ellmau/nixos
1
0
Fork 0
mirror of https://github.com/ellmau/nixos.git synced 2025-12-19 09:29:36 +01:00
Code Issues Projects Releases Wiki Activity

Further adaption on sops

Browse Source
This commit is contained in:
Stefan Ellmauthaler 2022-05-31 15:58:01 +02:00
parent 22fdcbf773
commit d2f9a557f0
Failed to extract signature
4 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.sops.yaml
View File

@ -1,2 +1,7 @@
keys: keys:
- &stefan_ellmauthaler 3B39 8B08 6C41 0264 A14F B353 B1E6 F030 30A4 AEAA - &stefan_ellmauthaler 3B39 8B08 6C41 0264 A14F 3B53 B1E6 F030 30A4 AEAA
creation_rules:
- path_regex: secrets/[^/]+\.yaml$
key_groups:
- pgp:
- *stefan_ellmauthaler

4
flake.nix
View File

@ -97,9 +97,7 @@
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
inputs.dwarffs.nixosModules.dwarffs inputs.dwarffs.nixosModules.dwarffs
] ++ (map (name: ./modules + "/${name}") (moduleNames ./modules)) ++ [ ] ++ (map (name: ./modules + "/${name}") (moduleNames ./modules));
./secrets
];
specialArgs = { specialArgs = {
nixos-hardware = inputs.nixos-hardware.nixosModules; nixos-hardware = inputs.nixos-hardware.nixosModules;
inherit inputs; inherit inputs;

6
secrets/default.nix → modules/secrets.nix
View File

@ -8,8 +8,10 @@ with lib; {
in in
mkIf cfg.enable { mkIf cfg.enable {
sops = { sops = {
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ../secrets/secrets.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
age.keyFile = "/var/lib/sops-nix/key.txt";
age.generateKey = true;
}; };
}; };
} }

2
modules/ssh.nix
View File

@ -10,7 +10,7 @@ with lib; {
services.openssh = { services.openssh = {
enable = true; enable = true;
passwordAuthentication = false; passwordAuthentication = false;
permitRootLogin = false; permitRootLogin = "no";
}; };
}; };
} }