Automatically set root user's sops key file
This commit is contained in:
parent
a4b8cd941d
commit
d5978e4d47
6 changed files with 3 additions and 16 deletions
|
|
@ -1,11 +1,8 @@
|
||||||
{config, ...}: {
|
{config, ...}: {
|
||||||
config = {
|
config = {
|
||||||
facter.reportPath = ./facter.json;
|
facter.reportPath = ./facter.json;
|
||||||
# TODO: should set this automatically
|
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
|
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
|
||||||
# TODO: set this as a default?
|
|
||||||
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
|
|
||||||
|
|
||||||
deployment = {
|
deployment = {
|
||||||
targetHost = "atlas";
|
targetHost = "atlas";
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,6 @@
|
||||||
facter.reportPath = ./facter.json;
|
facter.reportPath = ./facter.json;
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
|
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
|
||||||
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
|
|
||||||
|
|
||||||
deployment = {
|
deployment = {
|
||||||
targetHost = "jefke";
|
targetHost = "jefke";
|
||||||
|
|
|
||||||
|
|
@ -7,11 +7,7 @@
|
||||||
facter.reportPath = ./facter.json;
|
facter.reportPath = ./facter.json;
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
|
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
|
||||||
|
sops.defaultSopsFile = "${self}/secrets/lewis/nixos.yaml";
|
||||||
sops = {
|
|
||||||
age.keyFile = "/root/.config/sops/age/keys.txt";
|
|
||||||
defaultSopsFile = "${self}/secrets/lewis/nixos.yaml";
|
|
||||||
};
|
|
||||||
|
|
||||||
deployment = {
|
deployment = {
|
||||||
targetHost = "lewis";
|
targetHost = "lewis";
|
||||||
|
|
|
||||||
|
|
@ -37,11 +37,7 @@
|
||||||
home-manager.users.pim.imports = [./pim.home.nix];
|
home-manager.users.pim.imports = [./pim.home.nix];
|
||||||
nix.settings.trusted-users = ["pim"];
|
nix.settings.trusted-users = ["pim"];
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
|
sops.defaultSopsFile = "${self}/secrets/sue/nixos.yaml";
|
||||||
sops = {
|
|
||||||
age.keyFile = "/root/.config/sops/age/keys.txt";
|
|
||||||
defaultSopsFile = "${self}/secrets/sue/nixos.yaml";
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
borgbackup
|
borgbackup
|
||||||
|
|
|
||||||
|
|
@ -31,8 +31,6 @@
|
||||||
boot.loader.systemd-boot.enable = lib.mkForce false;
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||||
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
|
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
|
||||||
|
|
||||||
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
|
|
||||||
|
|
||||||
fileSystems."/" = {
|
fileSystems."/" = {
|
||||||
device = "/dev/disk/by-label/NIXOS_SD";
|
device = "/dev/disk/by-label/NIXOS_SD";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
|
|
|
||||||
|
|
@ -46,6 +46,7 @@
|
||||||
config = {
|
config = {
|
||||||
time.timeZone = "Europe/Amsterdam";
|
time.timeZone = "Europe/Amsterdam";
|
||||||
hardware.pulseaudio.enable = false;
|
hardware.pulseaudio.enable = false;
|
||||||
|
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
|
||||||
|
|
||||||
i18n = {
|
i18n = {
|
||||||
defaultLocale = "en_US.UTF-8";
|
defaultLocale = "en_US.UTF-8";
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue