Automatically set root user's sops key file

2024-12-01 17:06:43 +01:00 · 2024-12-01 17:06:43 +01:00 · d5978e4d47
commit d5978e4d47
parent a4b8cd941d
6 changed files with 3 additions and 16 deletions
--- a/machines/atlas/configuration.nix
+++ b/machines/atlas/configuration.nix
@ -1,11 +1,8 @@
 {config, ...}: {
  config = {
    facter.reportPath = ./facter.json;
-    # TODO: should set this automatically
    system.stateVersion = "23.05";
    users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
-    # TODO: set this as a default?
-    sops.age.keyFile = "/root/.config/sops/age/keys.txt";

    deployment = {
      targetHost = "atlas";
--- a/machines/jefke/configuration.nix
+++ b/machines/jefke/configuration.nix
@ -3,7 +3,6 @@
    facter.reportPath = ./facter.json;
    system.stateVersion = "23.05";
    users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
-    sops.age.keyFile = "/root/.config/sops/age/keys.txt";

    deployment = {
      targetHost = "jefke";
--- a/machines/lewis/configuration.nix
+++ b/machines/lewis/configuration.nix
@ -7,11 +7,7 @@
    facter.reportPath = ./facter.json;
    system.stateVersion = "23.05";
    users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
-
-    sops = {
-      age.keyFile = "/root/.config/sops/age/keys.txt";
-      defaultSopsFile = "${self}/secrets/lewis/nixos.yaml";
-    };
+    sops.defaultSopsFile = "${self}/secrets/lewis/nixos.yaml";

    deployment = {
      targetHost = "lewis";
--- a/machines/sue/configuration.nix
+++ b/machines/sue/configuration.nix
@ -37,11 +37,7 @@
    home-manager.users.pim.imports = [./pim.home.nix];
    nix.settings.trusted-users = ["pim"];
    system.stateVersion = "23.05";
-
-    sops = {
-      age.keyFile = "/root/.config/sops/age/keys.txt";
-      defaultSopsFile = "${self}/secrets/sue/nixos.yaml";
-    };
+    sops.defaultSopsFile = "${self}/secrets/sue/nixos.yaml";

    environment.systemPackages = with pkgs; [
      borgbackup
--- a/machines/warwick/configuration.nix
+++ b/machines/warwick/configuration.nix
@ -31,8 +31,6 @@
    boot.loader.systemd-boot.enable = lib.mkForce false;
    users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;

-    sops.age.keyFile = "/root/.config/sops/age/keys.txt";
-
    fileSystems."/" = {
      device = "/dev/disk/by-label/NIXOS_SD";
      fsType = "ext4";
--- a/nixos/default.nix
+++ b/nixos/default.nix
@ -46,6 +46,7 @@
  config = {
    time.timeZone = "Europe/Amsterdam";
    hardware.pulseaudio.enable = false;
+    sops.age.keyFile = "/root/.config/sops/age/keys.txt";

    i18n = {
      defaultLocale = "en_US.UTF-8";