33 lines
1.0 KiB
Nix
Executable File
33 lines
1.0 KiB
Nix
Executable File
{ config, pkgs, ... }:
|
|
let
|
|
isCI = builtins.elem config.syscfg.hostname [ "ci" "sandbox" ];
|
|
keyFilePath = (if isCI then
|
|
"/var/lib/sops-nix/mock-key.txt"
|
|
else
|
|
"/var/lib/sops-nix/age-key.txt");
|
|
sopsFilePath = (if isCI then ./mock.yaml else ./common.yaml);
|
|
in {
|
|
environment.systemPackages = with pkgs; [ sops ];
|
|
environment.sessionVariables.SOPS_AGE_KEY_FILE = keyFilePath;
|
|
|
|
sops.defaultSopsFile = sopsFilePath;
|
|
sops.age.keyFile = keyFilePath;
|
|
sops.age.generateKey = true;
|
|
|
|
sops.secrets.wifi = { };
|
|
|
|
sops.secrets."${config.syscfg.hostname}_ssh_priv" = {
|
|
mode = "0400";
|
|
owner = config.users.users.${config.syscfg.defaultUser}.name;
|
|
group = config.users.users.${config.syscfg.defaultUser}.group;
|
|
};
|
|
sops.secrets."${config.syscfg.hostname}_ssh_pub" = {
|
|
mode = "0444";
|
|
owner = config.users.users.${config.syscfg.defaultUser}.name;
|
|
group = config.users.users.${config.syscfg.defaultUser}.group;
|
|
};
|
|
sops.secrets."${config.syscfg.hostname}_wg_priv" = { };
|
|
sops.secrets."${config.syscfg.hostname}_wg_pub" = { };
|
|
|
|
}
|