john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sops updates

Browse Source
This commit is contained in:
John Lancaster
2026-03-24 22:51:59 -05:00
parent 33ccad5bf6
commit eac053ca07
3 changed files with 12 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/hosts/john-pc-ubuntu.nix → modules/hosts/john-pc/john-pc-ubuntu.nix
+4 -4
View File
@@ -2,8 +2,8 @@
let let
username = "john"; username = "john";
hostname = "john-pc-ubuntu"; hostname = "john-pc-ubuntu";
# testTarget = "fded:fb16:653e:25da:be24:11ff:fea0:753f"; # testTarget = "fded:fb16:653e:25da:be24:11ff:fea0:753f"; # test-nix
testTarget = "fded:fb16:653e:25da:be24:11ff:fe89:1cc3"; testTarget = "fded:fb16:653e:25da:be24:11ff:fe89:1cc3"; # soteria
in in
{ {
flake.modules.homeManager."${hostname}" = { pkgs, config, ... }: flake.modules.homeManager."${hostname}" = { pkgs, config, ... }:
@@ -65,8 +65,8 @@ in
}; };
}; };
mysops.hostSecretFile = "${config.xdg.configHome}/home-manager/jsl-dendritic/secrets.yaml"; # This provides the keys at build time and will be included in the nix store
sops.defaultSopsFile = "${config.xdg.configHome}/home-manager/jsl-dendritic/secrets.yaml"; sops.defaultSopsFile = ../../../keys/secrets.yaml;
sops.secrets."restic_password/john_ubuntu" = { sops.secrets."restic_password/john_ubuntu" = {
path = resticPasswordFile; path = resticPasswordFile;
modules/hosts/soteria/soteria.nix
+2 -6
View File
@@ -50,13 +50,9 @@ in
shell.program = "zsh"; shell.program = "zsh";
docker.enable = true; docker.enable = true;
# sops.secrets."janus/admin_password" = { # This will provide the edit-secrets script targeting this file
# path = "${config.home.homeDirectory}/.janus";
# mode = "0400";
# sopsFile = ./secrets.yaml;
# };
mysops.hostSecretFile = "${config.xdg.configHome}/home-manager/modules/hosts/soteria/secrets.yaml"; mysops.hostSecretFile = "${config.xdg.configHome}/home-manager/modules/hosts/soteria/secrets.yaml";
mtls = { mtls = {
enable = true; enable = true;
subject = hostname; subject = hostname;
modules/programs/sops.nix
+6 -7
View File
@@ -12,7 +12,6 @@ in
flake.modules.nixos.mysops = { flake.modules.nixos.mysops = {
imports = [ inputs.sops-nix.nixosModules.sops ]; imports = [ inputs.sops-nix.nixosModules.sops ];
# sops.defaultSopsFile = ../../keys/secrets.yaml;
}; };
# Define the homeModules that are used by flake-parts # Define the homeModules that are used by flake-parts
@@ -23,6 +22,10 @@ in
sopsBin = lib.getExe pkgs.sops; sopsBin = lib.getExe pkgs.sops;
sopsConfigPath = ../../.sops.yaml; sopsConfigPath = ../../.sops.yaml;
sopsSecretsPath = ../../keys/secrets.yaml; sopsSecretsPath = ../../keys/secrets.yaml;
editScript = lib.optional (cfg.hostSecretFile != null) (pkgs.writeShellScriptBin "edit-secrets" ''
${sopsBin} --config ${sopsConfigPath} ${cfg.hostSecretFile}
'');
in in
{ {
imports = [ imports = [
@@ -31,7 +34,6 @@ in
]; ];
options.mysops = { options.mysops = {
enable = lib.mkEnableOption "Customized SOPS tools";
ageKeyFile = lib.mkOption { ageKeyFile = lib.mkOption {
description = "Default location for the age key"; description = "Default location for the age key";
type = lib.types.str; type = lib.types.str;
@@ -70,17 +72,14 @@ in
'') '')
(writeShellScriptBin "show-age-key" "${lib.getExe' pkgs.age "age-keygen"} -y ${cfg.ageKeyFile}") (writeShellScriptBin "show-age-key" "${lib.getExe' pkgs.age "age-keygen"} -y ${cfg.ageKeyFile}")
(writeShellScriptBin "ls-secrets" "${lib.getExe pkgs.eza} -alT --follow-symlinks ~/.config/sops-nix/secrets") (writeShellScriptBin "ls-secrets" "${lib.getExe pkgs.eza} -alT --follow-symlinks ~/.config/sops-nix/secrets")
] ++ lib.optional (cfg.hostSecretFile != null) (writeShellScriptBin "edit-secrets" '' ] ++ editScript;
set -e
${sopsBin} --config ${sopsConfigPath} ${cfg.hostSecretFile}
'');
home.shellAliases.sops = "${sopsBin} --config ${sopsConfigPath}"; home.shellAliases.sops = "${sopsBin} --config ${sopsConfigPath}";
# Option definitions for the sops home-manager module: # Option definitions for the sops home-manager module:
# https://github.com/Mic92/sops-nix/blob/master/modules/home-manager/sops.nix # https://github.com/Mic92/sops-nix/blob/master/modules/home-manager/sops.nix
sops = { sops = {
# defaultSopsFile = sopsSecretsPath; defaultSopsFile = sopsSecretsPath;
defaultSopsFormat = "yaml"; defaultSopsFormat = "yaml";
age.sshKeyPaths = [ "${config.ssh.IdentityFile}" ]; age.sshKeyPaths = [ "${config.ssh.IdentityFile}" ];
}; };