38 lines
1.1 KiB
Nix
Executable File
38 lines
1.1 KiB
Nix
Executable File
{ config, lib, pkgs, ... }:
|
|
let
|
|
isCI = builtins.elem config.syscfg.hostname [ "ci" "sandbox" ];
|
|
keyFilePath = (if isCI then
|
|
"/var/lib/sops-nix/mock-key.txt"
|
|
else
|
|
"/var/lib/sops-nix/age-key.txt");
|
|
sopsFilePath = (if isCI then ./mock.yaml else ./common.yaml);
|
|
in {
|
|
environment.systemPackages = with pkgs; [ sops ];
|
|
environment.sessionVariables.SOPS_AGE_KEY_FILE = keyFilePath;
|
|
|
|
sops.defaultSopsFile = sopsFilePath;
|
|
sops.age.keyFile = keyFilePath;
|
|
sops.age.generateKey = true;
|
|
|
|
sops.secrets = lib.mkMerge [
|
|
{
|
|
wifi = { };
|
|
"${config.syscfg.hostname}_ssh_priv" = {
|
|
mode = "0400";
|
|
owner = config.users.users.${config.syscfg.defaultUser}.name;
|
|
group = config.users.users.${config.syscfg.defaultUser}.group;
|
|
};
|
|
"${config.syscfg.hostname}_ssh_pub" = {
|
|
mode = "0444";
|
|
owner = config.users.users.${config.syscfg.defaultUser}.name;
|
|
group = config.users.users.${config.syscfg.defaultUser}.group;
|
|
};
|
|
"${config.syscfg.hostname}_wg_priv" = { };
|
|
}
|
|
(lib.genAttrs
|
|
(map (peer: "${peer}_ssh_pub") ["iriy" "avalon" "valinor"])
|
|
(_: { mode = "0444"; })
|
|
)
|
|
];
|
|
}
|