SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 14:01:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

sops: Read age public-keys from files

Browse source
This commit is contained in:
SebastianStork 2025-12-25 20:23:03 +01:00
parent de16ca49e8
commit 10362bd42b
Signed by: SebastianStork
SSH key fingerprint: SHA256:iEM011ogNMG1q8+U500adGu/9rpPuZ2KnFtbdLeqTiI
11 changed files with 11 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

5
hosts/desktop/default.nix
View file

@ -10,10 +10,7 @@
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;
custom = { custom = {
sops = { sops.enable = true;
enable = true;
agePublicKey = "age18x6herevmcuhcmeh47ll6p9ck9zk4ga6gfxwlc8yl49rwjxm7qusylwfgc";
};
boot = { boot = {
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;

1
hosts/desktop/keys/age.pub Normal file
View file

@ -0,0 +1 @@
age18x6herevmcuhcmeh47ll6p9ck9zk4ga6gfxwlc8yl49rwjxm7qusylwfgc

5
hosts/laptop/default.nix
View file

@ -10,10 +10,7 @@
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;
custom = { custom = {
sops = { sops.enable = true;
enable = true;
agePublicKey = "age1sywwrwse76x8yskrsfpwk38fu2cmyx5s9qkf2pgc68cta0vj9psql7dp6e";
};
boot = { boot = {
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;

1
hosts/laptop/keys/age.pub Normal file
View file

@ -0,0 +1 @@
age1sywwrwse76x8yskrsfpwk38fu2cmyx5s9qkf2pgc68cta0vj9psql7dp6e

5
hosts/vps-monitor/default.nix
View file

@ -16,10 +16,7 @@
custom = { custom = {
persistence.enable = true; persistence.enable = true;
sops = { sops.enable = true;
enable = true;
agePublicKey = "age1dv6uwnlv7d5dq63y2gwdajel3uyxxxjy07nsyth63fx2hgn3fvsqz94994";
};
boot.loader.grub.enable = true; boot.loader.grub.enable = true;

1
hosts/vps-monitor/keys/age.pub Normal file
View file

@ -0,0 +1 @@
age1dv6uwnlv7d5dq63y2gwdajel3uyxxxjy07nsyth63fx2hgn3fvsqz94994

5
hosts/vps-private/default.nix
View file

@ -16,10 +16,7 @@
custom = { custom = {
persistence.enable = true; persistence.enable = true;
sops = { sops.enable = true;
enable = true;
agePublicKey = "age1e9a0jj0t5mwep4zgaplsuw57750g0sv5uujvx56ad0te0rle0e0q6ywu69";
};
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;

1
hosts/vps-private/keys/age.pub Normal file
View file

@ -0,0 +1 @@
age1e9a0jj0t5mwep4zgaplsuw57750g0sv5uujvx56ad0te0rle0e0q6ywu69

5
hosts/vps-public/default.nix
View file

@ -16,10 +16,7 @@
custom = { custom = {
persistence.enable = true; persistence.enable = true;
sops = { sops.enable = true;
enable = true;
agePublicKey = "age1j47wr83tg4t8sdjcyarwvvrt8qzjrgw2fa2e4nufffdev89t8prsu7lxnh";
};
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;

1
hosts/vps-public/keys/age.pub Normal file
View file

@ -0,0 +1 @@
age1j47wr83tg4t8sdjcyarwvvrt8qzjrgw2fa2e4nufffdev89t8prsu7lxnh

2
modules/system/sops.nix
View file

@ -17,7 +17,7 @@ in
enable = lib.mkEnableOption ""; enable = lib.mkEnableOption "";
agePublicKey = lib.mkOption { agePublicKey = lib.mkOption {
type = lib.types.nonEmptyStr; type = lib.types.nonEmptyStr;
default = ""; default = "${self}/hosts/${config.networking.hostName}/keys/age.pub" |> lib.readFile |> lib.trim;
}; };
secretsFile = lib.mkOption { secretsFile = lib.mkOption {
type = lib.types.nonEmptyStr; type = lib.types.nonEmptyStr;