Configure secrets, configure ssh and add H4G0

2023-09-10 22:46:34 +02:00 · 2023-09-10 22:46:34 +02:00 · 823ccc15b5
commit 823ccc15b5
parent 496e103b53
8 changed files with 124 additions and 7 deletions
--- a/nixos/modules/utils/sops/default.nix
+++ b/nixos/modules/utils/sops/default.nix
@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    sops
+  ];
+
+  sops = {
+    # Add secrets.yml to the nix store
+    defaultSopsFile = ../../../secrets/secrets.yaml;
+    age = {
+      # Automatically import SSH keys as age keys
+      sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+      # Use an age key that is expected to already be in the filesystem
+      keyFile = "/var/lib/sops-nix/key.txt";
+      # Generate new keys if the key specified above does not exist
+      generateKey = true;
+    };
+    secrets = {
+      "H4G0/ssh" = {
+        format = "yaml";
+        sopsFile = ../../../secrets/H4G0.yaml;
+        owner = config.users.users.tdpeuter.name;
+      };
+    };
+  };
+}