sora/nixconfig
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Releases Activity
nixconfig/modules/nixos/system/security/sops/default.nix

31 lines
947 B
Nix
Raw Normal View History

[m]Flake sops & format
2023-11-24 19:08:21 +01:00
{ config, pkgs, ... }:
Eww Overlay
2024-04-13 09:32:22 +02:00
let
keyFilePath = "/var/lib/sops-nix/age-key.txt";
isCI = builtins.elem config.hostcfg.hostname [ "ci" ];
sopsSettings = {
sops.defaultSopsFile = ./common.yaml;
sops.age.keyFile = keyFilePath;
sops.age.generateKey = true;
[Init]
2023-04-12 20:32:07 +02:00
Eww Overlay
2024-04-13 09:32:22 +02:00
sops.secrets.wifi = { };
Migrate to snowfall lib
2023-11-04 02:28:27 +01:00
Eww Overlay
2024-04-13 09:32:22 +02:00
sops.secrets."${config.hostcfg.hostname}_ssh_priv" = {
mode = "0400";
owner = config.users.users.sora.name;
group = config.users.users.sora.group;
};
sops.secrets."${config.hostcfg.hostname}_ssh_pub" = {
mode = "0400";
owner = config.users.users.sora.name;
group = config.users.users.sora.group;
};
sops.secrets."${config.hostcfg.hostname}_wg_priv" = { };
sops.secrets."${config.hostcfg.hostname}_wg_pub" = { };
[Init]
2023-04-12 20:32:07 +02:00
};
Eww Overlay
2024-04-13 09:32:22 +02:00
in {
Migrate to snowfall lib
2023-11-04 02:28:27 +01:00
environment.systemPackages = with pkgs; [ sops ];
[m]Flake sops & format
2023-11-24 19:08:21 +01:00
environment.sessionVariables.OPS_AGE_KEY_FILE = keyFilePath;
Eww Overlay
2024-04-13 09:32:22 +02:00
inherit (if isCI then { } else sopsSettings) sops;
[Init]
2023-04-12 20:32:07 +02:00
}
Reference in New Issue Copy Permalink