[sops] Move into proper module

This commit is contained in:
Tibo De Peuter 2023-10-18 20:58:49 +02:00
parent e8b3e3d813
commit 6b2bd26e48
5 changed files with 55 additions and 3 deletions

View file

@ -11,6 +11,7 @@
programs = { programs = {
home-manager.enable = true; home-manager.enable = true;
sops.enable = true;
ssh.enable = true; ssh.enable = true;
zellij.enable = true; zellij.enable = true;
}; };

View file

@ -1,6 +1,5 @@
{ {
imports = [ imports = [
./sops
./vim ./vim
]; ];
} }

View file

@ -1,6 +1,7 @@
{ {
imports = [ imports = [
./home-manager ./home-manager
./sops
./ssh ./ssh
./zellij ./zellij
]; ];

View file

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }:
let
cfg = config.sisyphus.programs.sops;
in {
options.sisyphus.programs.sops.enable = lib.mkEnableOption "Sops";
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
sops
];
sops = {
# Add secrets.yml to the Nix Store.
defaultSopsFile = ../../../secrets/secrets.yaml;
age = {
# Automatically import SSH keys as age keys.
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# Use an age key that is expected to already be in the filesystem.
# You will need to place this file manually.
keyFile = "/var/lib/sops-nix/key.txt";
};
};
};
}

View file

@ -3,6 +3,7 @@
let let
cfg = config.sisyphus.users.tdpeuter; cfg = config.sisyphus.users.tdpeuter;
user = config.users.users.tdpeuter.name;
installedPkgs = config.environment.systemPackages ++ config.home-manager.users.tdpeuter.home.packages; installedPkgs = config.environment.systemPackages ++ config.home-manager.users.tdpeuter.home.packages;
in { in {
options.sisyphus.users.tdpeuter.enable = lib.mkEnableOption "user Tibo De Peuter"; options.sisyphus.users.tdpeuter.enable = lib.mkEnableOption "user Tibo De Peuter";
@ -29,8 +30,8 @@ in {
programs.home-manager.enable = true; programs.home-manager.enable = true;
home = { home = {
username = "tdpeuter"; username = user;
homeDirectory = "/home/tdpeuter"; homeDirectory = "/home/${user}";
stateVersion = config.system.stateVersion; stateVersion = config.system.stateVersion;
# If you specify an application here, it will be detected by the configuration module # If you specify an application here, it will be detected by the configuration module
@ -141,5 +142,30 @@ in {
}; };
}; };
}; };
sops.secrets = lib.mkIf config.sisyphus.programs.sops.enable (
let
Hugo = {
format = "yaml";
sopsFile = ../../../secrets/Hugo.yaml;
owner = user;
};
UGent = {
format = "yaml";
sopsFile = ../../../secrets/UGent.yaml;
owner = user;
};
in {
"Hugo/ssh" = Hugo;
"UGent/HPC/ssh" = UGent;
"GitHub/ssh" = {
format = "yaml";
sopsFile = ../../../secrets/GitHub.yaml;
owner = user;
};
"Hugo/Gitea/ssh" = Hugo;
"UGent/GitHub/ssh" = UGent;
"UGent/SubGit/ssh" = UGent;
});
}; };
} }