Luke Granger-Brown

Recently I've been thinking about how I could distribute secrets to my NixOS machines in a... relatively... decent way.

As a foreword: the below solution is not recommended - it relies on a prerelease version of FreeNAS for some of its functionality, which isn't supported.

FreeNAS 10 comes with the ability to bind to a FreeIPA directory. Hooray! Let's try it out.

Just a quick note to remind myself, when I inevitably forget.

The built-in GnuPG smartcard support doesn't really work particularly well, in my experience, with the YubiKey Neo. To fix this (and use pcscd) instead, put the following in ~/.gnupg/scdaemon.conf: