stockholm/lass/2configs/pass.nix

{ config, pkgs, ... }:

{
  users.users.mainUser.packages = with pkgs; [
    (pass.withExtensions (ext: [ ext.pass-otp ]))
    gnupg
    (pkgs.writers.writeDashBin "unlock" ''
      set -efu
      HOST=$1

      pw=$(pass show "admin/$HOST/luks")
      torify sshn root@$(pass "hosts/$HOST/initrd/hostname") "echo $pw > /crypt-ramfs/passphrase"
    '')
  ];

  programs.gnupg.agent.enable = true;

}
2 lass: re-add all configs 2015-07-16 15:51:01 +02:00			`{ config, pkgs, ... }:`

			`{`
l pass: set correct user 2021-06-05 13:17:36 +02:00			`users.users.mainUser.packages = with pkgs; [`
l pass: use pass-otp 2019-10-14 15:36:03 +02:00			`(pass.withExtensions (ext: [ ext.pass-otp ]))`
l pass: gnupg1 -> gnupg 2017-10-03 23:53:43 +02:00			`gnupg`
l pass: add remote unlock command 2021-10-24 22:15:02 +02:00			`(pkgs.writers.writeDashBin "unlock" ''`
			`set -efu`
			`HOST=$1`

			`pw=$(pass show "admin/$HOST/luks")`
			`torify sshn root@$(pass "hosts/$HOST/initrd/hostname") "echo $pw > /crypt-ramfs/passphrase"`
			`'')`
2 lass: re-add all configs 2015-07-16 15:51:01 +02:00			`];`

l pass: activate gnupg-agent 2017-10-05 05:05:00 +02:00			`programs.gnupg.agent.enable = true;`
l pass: add remote unlock command 2021-10-24 22:15:02 +02:00
2 lass: re-add all configs 2015-07-16 15:51:01 +02:00			`}`