57 lines
1.2 KiB
Nix
57 lines
1.2 KiB
Nix
{
|
|
inputs,
|
|
...
|
|
}:
|
|
let
|
|
sopsAdminKeyPath = "/var/lib/sops/keys.txt";
|
|
in
|
|
{
|
|
flake.modules.nixos."sops-host" =
|
|
{
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
let
|
|
useHostSshKey = config.meta.host.kind == "server";
|
|
useAdminKeyFile = config.meta.host.kind != "server";
|
|
adminKeyDir = builtins.dirOf sopsAdminKeyPath;
|
|
in
|
|
{
|
|
imports = [ inputs.sops-nix.nixosModules.sops ];
|
|
|
|
sops = {
|
|
defaultSopsFile = ./secrets.yaml;
|
|
age =
|
|
lib.optionalAttrs useHostSshKey {
|
|
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
}
|
|
// lib.optionalAttrs useAdminKeyFile {
|
|
keyFile = sopsAdminKeyPath;
|
|
};
|
|
};
|
|
|
|
systemd.tmpfiles.rules = lib.optionals useAdminKeyFile [
|
|
"d ${adminKeyDir} 0750 root wheel -"
|
|
"z ${sopsAdminKeyPath} 0640 root wheel -"
|
|
];
|
|
};
|
|
|
|
flake.modules.homeManager."sops-admin" =
|
|
{
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
imports = [ inputs.sops-nix.homeManagerModules.sops ];
|
|
|
|
sops = {
|
|
defaultSopsFile = ./secrets.yaml;
|
|
age.keyFile = sopsAdminKeyPath;
|
|
};
|
|
|
|
home.sessionVariables.SOPS_AGE_KEY_FILE = sopsAdminKeyPath;
|
|
home.packages = [ pkgs.sops ];
|
|
};
|
|
}
|