Merged Host/Home Opt into SysOpt
All checks were successful
Nix Build / build-nixos (push) Successful in 5m27s
All checks were successful
Nix Build / build-nixos (push) Successful in 5m27s
This commit is contained in:
soraefir
30
modules/shared/sops/default.nix
Executable file
30
modules/shared/sops/default.nix
Executable file
@ -0,0 +1,30 @@
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
isCI = builtins.elem config.syscfg.hostname [ "ci" ];
|
||||
keyFilePath =
|
||||
(if isCI then ./mock-key.txt else "/var/lib/sops-nix/age-key.txt");
|
||||
sopsFilePath = (if isCI then ./mock.yaml else ./common.yaml);
|
||||
in {
|
||||
environment.systemPackages = with pkgs; [ sops ];
|
||||
environment.sessionVariables.OPS_AGE_KEY_FILE = keyFilePath;
|
||||
|
||||
sops.defaultSopsFile = sopsFilePath;
|
||||
sops.age.keyFile = keyFilePath;
|
||||
sops.age.generateKey = true;
|
||||
|
||||
sops.secrets.wifi = { };
|
||||
|
||||
sops.secrets."${config.syscfg.hostname}_ssh_priv" = {
|
||||
mode = "0400";
|
||||
owner = config.users.users.${config.syscfg.defaultUser}.name;
|
||||
group = config.users.users.${config.syscfg.defaultUser}.group;
|
||||
};
|
||||
sops.secrets."${config.syscfg.hostname}_ssh_pub" = {
|
||||
mode = "0400";
|
||||
owner = config.users.users.${config.syscfg.defaultUser}.name;
|
||||
group = config.users.users.${config.syscfg.defaultUser}.group;
|
||||
};
|
||||
sops.secrets."${config.syscfg.hostname}_wg_priv" = { };
|
||||
sops.secrets."${config.syscfg.hostname}_wg_pub" = { };
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user