[sops] Move into proper module
This commit is contained in:
parent
e8b3e3d813
commit
6b2bd26e48
5 changed files with 55 additions and 3 deletions
|
|
@ -11,6 +11,7 @@
|
||||||
|
|
||||||
programs = {
|
programs = {
|
||||||
home-manager.enable = true;
|
home-manager.enable = true;
|
||||||
|
sops.enable = true;
|
||||||
ssh.enable = true;
|
ssh.enable = true;
|
||||||
zellij.enable = true;
|
zellij.enable = true;
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,5 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./sops
|
|
||||||
./vim
|
./vim
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./home-manager
|
./home-manager
|
||||||
|
./sops
|
||||||
./ssh
|
./ssh
|
||||||
./zellij
|
./zellij
|
||||||
];
|
];
|
||||||
|
|
|
||||||
25
nixos/modules/programs/sops/default.nix
Normal file
25
nixos/modules/programs/sops/default.nix
Normal file
|
|
@ -0,0 +1,25 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.sisyphus.programs.sops;
|
||||||
|
in {
|
||||||
|
options.sisyphus.programs.sops.enable = lib.mkEnableOption "Sops";
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
sops
|
||||||
|
];
|
||||||
|
|
||||||
|
sops = {
|
||||||
|
# Add secrets.yml to the Nix Store.
|
||||||
|
defaultSopsFile = ../../../secrets/secrets.yaml;
|
||||||
|
age = {
|
||||||
|
# Automatically import SSH keys as age keys.
|
||||||
|
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
# Use an age key that is expected to already be in the filesystem.
|
||||||
|
# You will need to place this file manually.
|
||||||
|
keyFile = "/var/lib/sops-nix/key.txt";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -3,6 +3,7 @@
|
||||||
let
|
let
|
||||||
cfg = config.sisyphus.users.tdpeuter;
|
cfg = config.sisyphus.users.tdpeuter;
|
||||||
|
|
||||||
|
user = config.users.users.tdpeuter.name;
|
||||||
installedPkgs = config.environment.systemPackages ++ config.home-manager.users.tdpeuter.home.packages;
|
installedPkgs = config.environment.systemPackages ++ config.home-manager.users.tdpeuter.home.packages;
|
||||||
in {
|
in {
|
||||||
options.sisyphus.users.tdpeuter.enable = lib.mkEnableOption "user Tibo De Peuter";
|
options.sisyphus.users.tdpeuter.enable = lib.mkEnableOption "user Tibo De Peuter";
|
||||||
|
|
@ -29,8 +30,8 @@ in {
|
||||||
programs.home-manager.enable = true;
|
programs.home-manager.enable = true;
|
||||||
|
|
||||||
home = {
|
home = {
|
||||||
username = "tdpeuter";
|
username = user;
|
||||||
homeDirectory = "/home/tdpeuter";
|
homeDirectory = "/home/${user}";
|
||||||
stateVersion = config.system.stateVersion;
|
stateVersion = config.system.stateVersion;
|
||||||
|
|
||||||
# If you specify an application here, it will be detected by the configuration module
|
# If you specify an application here, it will be detected by the configuration module
|
||||||
|
|
@ -141,5 +142,30 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
sops.secrets = lib.mkIf config.sisyphus.programs.sops.enable (
|
||||||
|
let
|
||||||
|
Hugo = {
|
||||||
|
format = "yaml";
|
||||||
|
sopsFile = ../../../secrets/Hugo.yaml;
|
||||||
|
owner = user;
|
||||||
|
};
|
||||||
|
UGent = {
|
||||||
|
format = "yaml";
|
||||||
|
sopsFile = ../../../secrets/UGent.yaml;
|
||||||
|
owner = user;
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
"Hugo/ssh" = Hugo;
|
||||||
|
"UGent/HPC/ssh" = UGent;
|
||||||
|
|
||||||
|
"GitHub/ssh" = {
|
||||||
|
format = "yaml";
|
||||||
|
sopsFile = ../../../secrets/GitHub.yaml;
|
||||||
|
owner = user;
|
||||||
|
};
|
||||||
|
"Hugo/Gitea/ssh" = Hugo;
|
||||||
|
"UGent/GitHub/ssh" = UGent;
|
||||||
|
"UGent/SubGit/ssh" = UGent;
|
||||||
|
});
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue