Julian Mutter
64392b695e
Some checks failed
Update Nix Flake / update-flake (push) Failing after 12s
24 lines
683 B
Nix
24 lines
683 B
Nix
{
|
|
pwd,
|
|
inputs,
|
|
config,
|
|
...
|
|
}: let
|
|
isEd25519 = k: k.type == "ed25519";
|
|
getKeyPath = k: k.path;
|
|
keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
|
|
in {
|
|
imports = [inputs.sops-nix.nixosModules.sops];
|
|
|
|
sops.age = {
|
|
sshKeyPaths = map getKeyPath keys;
|
|
|
|
# TODO: remove? only rely on ssh or pgp keys (e.g. ubikey like misterio is using!!!)
|
|
# keyFile = "/home/julian/.config/sops/age/keys.txt";
|
|
# Generate key if none of the above worked. With this, building will still work, just without secrets
|
|
generateKey = false; # TODO: building should not work without secrets!?
|
|
};
|
|
|
|
sops.defaultSopsFile = "${pwd}/hosts/secrets-common.yaml";
|
|
}
|