fix(agenix-rekey)!: wrong generator syntax

reo101 · Dec 25, 2023 · 3243e61 · 3243e61
1 parent 66ae98e
commit 3243e61
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 8 deletions.
diff --git a/machines/nixos/x86_64-linux/jeeves/configuration.nix b/machines/nixos/x86_64-linux/jeeves/configuration.nix
@@ -57,6 +57,11 @@
         config.nix.registry;
 
     settings = {
+      trusted-users = [
+        "root"
+        "jeeves"
+      ];
+
       experimental-features = "nix-command flakes";
       auto-optimise-store = true;
     };
@@ -72,9 +77,11 @@
   # NOTE: made with `mkpasswd -m sha-516`
   age.secrets."jeeves.user.password" = {
     rekeyFile = "${inputs.self}/secrets/home/jeeves/user/password.age";
-    generator = {pkgs, ...}: ''
-      ${pkgs.mkpasswd}/bin/mkpasswd -m sha-516
-    '';
+    generator = {
+      script = {pkgs, ...}: ''
+        ${pkgs.mkpasswd}/bin/mkpasswd -m sha-516
+      '';
+    };
   };
 
   users = {

diff --git a/machines/nixos/x86_64-linux/jeeves/wireguard.nix b/machines/nixos/x86_64-linux/jeeves/wireguard.nix
@@ -13,11 +13,13 @@
   age.secrets."wireguard.private" = {
     mode = "077";
     rekeyFile = "${inputs.self}/secrets/home/jeeves/wireguard/private.age";
-    generator = {lib, pkgs, file, ...}: ''
-      priv=$(${pkgs.wireguard-tools}/bin/wg genkey)
-      ${pkgs.wireguard-tools}/bin/wg pubkey <<< "$priv" > ${lib.escapeShellArg (lib.removeSuffix ".age" file + ".pub")}
-      echo "$priv"
-    '';
+    generator = {
+      script = {lib, pkgs, file, ...}: ''
+        priv=$(${pkgs.wireguard-tools}/bin/wg genkey)
+        ${pkgs.wireguard-tools}/bin/wg pubkey <<< "$priv" > ${lib.escapeShellArg (lib.removeSuffix ".age" file + ".pub")}
+        echo "$priv"
+      '';
+    };
   };
 
   networking.firewall.allowedUDPPorts = [51820];