beastie/nixos-dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First commit

Browse Source
This commit is contained in:
Jérémie SALVI
2025-07-22 02:30:15 +02:00
commit e9441f563b
66 changed files with 4401 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
modules/sops/default.nix Normal file
View File

@@ -0,0 +1,70 @@
{ inputs, ... }@attrs:
let
secretsPath = builtins.toString inputs.mysecrets;
in
{
sops = {
defaultSopsFile = "${secretsPath}/secrets.yaml";
age = {
sshKeyPaths = [
"/etc/ssh/ssh_host_ed25519_key"
];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
secrets = {
"ldap_password/beastie" = {
};
"users_password/beastie" = {
neededForUsers = true;
};
"ssh_keys/default_pub" = {
owner = "${attrs.username}";
mode = "0644";
path = "/home/${attrs.username}/.ssh/id_ed25519.pub";
};
"ssh_keys/default_priv" = {
owner = "${attrs.username}";
mode = "0600";
path = "/home/${attrs.username}/.ssh/id_ed25519";
};
"ssh_keys/ansible_pub" = {
owner = "${attrs.username}";
mode = "0644";
path = "/home/${attrs.username}/.ssh/id_ed25519_ansible.pub";
};
"ssh_keys/ansible_priv" = {
owner = "${attrs.username}";
mode = "0600";
path = "/home/${attrs.username}/.ssh/id_ed25519_ansible";
};
"ssh_keys/beastie_pub" = {
owner = "${attrs.username}";
mode = "0644";
path = "/home/${attrs.username}/.ssh/id_ed25519_beastie.pub";
};
"ssh_keys/beastie_priv" = {
owner = "${attrs.username}";
mode = "0600";
path = "/home/${attrs.username}/.ssh/id_ed25519_beastie";
};
"ssh_keys/gitea_semaphore_pub" = {
owner = "${attrs.username}";
mode = "0644";
path = "/home/${attrs.username}/.ssh/id_ed25519_gitea_semaphore.pub";
};
"ssh_keys/gitea_semaphore_priv" = {
owner = "${attrs.username}";
mode = "0600";
path = "/home/${attrs.username}/.ssh/id_ed25519_gitea_semaphore";
};
};
};
system.activationScripts.setup-ssh-keys = {
text = ''
chown ${attrs.username}:users /home/${attrs.username}/.ssh
chmod 700 /home/${attrs.username}/.ssh
'';
};
}