sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

Update modules/shared/sops/default.nix

Browse Source
This commit is contained in:
sora-ext
2026-05-11 17:42:23 +02:00
committed by soraefir
parent 5ff282e65c
commit 94012aa44c
1 changed files with 14 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
modules/shared/sops/default.nix
View File

@@ -1,28 +1,17 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
isCI = builtins.elem config.syscfg.hostname [ "ci" "sandbox" ]; listNames = config.syscfg.server.db;
keyFilePath = (if isCI then containerNames = lib.mapAttrsToList (name: cfg: name)
"/var/lib/sops-nix/mock-key.txt" (lib.filterAttrs (name: cfg: ((cfg.db or false) || (cfg.sops or false))) config.syscfg.server.containers);
else allApps = lib.unique (listNames ++ containerNames);
"/var/lib/sops-nix/age-key.txt");
sopsFilePath = (if isCI then ./mock.yaml else ./common.yaml);
in{ in{
environment.systemPackages = with pkgs; [ sops ]; sops.secrets = {
environment.sessionVariables.SOPS_AGE_KEY_FILE = keyFilePath; CUSTOM = {
mode = "0444";
sops.defaultSopsFile = sopsFilePath; sopsFile = ./server.yaml;
sops.age.keyFile = keyFilePath;
sops.age.generateKey = true;
sops.secrets = lib.mkMerge [
{
wifi = { };
"${config.syscfg.hostname}_ssh_priv" = {
mode = "0400";
owner = config.users.users.${config.syscfg.defaultUser}.name;
group = config.users.users.${config.syscfg.defaultUser}.group;
}; };
"${config.syscfg.hostname}_wg_priv" = { }; } // (lib.genAttrs (map (name: lib.toUpper name) allApps) (name: {
} mode = "0444";
]; sopsFile = ./server.yaml;
}));
} }