Distribute secrets to machine configs

2025-03-21 21:45:08 +01:00
parent 3f68d344d1
commit 136dd36b8c
5 changed files with 28 additions and 18 deletions
--- a/systems/aarch64-linux/pianonix/default.nix
+++ b/systems/aarch64-linux/pianonix/default.nix
@@ -25,6 +25,20 @@
  # Set your time zone.
  time.timeZone = "Europe/Berlin";

+  sops.secrets."vnc-passwd" = {
+    owner = config.users.users.julian.name;
+    sopsFile = ../../../secrets/vnc-passwd;
+    format = "binary";
+  };
+  sops.secrets."wifi/pianonix" = { };
+  sops.secrets."syncthing/pianonix/key" = { };
+  sops.secrets."syncthing/pianonix/cert" = { };
+  # sops.secrets."syncthing/public-keys/aspi-nix" = { };
+  # sops.secrets."syncthing/public-keys/pianonix" = { };
+  sops.secrets."password/pianonix" = {
+    neededForUsers = true; # necessary for setting password
+  };
+
  modules = {
    sops.enable = true;
    nix-settings.enable = true;
--- a/systems/x86_64-linux/aspi/default.nix
+++ b/systems/x86_64-linux/aspi/default.nix
@@ -36,6 +36,10 @@

  time.timeZone = "Europe/Berlin";

+  sops.secrets = {
+    "password/aspi".neededForUsers = true; # necessary for setting password
+  };
+
  modules = {
    sops.enable = true;
    nix-settings.enable = true;
--- a/systems/x86_64-linux/builder/default.nix
+++ b/systems/x86_64-linux/builder/default.nix
@@ -37,6 +37,7 @@
  modules = {
    keymap.enable = true;
    locales.enable = true;
+    sops.enable = true;
  };

  users.users.nix = {