beastie/dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reorganise sops.

Browse Source
This commit is contained in:
Jérémie SALVI
2026-02-10 18:18:12 +01:00
parent 73de596c29
commit 961e9c475e
4 changed files with 78 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
modules/core/default.nix
View File

@@ -5,6 +5,7 @@
imports = [ imports = [
./grub.nix ./grub.nix
./packages.nix ./packages.nix
./sops.nix
./ssh.nix ./ssh.nix
./system.nix ./system.nix
./tty.nix ./tty.nix

19
modules/core/sops.nix Normal file
View File

@@ -0,0 +1,19 @@
{
inputs,
...
}:
let
secretsPath = builtins.toString inputs.mysecrets;
in
{
sops = {
defaultSopsFile = "${secretsPath}/secrets.yaml";
age = {
sshKeyPaths = [
"/etc/ssh/ssh_host_ed25519_key"
];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
};
}

7
modules/core/users.nix
View File

@@ -5,6 +5,11 @@
... ...
}: }:
{ {
sops.secrets = {
"users_password/beastie" = {
neededForUsers = true;
};
};
users = { users = {
users = { users = {
${username} = { ${username} = {
@@ -18,7 +23,7 @@
"video" "video"
]; ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
config.sops.secrets."ssh_keys/beastie_priv".path "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKMJ3TkEmRQcX7RQijNa2km6a2xXJk6M6FERh7C9nTJ"
]; ];
shell = pkgs.zsh; shell = pkgs.zsh;
}; };

17
modules/optionnals/sops-desktop.nix
View File

@@ -1,23 +1,9 @@
{ {
inputs,
username, username,
... ...
}: }:
let
secretsPath = builtins.toString inputs.mysecrets;
in
{ {
sops = { sops.secrets = {
defaultSopsFile = "${secretsPath}/secrets.yaml";
age = {
sshKeyPaths = [
"/etc/ssh/ssh_host_ed25519_key"
];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
secrets = {
"users_password/beastie" = { "users_password/beastie" = {
neededForUsers = true; neededForUsers = true;
}; };
@@ -72,5 +58,4 @@ in
path = "/home/${username}/.ssh/id_ed25519_wol.priv"; path = "/home/${username}/.ssh/id_ed25519_wol.priv";
}; };
}; };
};
} }