pim/nixos-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Reorganize some sops stuff

Browse source
This commit is contained in:
Pim Kunis 2024-12-01 01:03:21 +01:00
parent a29d10e507
commit 6291f8d438
14 changed files with 152 additions and 195 deletions
Download patch file Download diff file Expand all files Collapse all files

53
nixos/default.nix
View file

@ -4,6 +4,7 @@
lib,
inputs,
self,
name,
...
}: {
imports = [
@ -25,9 +26,16 @@
];
options = {
pim.sopsKeys = lib.mkOption {
type = lib.types.attrsOf lib.types.path;
default = {};
pim.sops-nix = {
colmenaSopsFile = lib.mkOption {
type = lib.types.path;
default = "${self}/secrets/${name}/colmena.yaml";
};
usersWithSopsKeys = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
};
};
};
@ -53,24 +61,27 @@
};
};
# BUG: this uses root way too much.
deployment.keys =
lib.mapAttrs' (user: sopsFile: let
homeDirectory =
if user == "root"
then "/root"
else "/home/${user}";
in {
name = "${user}-sops-age-key";
value = {
keyCommand = ["nix" "run" "nixpkgs#sops" "--" "--extract" "[\"sops_age_key\"]" "-d" (builtins.toString sopsFile)];
name = "keys.txt";
destDir = "${homeDirectory}/.config/sops/age";
inherit user;
group = "users";
};
})
config.pim.sopsKeys;
deployment.keys = lib.pipe config.pim.sops-nix.usersWithSopsKeys [
(lib.map (
user: let
homeDirectory =
if user == "root"
then "/root"
else "/home/${user}";
sopsFile = config.pim.sops-nix.colmenaSopsFile;
in {
name = "${user}-sops-age";
value = {
keyCommand = ["nix" "run" "nixpkgs#sops" "--" "--extract" "[\"sops_nix_keys\"][\"${user}\"]" "-d" (builtins.toString sopsFile)];
name = "keys.txt";
destDir = "${homeDirectory}/.config/sops/age";
inherit user;
group = "users";
};
}
))
builtins.listToAttrs
];
systemd = {
services.NetworkManager-wait-online.enable = lib.mkForce false;