beastie/dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reorganise sops.

Browse Source
This commit is contained in:
Jérémie SALVI
2026-02-10 18:18:12 +01:00
parent 73de596c29
commit 961e9c475e
4 changed files with 78 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
modules/optionnals/sops-desktop.nix
View File

@@ -1,76 +1,61 @@
{
inputs,
username,
...
}:
let
secretsPath = builtins.toString inputs.mysecrets;
in
{
sops = {
defaultSopsFile = "${secretsPath}/secrets.yaml";
age = {
sshKeyPaths = [
"/etc/ssh/ssh_host_ed25519_key"
];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
sops.secrets = {
"users_password/beastie" = {
neededForUsers = true;
};
secrets = {
"users_password/beastie" = {
neededForUsers = true;
};
"ssh_keys/default_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519.pub";
};
"ssh_keys/default_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519";
};
"ssh_keys/ansible_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_ansible.pub";
};
"ssh_keys/ansible_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_ansible";
};
"ssh_keys/beastie_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_beastie.pub";
};
"ssh_keys/beastie_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_beastie";
};
"ssh_keys/gitea_semaphore_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore.pub";
};
"ssh_keys/gitea_semaphore_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore";
};
"ssh_keys/wol_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_wol";
};
"ssh_keys/wol_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_wol.priv";
};
"ssh_keys/default_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519.pub";
};
"ssh_keys/default_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519";
};
"ssh_keys/ansible_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_ansible.pub";
};
"ssh_keys/ansible_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_ansible";
};
"ssh_keys/beastie_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_beastie.pub";
};
"ssh_keys/beastie_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_beastie";
};
"ssh_keys/gitea_semaphore_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore.pub";
};
"ssh_keys/gitea_semaphore_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore";
};
"ssh_keys/wol_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_wol";
};
"ssh_keys/wol_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_wol.priv";
};
};
}