Split sops keys into root and normal user

Deploy sops keys using Colmena
2024-11-17 22:31:57 +01:00 · 2024-11-17 22:31:57 +01:00 · 46a99bf13d
commit 46a99bf13d
parent 85b41d6722
6 changed files with 56 additions and 21 deletions
--- a/colmena.nix
+++ b/colmena.nix
@ -18,6 +18,22 @@ inputs @ {
      deployment = {
        allowLocalDeployment = true;
        targetHost = null;
+
+        keys = {
+          root-sops-age-key = {
+            keyCommand = ["sudo" "nix" "run" "nixpkgs#sops" "--" "--extract" "[\"sops_age_key\"]" "-d" "${self}/machines/sue/nixos.sops.yaml"];
+            name = "keys.txt";
+            destDir = "/root/.config/sops/age";
+          };
+
+          pim-sops-age-key = {
+            keyCommand = ["sudo" "nix" "run" "nixpkgs#sops" "--" "--extract" "[\"sops_age_key\"]" "-d" "${self}/machines/sue/home.sops.yaml"];
+            name = "keys.txt";
+            destDir = "/home/pim/.config/sops/age";
+            user = "pim";
+            group = "users";
+          };
+        };
      };

      imports = [