = "required";
mode = "challenge-response";
challengeResponsePath = /run/secrets/yubikey/;
id = [ "18550256" ];
};
sops.secrets."yubikey/albert-18550256" = {
owner = "root";
sopsFile = ../../secrets/yubikey.yaml;
};
environment.systemPackages = with pkgs; [
yubico-pam
@ -17,6 +23,6 @@
ENV{ID_MODEL_ID}=="0407",\
ENV{ID_VENDOR_ID}=="1050",\
ENV{ID_VENDOR}=="Yubico",\
RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
RUN+="shutdown -h now"
'';
}

View file

@ -9,8 +9,8 @@ sops:
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-04-28T11:40:09Z"
mac: ENC[AES256_GCM,data:0nfSYSCUKe4G5977jBuM8eQK531CkoA+rlrWGU6Dy8ukXkDCY3uG7nozKrbWgKFsiK22anfiHedcZbJ10tPvPGJK1WGiY26049cYoaDCCGGeZWS04YhbMomvNDRj2sqnj7NNcveJeLTThSSrkzv1f/KSSlnnuB8V3YjlrdX5D00=,iv:P4b+QtAz5QRwZfSONrg7YV7PhSZuTNrAfDJNxpq4gYk=,tag:JR4FZv8FMFCyHKJ4Pz6i5Q==,type:str]
lastmodified: "2024-05-05T07:52:02Z"
mac: ENC[AES256_GCM,data:xe5E4B0nIyAAEs7dJVlJOFiuC/xM8RCZ8/Gxj5C+kgcVRMqiL+UoaXMb6N4c5hAJDSbbF6SwDwqTy+bmZu7aV0NSoClICJl/zuyc1jPQrIFf/8GUWDe654mqSmsOijXPsNvPWWC+h2QDSEcut8fe1WQag6RA61ri4fL4ih4VukA=,iv:966NPVYUEdBspI7WhvutngvRs5SgwI+wyDVhldG9IqA=,tag:Pvmeir7NCw8mbN9rtoYsDg==,type:str]
pgp:
- created_at: "2024-04-28T00:33:16Z"
enc: |-