soraefir
40 lines
1.1 KiB
Nix
Executable File
40 lines
1.1 KiB
Nix
Executable File
{ config, lib, pkgs, ... }:
|
|
let
|
|
isCI = builtins.elem config.syscfg.hostname [ "ci" "sandbox" ];
|
|
defaultUser = config.users.users.${config.syscfg.defaultUser} or { };
|
|
defaultGroup = if pkgs.stdenv.isDarwin then "staff" else "users";
|
|
keyFilePath = (if isCI then
|
|
"/var/lib/sops-nix/mock-key.txt"
|
|
else
|
|
"/var/lib/sops-nix/age-key.txt");
|
|
sopsFilePath = (if isCI then ./mock.yaml else ./common.yaml);
|
|
in {
|
|
environment.systemPackages = with pkgs; [ sops ];
|
|
environment.variables.SOPS_AGE_KEY_FILE = keyFilePath;
|
|
|
|
sops.defaultSopsFile = sopsFilePath;
|
|
sops.age.keyFile = keyFilePath;
|
|
sops.age.generateKey = true;
|
|
|
|
sops.secrets = lib.mkMerge [
|
|
|
|
{
|
|
"${config.syscfg.hostname}_ssh_priv" = {
|
|
mode = "0400";
|
|
owner = defaultUser.name or config.syscfg.defaultUser;
|
|
group = defaultUser.group or defaultGroup;
|
|
};
|
|
}
|
|
(lib.mkIf config.syscfg.net.wlp.enable {
|
|
wifi = { };
|
|
})
|
|
(lib.mkIf config.syscfg.net.wg.enable {
|
|
"${config.syscfg.hostname}_wg_priv" = { };
|
|
})
|
|
(lib.mkIf config.syscfg.monitoring.telegraf.enable {
|
|
telegraf = {
|
|
mode = "0400";
|
|
};
|
|
})];
|
|
}
|