Deploy root's sops key by default

2024-12-01 17:15:01 +01:00 · 2024-12-01 17:15:01 +01:00 · 0ce79b62eb
commit 0ce79b62eb
parent d5978e4d47
7 changed files with 4 additions and 15 deletions
--- a/machines/atlas/configuration.nix
+++ b/machines/atlas/configuration.nix
@ -3,16 +3,12 @@
    facter.reportPath = ./facter.json;
    system.stateVersion = "23.05";
    users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
    pim.k3s.serverAddr = "https://jefke.dmz:6443";
    deployment = {
      targetHost = "atlas";
      targetUser = "root";
      tags = ["server" "kubernetes"];
    };
    pim = {
      sops-nix.usersWithSopsKeys = ["root"];
      k3s.serverAddr = "https://jefke.dmz:6443";
    };
  };
 }
--- a/machines/gamepc/configuration.nix
+++ b/machines/gamepc/configuration.nix
@ -6,7 +6,7 @@
  config = {
    pim = {
      cinnamon.enable = true;
-      sops-nix.usersWithSopsKeys = ["root" "pim"];
+      sops-nix.usersWithSopsKeys = ["pim"];
    };
    facter.reportPath = ./facter.json;
--- a/machines/jefke/configuration.nix
+++ b/machines/jefke/configuration.nix
@ -1,5 +1,6 @@
 {config, ...}: {
  config = {
    pim.k3s.clusterInit = true;
    facter.reportPath = ./facter.json;
    system.stateVersion = "23.05";
    users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
@ -9,10 +10,5 @@
      targetUser = "root";
      tags = ["server" "kubernetes"];
    };
    pim = {
      sops-nix.usersWithSopsKeys = ["root"];
      k3s.clusterInit = true;
    };
  };
 }
--- a/machines/lewis/configuration.nix
+++ b/machines/lewis/configuration.nix
@ -16,7 +16,6 @@
    };
    pim = {
      sops-nix.usersWithSopsKeys = ["root"];
      # TODO: this should be dynamically set using Colmena tags
      k3s.serverAddr = "https://jefke.dmz:6443";
      data-sharing.enable = true;
--- a/machines/sue/configuration.nix
+++ b/machines/sue/configuration.nix
@ -18,7 +18,6 @@
      stylix.enable = true;
      wireguard.enable = true;
      compliance.enable = true;
      sops-nix.usersWithSopsKeys = ["pim"];
    };
--- a/machines/warwick/configuration.nix
+++ b/machines/warwick/configuration.nix
@ -9,7 +9,6 @@
  config = {
    pim = {
      tailscale.advertiseExitNode = true;
      sops-nix.usersWithSopsKeys = ["root"];
      prometheus.enable = true;
    };
--- a/nixos/default.nix
+++ b/nixos/default.nix
@ -38,7 +38,7 @@
      usersWithSopsKeys = lib.mkOption {
        type = lib.types.listOf lib.types.str;
-        default = [];
+        default = lib.optional (! config.deployment.allowLocalDeployment) "root";
      };
    };
  };