From 76d20746cbf5c6c643722f65ee46da0b3039c30b Mon Sep 17 00:00:00 2001 From: Tibo De Peuter Date: Wed, 18 Oct 2023 20:58:49 +0200 Subject: [PATCH] [sops] Move into proper module --- nixos/hosts/Tibo-NixFat/default.nix | 1 + nixos/modules-old/utils/default.nix | 1 - nixos/modules/programs/default.nix | 1 + nixos/modules/programs/sops/default.nix | 25 ++++++++++++++++++++ nixos/modules/users/tdpeuter/default.nix | 30 ++++++++++++++++++++++-- 5 files changed, 55 insertions(+), 3 deletions(-) create mode 100644 nixos/modules/programs/sops/default.nix diff --git a/nixos/hosts/Tibo-NixFat/default.nix b/nixos/hosts/Tibo-NixFat/default.nix index 24b4c08..098cdc5 100644 --- a/nixos/hosts/Tibo-NixFat/default.nix +++ b/nixos/hosts/Tibo-NixFat/default.nix @@ -11,6 +11,7 @@ programs = { home-manager.enable = true; + sops.enable = true; ssh.enable = true; zellij.enable = true; }; diff --git a/nixos/modules-old/utils/default.nix b/nixos/modules-old/utils/default.nix index 9259e66..c398e48 100644 --- a/nixos/modules-old/utils/default.nix +++ b/nixos/modules-old/utils/default.nix @@ -1,6 +1,5 @@ { imports = [ - ./sops ./vim ]; } diff --git a/nixos/modules/programs/default.nix b/nixos/modules/programs/default.nix index 159d6a0..e13df16 100644 --- a/nixos/modules/programs/default.nix +++ b/nixos/modules/programs/default.nix @@ -1,6 +1,7 @@ { imports = [ ./home-manager + ./sops ./ssh ./zellij ]; diff --git a/nixos/modules/programs/sops/default.nix b/nixos/modules/programs/sops/default.nix new file mode 100644 index 0000000..443eac9 --- /dev/null +++ b/nixos/modules/programs/sops/default.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.sisyphus.programs.sops; +in { + options.sisyphus.programs.sops.enable = lib.mkEnableOption "Sops"; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + sops + ]; + + sops = { + # Add secrets.yml to the Nix Store. + defaultSopsFile = ../../../secrets/secrets.yaml; + age = { + # Automatically import SSH keys as age keys. + sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + # Use an age key that is expected to already be in the filesystem. + # You will need to place this file manually. + keyFile = "/var/lib/sops-nix/key.txt"; + }; + }; + }; +} diff --git a/nixos/modules/users/tdpeuter/default.nix b/nixos/modules/users/tdpeuter/default.nix index bdb653e..c91390f 100644 --- a/nixos/modules/users/tdpeuter/default.nix +++ b/nixos/modules/users/tdpeuter/default.nix @@ -3,6 +3,7 @@ let cfg = config.sisyphus.users.tdpeuter; + user = config.users.users.tdpeuter.name; installedPkgs = config.environment.systemPackages ++ config.home-manager.users.tdpeuter.home.packages; in { options.sisyphus.users.tdpeuter.enable = lib.mkEnableOption "user Tibo De Peuter"; @@ -29,8 +30,8 @@ in { programs.home-manager.enable = true; home = { - username = "tdpeuter"; - homeDirectory = "/home/tdpeuter"; + username = user; + homeDirectory = "/home/${user}"; stateVersion = config.system.stateVersion; # If you specify an application here, it will be detected by the configuration module @@ -141,5 +142,30 @@ in { }; }; }; + sops.secrets = lib.mkIf config.sisyphus.programs.sops.enable ( + let + Hugo = { + format = "yaml"; + sopsFile = ../../../secrets/Hugo.yaml; + owner = user; + }; + UGent = { + format = "yaml"; + sopsFile = ../../../secrets/UGent.yaml; + owner = user; + }; + in { + "Hugo/ssh" = Hugo; + "UGent/HPC/ssh" = UGent; + + "GitHub/ssh" = { + format = "yaml"; + sopsFile = ../../../secrets/GitHub.yaml; + owner = user; + }; + "Hugo/Gitea/ssh" = Hugo; + "UGent/GitHub/ssh" = UGent; + "UGent/SubGit/ssh" = UGent; + }); }; }