Create helper option for deploying sops keys

Update public key of sue-root because I lost the private key
2024-11-21 22:27:29 +01:00 · 2024-11-21 22:27:29 +01:00 · 0812586942
commit 0812586942
parent 544cf42357
8 changed files with 102 additions and 107 deletions
--- a/nixos/default.nix
+++ b/nixos/default.nix
@ -22,11 +22,38 @@
    ./desktop.nix
  ];

+  options = {
+    pim.sopsKeys = lib.mkOption {
+      type = lib.types.attrsOf lib.types.path;
+      default = {};
+    };
+  };
+
  config = {
    time.timeZone = "Europe/Amsterdam";
    i18n.defaultLocale = "en_US.UTF-8";
    hardware.pulseaudio.enable = false;

+    deployment.keys =
+      lib.mapAttrs' (user: sopsFile: let
+        homeDirectory =
+          if user == "root"
+          then "/root"
+          else "/home/${user}";
+        maybeSudo = lib.optional (user == "root") "sudo";
+        sops = lib.getExe pkgs.sops;
+      in {
+        name = "${user}-sops-age-key";
+        value = {
+          keyCommand = maybeSudo ++ [sops "--extract" "[\"sops_age_key\"]" "-d" (builtins.toString sopsFile)];
+          name = "keys.txt";
+          destDir = "${homeDirectory}/.config/sops/age";
+          inherit user;
+          group = "users";
+        };
+      })
+      config.pim.sopsKeys;
+
    systemd = {
      services.NetworkManager-wait-online.enable = lib.mkForce false;
      network.wait-online.enable = lib.mkForce false;