Add automout secrets via sops

flake.lock

@@ -23,11 +23,11 @@
     "mysecrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1759394888,
-        "narHash": "sha256-FwmvYoAcBtsKW4dGVeD+/zHKov3cIYfyWO1Fwqv3HwQ=",
+        "lastModified": 1759412548,
+        "narHash": "sha256-xiYMJkiKDjqva1V2yznKgdAPdL8FIvKiF2bHtgGPgLE=",
         "ref": "refs/heads/main",
-        "rev": "e5ceedd0e56ae0272875765da13dccabf8747764",
-        "revCount": 10,
+        "rev": "43fa5245e5a5dfb242aa4914060159aa21b85b25",
+        "revCount": 11,
         "type": "git",
         "url": "file:///home/beastie/nixos/secrets"
       },

modules/optionnals/openfortivpn.nix

@@ -30,7 +30,7 @@ let
   myMount = description: what: where: {
     inherit description what where;
     type = "cifs";
-    options = "credentials=/etc/openfortivpn/smb-secrets,uid=beastie,gid=users";
+    options = "credentials=${config.sops.templates."gbmshares-secrets".path},uid=beastie,gid=users";
   };
   myAutoMount = description: where: {
     inherit description where;
@@ -47,10 +47,12 @@ in
     secrets = {
       "ldap_GBM/username" = { };
       "ldap_GBM/password" = { };
+      "ldap_GBM/domain" = { };
       "openfortivpn/host" = { };
       "openfortivpn/port" = { };
     };
-    templates."openfortivpn.conf" = {
+    templates = {
+      "openfortivpn.conf" = {
         content = ''
           host = ${config.sops.placeholder."openfortivpn/host"}
           port = ${config.sops.placeholder."openfortivpn/port"}
@@ -60,6 +62,16 @@ in
         mode = "0600";
         owner = "root";
       };
+      "gbmshares-secrets" = {
+        content = ''
+          username=${config.sops.placeholder."ldap_GBM/username"}
+          password=${config.sops.placeholder."ldap_GBM/password"}
+          domain=${config.sops.placeholder."ldap_GBM/domain"}
+        '';
+        mode = "0600";
+        owner = "root";
+      };
+    };
   };
   environment.systemPackages = [
     pkgs.openfortivpn