john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed sops

Browse Source
This commit is contained in:
John Lancaster
2026-03-08 15:06:11 -05:00
parent 8b8edf9211
commit a049bd539a
2 changed files with 31 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
modules/home-manager/programs/sops.nix
View File

@@ -35,7 +35,9 @@ in
(writeShellScriptBin "ls-secrets" "exec ${lib.getExe pkgs.eza} -alT --follow-symlinks ~/.config/sops-nix/secrets") (writeShellScriptBin "ls-secrets" "exec ${lib.getExe pkgs.eza} -alT --follow-symlinks ~/.config/sops-nix/secrets")
]; ];
programs.zsh.shellAliases.sops = "exec ${sopsBin} --config ${sopsConfigPath}"; home.shellAliases = {
sops = "${sopsBin} --config ${sopsConfigPath}";
};
imports = [ imports = [
# This import makes the sops config attribute available below # This import makes the sops config attribute available below
@@ -51,15 +53,13 @@ in
sops = { sops = {
defaultSopsFile = "${sopsSecretsPath}"; defaultSopsFile = "${sopsSecretsPath}";
defaultSopsFormat = "yaml"; defaultSopsFormat = "yaml";
age.sshKeyPaths = [ "${config.ssh.IdentityFile}" ];
# Not sure any of these are necessary
# age.sshKeyPaths = [ "${config.sshIdentityFile}" ];
# age.keyFile = "${ageKeyFile}"; # age.keyFile = "${ageKeyFile}";
# age.generateKey = true; # age.generateKey = true;
# secrets."api/gmail_client_secret" = { secrets."api/gmail_client_secret" = {
# path = "${config.xdg.configHome}/resticprofile/dendrite.txt"; path = "${config.xdg.configHome}/resticprofile/dendrite.txt";
# }; };
templates."gmail_creds" = { templates."gmail_creds" = {
path = "${config.xdg.configHome}/sops-nix/gmail_api_credentials.json"; path = "${config.xdg.configHome}/sops-nix/gmail_api_credentials.json";

26
modules/hosts/john-pc-ubuntu.nix
View File

@@ -19,7 +19,7 @@
inputs.self.homeModules."john-pc-ubuntu" inputs.self.homeModules."john-pc-ubuntu"
# Include another inline module to set the options created through the jsl-home modules # Include another inline module to set the options created through the jsl-home modules
{ ({ config, ... }: {
homeManagerFlakeDir = "~/.config/home-manager/jsl-dendritic"; homeManagerFlakeDir = "~/.config/home-manager/jsl-dendritic";
docker.enable = true; docker.enable = true;
ssh.matchSets = { ssh.matchSets = {
@@ -28,8 +28,28 @@
homelab = true; homelab = true;
}; };
shell.program = "zsh"; shell.program = "zsh";
programs.resticprofile.enable = true; sops.secrets."restic_password/john_ubuntu" = {
} path = "${config.xdg.configHome}/resticprofile/password.txt";
};
programs.resticprofile = {
enable= true;
profiles = {
default = {
"inherit" = "base";
repository = "rest:https://soteria.john-stream.com/john-ubuntu";
cacert = "${config.home.homeDirectory}/.step/certs/root_ca.crt";
tls-client-cert = "${config.home.homeDirectory}/.step/certs/mtls.pem";
backup = {
source = [
"${config.xdg.userDirs.documents}"
"/conf"
];
schedule = "*-*-* *:15,30,45:00";
};
};
};
};
})
]; ];
}; };
} }