From bc2da7b287c32c0b1f67e249cd6b197a4b3ba831 Mon Sep 17 00:00:00 2001 From: Aner Zakobar Date: Fri, 18 Apr 2025 13:52:08 +0300 Subject: [PATCH] Encryption --- azos-core | 2 +- modules/home-manager/default.nix | 2 +- modules/home-manager/encryption.nix | 29 +++++++++++++++++++++++++++++ modules/home-manager/gpg-as-ssh.pub | 1 + modules/home-manager/mail.nix | 2 +- modules/home-manager/ssh-config | 1 + modules/home-manager/sshcontrol | 1 + 7 files changed, 35 insertions(+), 3 deletions(-) create mode 100644 modules/home-manager/encryption.nix create mode 100644 modules/home-manager/gpg-as-ssh.pub create mode 100644 modules/home-manager/ssh-config create mode 100644 modules/home-manager/sshcontrol diff --git a/azos-core b/azos-core index 59cbc60..cb1ac5c 160000 --- a/azos-core +++ b/azos-core @@ -1 +1 @@ -Subproject commit 59cbc606f92ca305fcdd04de0aae47251f8f8474 +Subproject commit cb1ac5cf8d9ab89995c00fa231864bf545cb447a diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index 7cfe759..20b7c5b 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -1,3 +1,3 @@ { - imports = [./mail.nix]; + imports = [./mail.nix ./encryption.nix]; } diff --git a/modules/home-manager/encryption.nix b/modules/home-manager/encryption.nix new file mode 100644 index 0000000..a52663b --- /dev/null +++ b/modules/home-manager/encryption.nix @@ -0,0 +1,29 @@ +{ lib, config, pkgs, ... }: +let + isEnabled = + config.azos.encryption.enable; +in { + options.azos.encryption.enable = lib.mkOption { + default = true; + example = true; + type = lib.types.bool; + }; + + config = lib.mkIf isEnabled { + programs.password-store = { + enable = true; + settings = { + PASSWORD_STORE_KEY = "076AA297579A0064"; + }; + }; + + home.packages = with pkgs; [ + yubikey-personalization + gnupg + ]; + + home.file.".ssh/config".source = ./ssh-config; + home.file.".ssh/gpg-as-ssh.pub".source = ./gpg-as-ssh.pub; + home.file.".gnupg/sshcontrol".source = ./sshcontrol; + }; +} diff --git a/modules/home-manager/gpg-as-ssh.pub b/modules/home-manager/gpg-as-ssh.pub new file mode 100644 index 0000000..12afcfc --- /dev/null +++ b/modules/home-manager/gpg-as-ssh.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBFZRqiTsOCAJPMqUyMeLd2MbyjdGoyqDVq5/Inhb6EOaM1NUGG4b6FPmYgFLyJIm5LC9BOo6M7npiaiOs/zMqp+hoGLNQUNwm5/G0uy1bjkEfKdUTdGnJ2+M9rkxrR1c+KXrjkiqECqTbnPE4mJbGyVxBW2MwMeP5w8c0DB5KO528PetvHMPPQuEdXyZzDI4kKtVpMlJoPIrIGlNFX0G/wrgXcM4zU1snOTuYGqZnWW++4kBsgIlRKpf/bLJyUMTp30eLVr0fQ6OMBtj1tzUUBaaowU6VGYQQDU/rIh/NpkA2cEVPXZegM4OohkAqrJBFPIAg90WD9Z/SyQlz0Jn8PpAloP0Cuq2vVRr+QLEwxqGiFq91YQ2VtwksMHwJGVrXRCNegpxTZQijWMEd+o0FD2cEd7Ftw6v2L6g12GJ3QGX/q0d/u0GongLLa9fPXl4VoAu7AL+cUcbX/SS7RCG8kYAR3DwOazVbK0NWEdwvWdoSU4lZ3j2at1xqMGjHjyLiTeUqZBjm+Sl5MJWIYNg+8hnONljvggg4SzDFDAkgVLZtOCaZibsMA1ucGR7VRCM09uoaEI4/ZS5pCBtYcp8X67Bv67Og8s2NFf5sUfYBPPKpdBSs+dEPycNVff6JlmzfNiyzLawacGKIDWYSgkOl43N/5ehtpsL3HMZ+5SVNIw== (none) \ No newline at end of file diff --git a/modules/home-manager/mail.nix b/modules/home-manager/mail.nix index ee4d4c8..076d576 100644 --- a/modules/home-manager/mail.nix +++ b/modules/home-manager/mail.nix @@ -4,7 +4,7 @@ let isEnabled = config.azos.mail.enable; in { - optionns.azos.mail.enable = lib.mkOption { + options.azos.mail.enable = lib.mkOption { default = true; example = true; type = lib.types.bool; diff --git a/modules/home-manager/ssh-config b/modules/home-manager/ssh-config new file mode 100644 index 0000000..12f4b53 --- /dev/null +++ b/modules/home-manager/ssh-config @@ -0,0 +1 @@ +IdentityAgent ${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent.ssh diff --git a/modules/home-manager/sshcontrol b/modules/home-manager/sshcontrol new file mode 100644 index 0000000..9483f68 --- /dev/null +++ b/modules/home-manager/sshcontrol @@ -0,0 +1 @@ +61D809B46CEE2A0AF799C4C2FADB0F61A19EEABD