SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 15:11:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Treat secret names as strings

Browse source
This commit is contained in:
SebastianStork 2024-09-07 17:21:40 +02:00
parent 285367da58
commit e333333914
4 changed files with 9 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/home/git.nix
View file

@ -3,7 +3,7 @@
options.myConfig.git.enable = lib.mkEnableOption ""; options.myConfig.git.enable = lib.mkEnableOption "";
config = lib.mkIf config.myConfig.git.enable { config = lib.mkIf config.myConfig.git.enable {
sops.secrets.github-ssh-key.path = "${config.home.homeDirectory}/.ssh/github"; sops.secrets."github-ssh-key".path = "${config.home.homeDirectory}/.ssh/github";
programs = { programs = {
git = { git = {

6
modules/system/geoclue.nix
View file

@ -4,14 +4,16 @@
config = lib.mkIf config.myConfig.geoclue.enable { config = lib.mkIf config.myConfig.geoclue.enable {
sops = { sops = {
secrets.geolocation-api-key = { }; secrets."geolocation-api-key" = { };
templates."geoclue-location-service.conf" = { templates."geoclue-location-service.conf" = {
owner = "geoclue"; owner = "geoclue";
path = "/etc/geoclue/conf.d/location-service.conf"; path = "/etc/geoclue/conf.d/location-service.conf";
content = '' content = ''
[wifi] [wifi]
url=https://www.googleapis.com/geolocation/v1/geolocate?key=${config.sops.placeholder.geolocation-api-key} url=https://www.googleapis.com/geolocation/v1/geolocate?key=${
config.sops.placeholder."geolocation-api-key"
}
''; '';
}; };
}; };

4
modules/system/tailscale.nix
View file

@ -19,11 +19,11 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
sops.secrets.tailscale-auth-key = { }; sops.secrets."tailscale-auth-key" = { };
services.tailscale = { services.tailscale = {
enable = true; enable = true;
authKeyFile = config.sops.secrets.tailscale-auth-key.path; authKeyFile = config.sops.secrets."tailscale-auth-key".path;
openFirewall = true; openFirewall = true;
useRoutingFeatures = if (cfg.exitNode.enable || (cfg.serve != null)) then "server" else "client"; useRoutingFeatures = if (cfg.exitNode.enable || (cfg.serve != null)) then "server" else "client";
extraUpFlags = [ "--reset=true" ]; extraUpFlags = [ "--reset=true" ];

4
users/seb/user.nix
View file

@ -1,11 +1,11 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
sops.secrets.seb-password.neededForUsers = true; sops.secrets."seb-password".neededForUsers = true;
users.users.seb = { users.users.seb = {
isNormalUser = true; isNormalUser = true;
description = "Sebastian Stork"; description = "Sebastian Stork";
hashedPasswordFile = config.sops.secrets.seb-password.path; hashedPasswordFile = config.sops.secrets."seb-password".path;
shell = pkgs.zsh; shell = pkgs.zsh;
extraGroups = [ extraGroups = [
"wheel" "wheel"