2024-04-14 07:57:07 +02:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
let
|
2024-04-14 21:22:22 +02:00
|
|
|
isCI = builtins.elem config.syscfg.hostname [ "ci" "sandbox" ];
|
2024-04-14 07:57:07 +02:00
|
|
|
keyFilePath =
|
2024-04-21 02:32:38 +02:00
|
|
|
(if isCI then "./mock-key.txt" else "/var/lib/sops-nix/age-key.txt");
|
2024-04-14 07:57:07 +02:00
|
|
|
sopsFilePath = (if isCI then ./mock.yaml else ./common.yaml);
|
|
|
|
|
in {
|
|
|
|
|
environment.systemPackages = with pkgs; [ sops ];
|
|
|
|
|
environment.sessionVariables.OPS_AGE_KEY_FILE = keyFilePath;
|
|
|
|
|
|
|
|
|
|
sops.defaultSopsFile = sopsFilePath;
|
|
|
|
|
sops.age.keyFile = keyFilePath;
|
|
|
|
|
sops.age.generateKey = true;
|
|
|
|
|
|
|
|
|
|
sops.secrets.wifi = { };
|
|
|
|
|
|
|
|
|
|
sops.secrets."${config.syscfg.hostname}_ssh_priv" = {
|
|
|
|
|
mode = "0400";
|
|
|
|
|
owner = config.users.users.${config.syscfg.defaultUser}.name;
|
|
|
|
|
group = config.users.users.${config.syscfg.defaultUser}.group;
|
|
|
|
|
};
|
|
|
|
|
sops.secrets."${config.syscfg.hostname}_ssh_pub" = {
|
|
|
|
|
mode = "0400";
|
|
|
|
|
owner = config.users.users.${config.syscfg.defaultUser}.name;
|
|
|
|
|
group = config.users.users.${config.syscfg.defaultUser}.group;
|
|
|
|
|
};
|
|
|
|
|
sops.secrets."${config.syscfg.hostname}_wg_priv" = { };
|
|
|
|
|
sops.secrets."${config.syscfg.hostname}_wg_pub" = { };
|
|
|
|
|
|
|
|
|
|
}
|
