[sops] Move into proper module
This commit is contained in:
parent
bab3778f18
commit
76d20746cb
5 changed files with 55 additions and 3 deletions
|
|
@ -11,6 +11,7 @@
|
|||
|
||||
programs = {
|
||||
home-manager.enable = true;
|
||||
sops.enable = true;
|
||||
ssh.enable = true;
|
||||
zellij.enable = true;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
{
|
||||
imports = [
|
||||
./sops
|
||||
./vim
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
imports = [
|
||||
./home-manager
|
||||
./sops
|
||||
./ssh
|
||||
./zellij
|
||||
];
|
||||
|
|
|
|||
25
nixos/modules/programs/sops/default.nix
Normal file
25
nixos/modules/programs/sops/default.nix
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.sisyphus.programs.sops;
|
||||
in {
|
||||
options.sisyphus.programs.sops.enable = lib.mkEnableOption "Sops";
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [
|
||||
sops
|
||||
];
|
||||
|
||||
sops = {
|
||||
# Add secrets.yml to the Nix Store.
|
||||
defaultSopsFile = ../../../secrets/secrets.yaml;
|
||||
age = {
|
||||
# Automatically import SSH keys as age keys.
|
||||
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
# Use an age key that is expected to already be in the filesystem.
|
||||
# You will need to place this file manually.
|
||||
keyFile = "/var/lib/sops-nix/key.txt";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -3,6 +3,7 @@
|
|||
let
|
||||
cfg = config.sisyphus.users.tdpeuter;
|
||||
|
||||
user = config.users.users.tdpeuter.name;
|
||||
installedPkgs = config.environment.systemPackages ++ config.home-manager.users.tdpeuter.home.packages;
|
||||
in {
|
||||
options.sisyphus.users.tdpeuter.enable = lib.mkEnableOption "user Tibo De Peuter";
|
||||
|
|
@ -29,8 +30,8 @@ in {
|
|||
programs.home-manager.enable = true;
|
||||
|
||||
home = {
|
||||
username = "tdpeuter";
|
||||
homeDirectory = "/home/tdpeuter";
|
||||
username = user;
|
||||
homeDirectory = "/home/${user}";
|
||||
stateVersion = config.system.stateVersion;
|
||||
|
||||
# If you specify an application here, it will be detected by the configuration module
|
||||
|
|
@ -141,5 +142,30 @@ in {
|
|||
};
|
||||
};
|
||||
};
|
||||
sops.secrets = lib.mkIf config.sisyphus.programs.sops.enable (
|
||||
let
|
||||
Hugo = {
|
||||
format = "yaml";
|
||||
sopsFile = ../../../secrets/Hugo.yaml;
|
||||
owner = user;
|
||||
};
|
||||
UGent = {
|
||||
format = "yaml";
|
||||
sopsFile = ../../../secrets/UGent.yaml;
|
||||
owner = user;
|
||||
};
|
||||
in {
|
||||
"Hugo/ssh" = Hugo;
|
||||
"UGent/HPC/ssh" = UGent;
|
||||
|
||||
"GitHub/ssh" = {
|
||||
format = "yaml";
|
||||
sopsFile = ../../../secrets/GitHub.yaml;
|
||||
owner = user;
|
||||
};
|
||||
"Hugo/Gitea/ssh" = Hugo;
|
||||
"UGent/GitHub/ssh" = UGent;
|
||||
"UGent/SubGit/ssh" = UGent;
|
||||
});
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue