julian/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity

Distribute secrets to machine configs

Browse Source
This commit is contained in:
Julian Mutter 2025-03-21 21:45:08 +01:00
parent 3f68d344d1
commit 136dd36b8c
5 changed files with 28 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
modules/nixos/builder/default.nix
View File

@ -51,6 +51,15 @@ in
]; ];
mandatoryFeatures = [ ]; mandatoryFeatures = [ ];
} }
# {
# hostName = "localhost";
# protocol = null;
# systems = [
# "x86_64-linux"
# ];
# maxJobs = 4;
# speedFactor = 1;
# }
]; ];
}; };
} }

18
modules/nixos/sops/default.nix
View File

@ -42,23 +42,5 @@ in
# List of defined secrets # List of defined secrets
# They all become files linked inside the "/run/secrets/" directory # They all become files linked inside the "/run/secrets/" directory
sops.secrets."vnc-passwd" = {
owner = config.users.users.julian.name;
sopsFile = ../../../secrets/vnc-passwd;
format = "binary";
};
sops.secrets."wifi/pianonix" = { };
sops.secrets."password/aspi" = {
neededForUsers = true; # necessary for setting password
};
sops.secrets."password/pianonix" = {
neededForUsers = true; # necessary for setting password
};
sops.secrets."syncthing/pianonix/key" = { };
sops.secrets."syncthing/pianonix/cert" = { };
sops.secrets."syncthing/public-keys/aspi-nix" = { };
sops.secrets."syncthing/public-keys/pianonix" = { };
}; };
} }

14
systems/aarch64-linux/pianonix/default.nix
View File

@ -25,6 +25,20 @@
# Set your time zone. # Set your time zone.
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
sops.secrets."vnc-passwd" = {
owner = config.users.users.julian.name;
sopsFile = ../../../secrets/vnc-passwd;
format = "binary";
};
sops.secrets."wifi/pianonix" = { };
sops.secrets."syncthing/pianonix/key" = { };
sops.secrets."syncthing/pianonix/cert" = { };
# sops.secrets."syncthing/public-keys/aspi-nix" = { };
# sops.secrets."syncthing/public-keys/pianonix" = { };
sops.secrets."password/pianonix" = {
neededForUsers = true; # necessary for setting password
};
modules = { modules = {
sops.enable = true; sops.enable = true;
nix-settings.enable = true; nix-settings.enable = true;

4
systems/x86_64-linux/aspi/default.nix
View File

@ -36,6 +36,10 @@
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
sops.secrets = {
"password/aspi".neededForUsers = true; # necessary for setting password
};
modules = { modules = {
sops.enable = true; sops.enable = true;
nix-settings.enable = true; nix-settings.enable = true;

1
systems/x86_64-linux/builder/default.nix
View File

@ -37,6 +37,7 @@
modules = { modules = {
keymap.enable = true; keymap.enable = true;
locales.enable = true; locales.enable = true;
sops.enable = true;
}; };
users.users.nix = { users.users.nix = {