From d5978e4d47bbf60b0fcf4508ab1e31d4da932b39 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sun, 1 Dec 2024 17:06:43 +0100 Subject: [PATCH] Automatically set root user's sops key file --- machines/atlas/configuration.nix | 3 --- machines/jefke/configuration.nix | 1 - machines/lewis/configuration.nix | 6 +----- machines/sue/configuration.nix | 6 +----- machines/warwick/configuration.nix | 2 -- nixos/default.nix | 1 + 6 files changed, 3 insertions(+), 16 deletions(-) diff --git a/machines/atlas/configuration.nix b/machines/atlas/configuration.nix index e555007..dad5ae1 100644 --- a/machines/atlas/configuration.nix +++ b/machines/atlas/configuration.nix @@ -1,11 +1,8 @@ {config, ...}: { config = { facter.reportPath = ./facter.json; - # TODO: should set this automatically system.stateVersion = "23.05"; users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels; - # TODO: set this as a default? - sops.age.keyFile = "/root/.config/sops/age/keys.txt"; deployment = { targetHost = "atlas"; diff --git a/machines/jefke/configuration.nix b/machines/jefke/configuration.nix index da2b383..2c9d237 100644 --- a/machines/jefke/configuration.nix +++ b/machines/jefke/configuration.nix @@ -3,7 +3,6 @@ facter.reportPath = ./facter.json; system.stateVersion = "23.05"; users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels; - sops.age.keyFile = "/root/.config/sops/age/keys.txt"; deployment = { targetHost = "jefke"; diff --git a/machines/lewis/configuration.nix b/machines/lewis/configuration.nix index 566d0d1..f9d6e30 100644 --- a/machines/lewis/configuration.nix +++ b/machines/lewis/configuration.nix @@ -7,11 +7,7 @@ facter.reportPath = ./facter.json; system.stateVersion = "23.05"; users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels; - - sops = { - age.keyFile = "/root/.config/sops/age/keys.txt"; - defaultSopsFile = "${self}/secrets/lewis/nixos.yaml"; - }; + sops.defaultSopsFile = "${self}/secrets/lewis/nixos.yaml"; deployment = { targetHost = "lewis"; diff --git a/machines/sue/configuration.nix b/machines/sue/configuration.nix index 04abc7b..ad7e860 100644 --- a/machines/sue/configuration.nix +++ b/machines/sue/configuration.nix @@ -37,11 +37,7 @@ home-manager.users.pim.imports = [./pim.home.nix]; nix.settings.trusted-users = ["pim"]; system.stateVersion = "23.05"; - - sops = { - age.keyFile = "/root/.config/sops/age/keys.txt"; - defaultSopsFile = "${self}/secrets/sue/nixos.yaml"; - }; + sops.defaultSopsFile = "${self}/secrets/sue/nixos.yaml"; environment.systemPackages = with pkgs; [ borgbackup diff --git a/machines/warwick/configuration.nix b/machines/warwick/configuration.nix index 2575431..a8398a9 100644 --- a/machines/warwick/configuration.nix +++ b/machines/warwick/configuration.nix @@ -31,8 +31,6 @@ boot.loader.systemd-boot.enable = lib.mkForce false; users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels; - sops.age.keyFile = "/root/.config/sops/age/keys.txt"; - fileSystems."/" = { device = "/dev/disk/by-label/NIXOS_SD"; fsType = "ext4"; diff --git a/nixos/default.nix b/nixos/default.nix index 5ea4759..5f8e89e 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -46,6 +46,7 @@ config = { time.timeZone = "Europe/Amsterdam"; hardware.pulseaudio.enable = false; + sops.age.keyFile = "/root/.config/sops/age/keys.txt"; i18n = { defaultLocale = "en_US.UTF-8";