From b3ab73a336fca4c575bb50af5db632f19db3f559 Mon Sep 17 00:00:00 2001 From: Fuwn Date: Sun, 4 May 2025 22:06:38 -0700 Subject: Nara: Set up SOPS --- modules/base/default.nix | 1 + modules/base/sops.nix | 17 +++++++++++++++++ modules/core/default.nix | 1 - modules/core/sops.nix | 17 ----------------- modules/mac/default.nix | 1 + 5 files changed, 19 insertions(+), 18 deletions(-) create mode 100644 modules/base/sops.nix delete mode 100644 modules/core/sops.nix (limited to 'modules') diff --git a/modules/base/default.nix b/modules/base/default.nix index bca5d83..f1dedf0 100644 --- a/modules/base/default.nix +++ b/modules/base/default.nix @@ -2,5 +2,6 @@ imports = [ ./nix.nix ./programs.nix + ./sops.nix ]; } diff --git a/modules/base/sops.nix b/modules/base/sops.nix new file mode 100644 index 0000000..7cae1c9 --- /dev/null +++ b/modules/base/sops.nix @@ -0,0 +1,17 @@ +{ pkgs, self, ... }: +{ + environment.systemPackages = [ + pkgs.sops + ]; + + sops = { + gnupg.sshKeyPaths = [ ]; + secrets.tailscale_authentication_key.sopsFile = "${self}/secrets/hosts.yaml"; + + age = { + sshKeyPaths = [ ]; + keyFile = "/var/lib/sops-nix/key.txt"; + generateKey = true; + }; + }; +} diff --git a/modules/core/default.nix b/modules/core/default.nix index 56d8ad9..026c7a3 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -5,6 +5,5 @@ ./access ./networking ./nix - ./sops.nix ]; } diff --git a/modules/core/sops.nix b/modules/core/sops.nix deleted file mode 100644 index fbf1b6f..0000000 --- a/modules/core/sops.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, self, ... }: -{ - environment.systemPackages = [ - pkgs.sops - ]; - - sops = { - gnupg.sshKeyPaths = [ ]; - secrets.tailscale_authentication_key.sopsFile = "${self}/secrets/hosts.yaml"; - - age = { - sshKeyPaths = [ ]; - keyFile = "/var/lib/sops-nix/keys.txt"; - generateKey = true; - }; - }; -} diff --git a/modules/mac/default.nix b/modules/mac/default.nix index 1ed98c7..f0cb03b 100644 --- a/modules/mac/default.nix +++ b/modules/mac/default.nix @@ -1,3 +1,4 @@ +{ lib, ... }: { imports = [ ./programs -- cgit v1.2.3