From 0ce79b62eb2e81a850cc872329c45f6be08ff4ca Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sun, 1 Dec 2024 17:15:01 +0100 Subject: [PATCH] Deploy root's sops key by default --- machines/atlas/configuration.nix | 6 +----- machines/gamepc/configuration.nix | 2 +- machines/jefke/configuration.nix | 6 +----- machines/lewis/configuration.nix | 1 - machines/sue/configuration.nix | 1 - machines/warwick/configuration.nix | 1 - nixos/default.nix | 2 +- 7 files changed, 4 insertions(+), 15 deletions(-) diff --git a/machines/atlas/configuration.nix b/machines/atlas/configuration.nix index dad5ae1..6b28f8d 100644 --- a/machines/atlas/configuration.nix +++ b/machines/atlas/configuration.nix @@ -3,16 +3,12 @@ facter.reportPath = ./facter.json; system.stateVersion = "23.05"; users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels; + pim.k3s.serverAddr = "https://jefke.dmz:6443"; deployment = { targetHost = "atlas"; targetUser = "root"; tags = ["server" "kubernetes"]; }; - - pim = { - sops-nix.usersWithSopsKeys = ["root"]; - k3s.serverAddr = "https://jefke.dmz:6443"; - }; }; } diff --git a/machines/gamepc/configuration.nix b/machines/gamepc/configuration.nix index e2b7010..f8fe1e3 100644 --- a/machines/gamepc/configuration.nix +++ b/machines/gamepc/configuration.nix @@ -6,7 +6,7 @@ config = { pim = { cinnamon.enable = true; - sops-nix.usersWithSopsKeys = ["root" "pim"]; + sops-nix.usersWithSopsKeys = ["pim"]; }; facter.reportPath = ./facter.json; diff --git a/machines/jefke/configuration.nix b/machines/jefke/configuration.nix index 2c9d237..f569389 100644 --- a/machines/jefke/configuration.nix +++ b/machines/jefke/configuration.nix @@ -1,5 +1,6 @@ {config, ...}: { config = { + pim.k3s.clusterInit = true; facter.reportPath = ./facter.json; system.stateVersion = "23.05"; users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels; @@ -9,10 +10,5 @@ targetUser = "root"; tags = ["server" "kubernetes"]; }; - - pim = { - sops-nix.usersWithSopsKeys = ["root"]; - k3s.clusterInit = true; - }; }; } diff --git a/machines/lewis/configuration.nix b/machines/lewis/configuration.nix index f9d6e30..cd489d8 100644 --- a/machines/lewis/configuration.nix +++ b/machines/lewis/configuration.nix @@ -16,7 +16,6 @@ }; pim = { - sops-nix.usersWithSopsKeys = ["root"]; # TODO: this should be dynamically set using Colmena tags k3s.serverAddr = "https://jefke.dmz:6443"; data-sharing.enable = true; diff --git a/machines/sue/configuration.nix b/machines/sue/configuration.nix index ad7e860..6b25a72 100644 --- a/machines/sue/configuration.nix +++ b/machines/sue/configuration.nix @@ -18,7 +18,6 @@ stylix.enable = true; wireguard.enable = true; compliance.enable = true; - sops-nix.usersWithSopsKeys = ["pim"]; }; diff --git a/machines/warwick/configuration.nix b/machines/warwick/configuration.nix index a8398a9..3e3052b 100644 --- a/machines/warwick/configuration.nix +++ b/machines/warwick/configuration.nix @@ -9,7 +9,6 @@ config = { pim = { tailscale.advertiseExitNode = true; - sops-nix.usersWithSopsKeys = ["root"]; prometheus.enable = true; }; diff --git a/nixos/default.nix b/nixos/default.nix index 5f8e89e..bce06e6 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -38,7 +38,7 @@ usersWithSopsKeys = lib.mkOption { type = lib.types.listOf lib.types.str; - default = []; + default = lib.optional (! config.deployment.allowLocalDeployment) "root"; }; }; };