stockholm/lass/2configs/pass.nix
2023-09-03 12:09:34 +02:00

22 lines
491 B
Nix

{ config, pkgs, ... }:
{
users.users.mainUser.packages = with pkgs; [
(pass.withExtensions (ext: [ ext.pass-otp ]))
gnupg
(pkgs.writers.writeDashBin "unlock" ''
set -efu
HOST=$1
pw=$(pass show "admin/$HOST/luks")
torify sshn root@$(pass "hosts/$HOST/initrd/hostname") "echo $pw > /crypt-ramfs/passphrase"
'')
];
programs.gnupg.agent.enable = true;
systemd.tmpfiles.rules = [
"L+ /home/lass/.password-store - - - - sync/pwstore"
];
}