Distribute secrets to machine configs

2025-03-21 21:45:08 +01:00 · 2025-03-21 21:45:08 +01:00 · 136dd36b8c
commit 136dd36b8c
parent 3f68d344d1
5 changed files with 28 additions and 18 deletions
--- a/modules/nixos/builder/default.nix
+++ b/modules/nixos/builder/default.nix
@ -51,6 +51,15 @@ in
        ];
        mandatoryFeatures = [ ];
      }
+      # {
+      #   hostName = "localhost";
+      #   protocol = null;
+      #   systems = [
+      #     "x86_64-linux"
+      #   ];
+      #   maxJobs = 4;
+      #   speedFactor = 1;
+      # }
    ];
  };
 }
--- a/modules/nixos/sops/default.nix
+++ b/modules/nixos/sops/default.nix
@ -42,23 +42,5 @@ in
    # List of defined secrets
    # They all become files linked inside the "/run/secrets/" directory

-    sops.secrets."vnc-passwd" = {
-      owner = config.users.users.julian.name;
-      sopsFile = ../../../secrets/vnc-passwd;
-      format = "binary";
-    };
-    sops.secrets."wifi/pianonix" = { };
-
-    sops.secrets."password/aspi" = {
-      neededForUsers = true; # necessary for setting password
-    };
-    sops.secrets."password/pianonix" = {
-      neededForUsers = true; # necessary for setting password
-    };
-
-    sops.secrets."syncthing/pianonix/key" = { };
-    sops.secrets."syncthing/pianonix/cert" = { };
-    sops.secrets."syncthing/public-keys/aspi-nix" = { };
-    sops.secrets."syncthing/public-keys/pianonix" = { };
  };
 }
--- a/systems/aarch64-linux/pianonix/default.nix
+++ b/systems/aarch64-linux/pianonix/default.nix
@ -25,6 +25,20 @@
  # Set your time zone.
  time.timeZone = "Europe/Berlin";

+  sops.secrets."vnc-passwd" = {
+    owner = config.users.users.julian.name;
+    sopsFile = ../../../secrets/vnc-passwd;
+    format = "binary";
+  };
+  sops.secrets."wifi/pianonix" = { };
+  sops.secrets."syncthing/pianonix/key" = { };
+  sops.secrets."syncthing/pianonix/cert" = { };
+  # sops.secrets."syncthing/public-keys/aspi-nix" = { };
+  # sops.secrets."syncthing/public-keys/pianonix" = { };
+  sops.secrets."password/pianonix" = {
+    neededForUsers = true; # necessary for setting password
+  };
+
  modules = {
    sops.enable = true;
    nix-settings.enable = true;
--- a/systems/x86_64-linux/aspi/default.nix
+++ b/systems/x86_64-linux/aspi/default.nix
@ -36,6 +36,10 @@

  time.timeZone = "Europe/Berlin";

+  sops.secrets = {
+    "password/aspi".neededForUsers = true; # necessary for setting password
+  };
+
  modules = {
    sops.enable = true;
    nix-settings.enable = true;
--- a/systems/x86_64-linux/builder/default.nix
+++ b/systems/x86_64-linux/builder/default.nix
@ -37,6 +37,7 @@
  modules = {
    keymap.enable = true;
    locales.enable = true;
+    sops.enable = true;
  };

  users.users.nix = {