fix: replace gpg key

2023-11-06 09:59:38 +01:00 · 2023-11-06 09:59:38 +01:00 · 8994b48196
parent 323f17815c
commit 8994b48196
5 changed files with 29 additions and 8 deletions
--- a/users/malte/conf.nix
+++ b/users/malte/conf.nix
@ -1,6 +1,6 @@
 {
  gpg = {
-    id = "BCE9E4BF632E7CED";
-    grip = "869B80E964B00C46BEAD6122B780FB1B838234F6";
+    id = "437B3369EAE401C4";
+    grip = "A826E14C72FD63C377141B8155F5A51536A01E45";
  };
 }
--- a/users/malte/gpg.nix
+++ b/users/malte/gpg.nix
@ -1,9 +1,30 @@
 {pkgs, ...}: let
  conf = import ./conf.nix;
-in {
-  home.packages = with pkgs; [yubikey-personalization];
+  secret = pkgs.writeShellApplication {
+    name = "secret";
+    runtimeInputs = [
+      pkgs.gnupg
+    ];
+    text = ''
+      output=~/"$1.$(date +%s).enc"
+      gpg --encrypt --armor --output "$output" -r 0x0000 -r 0x0001 -r 0x0002 "$1" && echo "$1"
+    '';
+  };

-  programs.gpg = {enable = true;};
+  reveal = pkgs.writeShellApplication {
+    name = "reveal";
+    runtimeInputs = [
+      pkgs.gnupg
+    ];
+    text = ''
+      output=$(echo "$1" | rev | cut -c16- | rev)
+      gpg --decrypt --output "$output" "$1" && echo "$1 -> $output"
+    '';
+  };
+in {
+  home.packages = [pkgs.yubikey-personalization secret reveal];
+
+  programs.gpg.enable = true;

  services.gpg-agent = {
    enable = true;
--- a/users/malte/mail.nix
+++ b/users/malte/mail.nix
@ -179,7 +179,7 @@
    };
    gpg = {
      encryptByDefault = false;
-      key = "0xBCE9E4BF632E7CED";
+      key = "0x${(import ./conf.nix).gpg.id}";
      signByDefault = true;
    };
    smtp.tls.enable = true;
--- a/users/malte/pass.nix
+++ b/users/malte/pass.nix
@ -37,7 +37,7 @@
 in {
  programs.password-store = {
    enable = true;
-    settings = {PASSWORD_STORE_KEY = "BCE9E4BF632E7CED";};
+    settings.PASSWORD_STORE_KEY = (builtins.import ./conf.nix).gpg.id;
  };

  home.packages = [passmenu-bemenu pkgs.hackNerdLigatures];
--- a/users/malte/yubikey.pub
+++ b/users/malte/yubikey.pub
@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDXnYMJtwgvSNpjysKzvRCjzyyQRB4yDtzynD7c5ALDZfRHvrgGQS11vk96ExClo66ll3vrFci5mBmGJf4/+yPBb3qiiovEHobjh5nIDHXYTg7tJDHivKIMQ3w8DmZwBKSLFlsH/UZe8NJVGrGRHGofWnTY/yw/FdbAkaKqvF/V+WGP7kR+dQ1pIqXXpP3phAu0WfO+E2838XxHAxLtm35GkE40GCX9dhXmjurxCeTSaJE6OYQ4/+z73fOZc1ebV/Ze6UZsGhOtzJPBIH19Ft0v9x86KoZabqgK3KDSHn9QKcM+Mm7o3tOthfQPlg1tCoxGueDJFI/0+AyjwBmQ1CUvNXpfmL4NE+6GRwRfZNsWoW0nPmC1B/c3rWk+JXYsxGQhvVeDk+1HXCFKghdPTSgpESua03A4UqLNadERYC9s2Q5TzSYQsV/8fpg4gCxlVRl/g1aUvbaCL09jmUkDJ4i36X+g8rvux5Q2CTpskLuhHeFVcC4/c1XXF+cJTwl1GjppEL0JFKgcjIwlyE8neR4PVlOq3UQqZdZEvzZigaLxtpwZMKNGhdIqS2/qqo/LlJ66/Y7TohimhsCRyHHqbf85Cha1z0Ct+9GtTdn9hpeC6Sb2Et+iN4gxdm+SWqPybZipeBL7b+ir5Ssxq1vIf/sbqKh7Kz699dwKSeRaAmJiew== openpgp:0xC43C0C72
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPeBWpo8tGJtBdzLAys2aI+pl9K4dR2clI5mEM4JQcyWseOdQyzIQamuPQ8n+ok/wjbLYh0PI54V35znMkHF3gsDcjxxU90HvCD+JuLBiZVVvpHbZFt7H1e1xM9QXh26yffeBTKQ7es0Dj4AXbEqJkb4WZKUQ3yhDA0JNlkCq4F+k5yzF5W52W2H+DtFRXy7L6c00562a9FrGKovfXEGmlNQwLIc1LoEGSURe7UIJxYwdWY2F2w/ity9W83fwYa6jmrQ2+822TJUqd5s2FI8/TIO4QzJhwIxQDigwX7BCgyvBAFSPkbnsVHM7xDlOHtg1Xz6e9JRwRJTnhbp3MDkzypvizGJDGOzzRKi5f8+9ks4Zd2fcfXpGB5Ovrlsr4nSm8N0PKods1K5dL2bFwoduPnArKjIMgsbriwhrjgFWIK00iiEQQafxqP7eXyTsPDslq/CCcEJ/qcyKKsxDMnH+LIUVz9Mq/rXKHvOBvs6wf3jExukyOsBBGkF0atqy64ynCCObUV2t1YMoxCxHg/3uEMz7QBo1HCmLwfSb84I698Wj20h3AL1GW07r3zUQko4aAnCwSYW81KgqZMc1U8REFCKlrDG3Bft+pcFnXj8vaCVJIGzruQRu0ME4A5FagOlrB/iMIh/pn4bBelAWewZO/bEhKpW+NStfmWNdUiewlPQ== openpgp:0x815261C7