Skip to content

Commit

Permalink
fix: Remove centralized U2F auth file
Browse files Browse the repository at this point in the history 
Fixes permission issues at the cost of going back to enrolling keys
manually once per machine
  • Loading branch information
@lpchaim
lpchaim committed Aug 23, 2024
1 parent c28d0ed commit a4b998f
Show file tree
Hide file tree
Showing 3 changed files with 2 additions and 5 deletions.
1 change: 0 additions & 1 deletion modules/nixos/base/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,6 @@ in
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets = {
password.neededForUsers = true;
u2f-mappings = { };
};
};
stylix = {
Expand Down
1 change: 0 additions & 1 deletion modules/nixos/security/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ lib.lpchaim.mkModule {
u2f = {
inherit (cfg.u2f) control;
enable = true;
settings.authfile = "${config.sops.secrets."u2f-mappings".path}";
settings.cue = true;
};
};
Expand Down
5 changes: 2 additions & 3 deletions secrets/default.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
password: ENC[AES256_GCM,data:yDYTXXnvBsVz70mW3qrany+3Mp9bboGCu8huU+g9NrvA0byPHAySxnuO1DIVV8dFSHLjOci7OKDAjtLyWF9YofrD6pfhNHxyHg==,iv:BbRfwswhd8yn+/g0Hyl0GXoZFOt08a+Tv+SLxbaqzl8=,tag:ZdQSaqeIPGGCu1XqvFWOAw==,type:str]
u2f-mappings: ENC[AES256_GCM,data:8xRW3VUqmYgNSeUVxKC6uGf85aPE8xu1PXv4ajbuhB9DBCBGCCK7NnNSK6acQhSThvlQKr8+QkuRgRDqZcIwPXcPt1U8JGjISu/UjGcOaTwtDhjh6s52YXWjwitCZunwdhnIchG/j+Dk5R5PRsnNnsFk64uTtU3x43R/lfdES8/j5XXlKhc/mNaAMR+tvATHVu8QQLH3wWE3WarmKoDBSotHDguH1MOdH5OeIsASd79e/f4gjo6PqTKdEenZHYEHuRt2BYn7Kj+j2iCi72BScEhaWI3eMKO+sUyTRKZJMrooVd7bYbOozMwRz8mwDAd8z6ncnScDG6HTSFXSx18LaM2G8YB5T3NThaW7gJ9liZ8VGd16crQUssiSzTOyEV3KhvHCp4iScG3e/BKQ+4Z2PxgWTvP3YbK9iUNKur1ZYjI86GBWRvmQ8KVSRMtTZOXIFOY/1GnsEt7vqcHqdkm8x/Tg8buAUhhMnVC1aQF/YJZ0nK4wqxk5dnwbcex68vjTKb8MpWFjF8UNyZc=,iv:Rg9KJWgnMjMtAy0Ayrn/36utCUvygxR8PeXr5wVXlqM=,tag:y9et1tqRAh0U0WGv0YRGxw==,type:str]
sops:
kms: []
gcp_kms: []
Expand Down Expand Up @@ -60,8 +59,8 @@ sops:
UWhVbE5QK1VpM0gxczdOUnN1ZmtLM2cKIWj+sla8TMwmK5sJoliZgWbWEy4hC/TY
ckS36DUjWmXjBqbWHlbg2vah5lB9awCOWadrNKdYgvd6D1oqhlhNkQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-13T15:59:46Z"
mac: ENC[AES256_GCM,data:34nodn4HSUJYkiu344T3ODf4u4wm80cQRWspH+X1FM2vyPtDIxRifpEgrVzEuoWGuZqsL+ZqKyQ5rQSODtBUdDRYeVmtebtgvuY9KPvlmqvvr8FVrNqoiuj3tlo5UE84j3NVLF7e34r8Kms3Vm0R5oWjZlOO6jbW5Zjc3Mtszzs=,iv:b8DL5sMBq6x0javwynU55Ch+YrDH702SXCPSUrAfCuE=,tag:07vjqtQoUFHgY7X4xRQNfg==,type:str]
lastmodified: "2024-08-23T16:25:42Z"
mac: ENC[AES256_GCM,data:+56Lf2+84+Y/CD6varBus1PDMTWwfDVAyHZW7IBOw80JcEyd5igkSgEX+ZuC9O85UWtYVv4Vg9akaWaqj5SdkbXYHxEPoNGSr/X1NmAXobVhCGDXUNXQnpRVsxBxgyw0feJKpi+4oKTmMM4GfJszweyfHbHPDUAfeQEBqtwgQPU=,iv:2aklnWGkgmnyr4Z2cE6OaTV0o0yxUwn4byeqMJEsAXI=,tag:1KhEIES2BRkMyqNaRyLsAw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

0 comments on commit a4b998f

Please sign in to comment.