beastie/dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: beastie:27fb3915b67f834843c99df4169d2423f8802a88
Branches Tags
beastie:main
..
compare: beastie:d319db25bb456304471c3c979fb2d15bb5ca5e53
Branches Tags
beastie:main

2 Commits
27fb3915b6 ... d319db25bb

Author SHA1 Message Date
Jérémie SALVI
d319db25bb Merge branch 'main' of git.unixyourbrain.org:beastie/dev 2026-02-10 18:19:23 +01:00
Jérémie SALVI
961e9c475e Reorganise sops. 2026-02-10 18:18:12 +01:00
4 changed files with 78 additions and 68 deletions
Expand all files Collapse all files

1
modules/core/default.nix
View File

@@ -5,6 +5,7 @@
imports = [
./grub.nix
./packages.nix
./sops.nix
./ssh.nix
./system.nix
./tty.nix

19
modules/core/sops.nix Normal file
View File

@@ -0,0 +1,19 @@
{
inputs,
...
}:
let
secretsPath = builtins.toString inputs.mysecrets;
in
{
sops = {
defaultSopsFile = "${secretsPath}/secrets.yaml";
age = {
sshKeyPaths = [
"/etc/ssh/ssh_host_ed25519_key"
];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
};
}

7
modules/core/users.nix
View File

@@ -5,6 +5,11 @@
...
}:
{
sops.secrets = {
"users_password/beastie" = {
neededForUsers = true;
};
};
users = {
users = {
${username} = {
@@ -18,7 +23,7 @@
"video"
];
openssh.authorizedKeys.keys = [
config.sops.secrets."ssh_keys/beastie_priv".path
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKMJ3TkEmRQcX7RQijNa2km6a2xXJk6M6FERh7C9nTJ"
];
shell = pkgs.zsh;
};

119
modules/optionnals/sops-desktop.nix
View File

@@ -1,76 +1,61 @@
{
inputs,
username,
...
}:
let
secretsPath = builtins.toString inputs.mysecrets;
in
{
sops = {
defaultSopsFile = "${secretsPath}/secrets.yaml";
age = {
sshKeyPaths = [
"/etc/ssh/ssh_host_ed25519_key"
];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
sops.secrets = {
"users_password/beastie" = {
neededForUsers = true;
};
secrets = {
"users_password/beastie" = {
neededForUsers = true;
};
"ssh_keys/default_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519.pub";
};
"ssh_keys/default_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519";
};
"ssh_keys/ansible_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_ansible.pub";
};
"ssh_keys/ansible_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_ansible";
};
"ssh_keys/beastie_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_beastie.pub";
};
"ssh_keys/beastie_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_beastie";
};
"ssh_keys/gitea_semaphore_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore.pub";
};
"ssh_keys/gitea_semaphore_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore";
};
"ssh_keys/wol_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_wol";
};
"ssh_keys/wol_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_wol.priv";
};
"ssh_keys/default_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519.pub";
};
"ssh_keys/default_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519";
};
"ssh_keys/ansible_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_ansible.pub";
};
"ssh_keys/ansible_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_ansible";
};
"ssh_keys/beastie_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_beastie.pub";
};
"ssh_keys/beastie_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_beastie";
};
"ssh_keys/gitea_semaphore_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore.pub";
};
"ssh_keys/gitea_semaphore_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore";
};
"ssh_keys/wol_pub" = {
owner = "${username}";
mode = "0644";
path = "/home/${username}/.ssh/id_ed25519_wol";
};
"ssh_keys/wol_priv" = {
owner = "${username}";
mode = "0600";
path = "/home/${username}/.ssh/id_ed25519_wol.priv";
};
};
}